Introducing GKE Compliance: Maintain clusters and workloads against industry standards
Poonam Lamba
Product Manager, Google
Maintaining Kubernetes compliance is a moving target, thanks to the platform's dynamic, distributed nature and its short-lived workloads. Additionally, compliance standards are constantly evolving, and there's a significant lack of Kubernetes expertise.
Today, we’re excited to announce a game-changing feature for our Google Kubernetes Engine (GKE) Enterprise customers: built-In, fully managed GKE Compliance within GKE posture management. Now, achieving and maintaining compliance for your Kubernetes clusters is easier than ever before.
What's the big deal?
With GKE Compliance, you have a streamlined way to assess your GKE clusters and workloads against industry-standards, benchmarks and control frameworks, including:
CIS Benchmark for GKE: The gold standard for secure GKE configurations
Pod Security Standards (PSS), which offer both baseline and restricted profiles to protect your workloads
GKE Compliance is built into GKE and fully managed by Google, so you don't have to worry about buying or building extra tools. With no complex setup or ongoing maintenance required, you can focus on your business goals.
The GKE Compliance dashboard gives you centralized compliance reporting that is updated every 30 minutes, giving you a clear view of your compliance posture for your fleet of clusters.
The built-in dashboard gives centralized view of compliance across the fleet
The concerns tab shows an in-depth compliance report for the selected standard across the fleet, or for a selected cluster
You can drill deeper into compliance reports by clicking on individual constraints to:
-
View details about the compliance check
-
See the list of affected resources causing non-compliance
-
View the remediations to fix the violation
Manage compliance at scale
For organizations with multiple teams and clusters, the new compliance capabilities in GKE Enterprise really shine. You can now easily view compliance reports by fleet or by cluster, making it easy to understand compliance. And the beauty of the GKE Compliance feature is that it's entirely managed. There's no extra software to install or maintain on your clusters. You simply enable it, and we take care of the rest. Plus, it's included in your GKE Enterprise license at no additional cost!
To get started, log in to a GCP project with GKE Enterprise-enabled clusters and check out the Compliance tab in GKE Posture. If you’re new to GKE Enterprise, learn more about how to start a free trial.