A best practice for securely deploying Kubernetes applications is to enforce network policy. Google’s announcement today that network policy for Google Kubernetes Engine (GKE) using Calico network policy is now generally available (GA) is a huge step forward for Kubernetes security in the cloud.
Network policy is an important tool that provides micro-segmentation for Kubernetes-based applications. Networking policy underpins a “zero trust” networking model allowing only necessary actions and connections for a workload while blocking anything else.
If you want practical guidance on how to use Calico network policy, I suggest reading a blog series on securing host endpoints that Cody McCain, one of Tigera’s solution architects, put together (make certain to read parts one, two and three).
As the team behind Product Calico, we have worked long and hard with Google to deliver GKE support for network policy based on Calico. We are delighted that to have passed all the hurdles to get to general availability status, with the peace of mind that creates for the most demanding users who need proven, well tested and supported solutions.
For enterprises requiring secure application connectivity including hierarchical policy management for their network policy, you should check out Tigera CNX. CNX delivers zero trust security, operational simplicity along with enterprise control and compliance for Kubernetes environments including on-premises deployments and GKE.