Kubernetes 1.31, GPU’s in Cloud Run and Secrets

The News

GKE

• Kubernetes 1.31 is available on GKE: You can now create a GKE cluster with Kubernetes 1.31 in the Rapid Channel. Check this link for all the new features in k8s 1.31.
• GKE support for Hyperdisk ML: You can attach a Hyperdisk ML volume to GKE Autopilot and Standard clusters. Hyperdisk ML are a new type of persistent disks optimized for fast read/write with caching.
• Addon-resizer is moved to the control plane: Starting GKE 1.30.3-gke.1451000 addon-resizer will run in the control plane instead of the worker nodes. Addon-resizer is a pod that monitors and resizes heapster, metrics-servers and kube-state-metrics as the cluster scales up and down.
• Secret Manager Add-On: GKE added an Add-on to Integrate with Google Secrets Manager. If you have been following me for a while you are probably aware of my article on all the ways you can consume Secrets in GKE. I will be updating that article soon.
• GKE OR Vertex AI for your AI Models: Not sure If you should host your models on GKE or VertexAI ? This atricle has some answers, considerations and how-to.
• Selecting GPUs for you AI workloads: Not sure which GPU to select for your AI Workloads? This article walks you through some options and considerations.
• Why Google Kubernetes Engine (GKE) Leads the Pack: An external unbiased piece comparing GKE to other Kubernetes Cloud offerings.
• AlloyDB Omni for K8s version 1.1.0: This new version of the operator let you configure a Load Balancer using annotations. AlloyDB Omni is a OSS operator that allow you to run Postgres on Kubernetes/GKE.

Google Cloud

• Cloud Run support GPUs: Unless you have been living under a rock you should be aware that Cloud Run launched support for GPU’s for AI Inference apps. There are some crazy guarantees in terms of availability and speed.
• GCS Fuse improve read performance: Enabled parallel download in GCS fuse to improve read performance. This is specially useful if you are downloading a large file with a single threaded process.
• Cloud Run Automatic base image update: Enable Automatic updates and Google will update the base image components for you without having to rebuild and redeploy your Cloud Run apps [Preview].
• asmcli is deprecated: For Cluster on GCP (Off-Google Cloud clusters like GDC/Anthos are not affected) asmcli is reprecated as a off August 22, 2024 and support will stop on Feb 2025. asmcli is command line tool to deploy and manage Service Mesh. It will be replaced by gcloud.
• Secret Managed delayed secrets destruction: To help avoid accidentally deleting secrets this feature allows you to add a delay in days. secrets are disabled instead and can be restored within the delay windows.
• Cloud Run Volumes Mount: You can now mount both a GCS bucket but also an NFS Volume to Cloud Run services.

The Editorial

GKE

• Gateway API using DNS authorization and certificate manager: This tutorial walks you through using GKE Gateway API with Certificate Manager and DNS Authorization.
• IP Exhaustion on GKE: If you have managed Kubernetes/GKE you should have experienced this at least once, running out of IP’s. Read this piece to understand what causes this and how to manage it.

Google Cloud

• Controlling Egress for Cloud Workstations with Secure Web Proxy: Cloud Workstations are managed IDE’s in Google Cloud. By default when they are a Public IP their traffic to the Internet is unrestricted. But Enterprise customers want control. This article shows how you can filter Egress traffic using the Secure Web Proxy.