- Workload Identity simplified and rebranded: Workload Identity is my favorite feature in GKE. It allows you to configure access to Google API’s without the need for Service Account Keys. It supports both GKE on Google Cloud and other environments (AWS, Azure, OnPrem..). Now it’s even better. Workload Identity was renamed to Workload Identity Federation to have a consistent naming across all environments. And the steps to configure it are reduced from 6 to 3. So this is getting even better!
- GKE Autopilot burstable workloads: GKE Autopilot allows workloads to CPU and Memory burst beyond requested resources. This feature allows workloads to use more CPU and/or Memory for a short moment (example startup time for JVM Apps).
- GKE Autopilot reduces the minimum required resources: When you deploy pods to GKE autopilot you have to specify the requested CPU and Memory. for CPU before the mins was 250m CPU, this is reduced now to 50m CPU. You can also specify any value you want instead of incremental values as before (instead of 250, 500, 1250… you can now pick 32, 76 or 84 up to the max allowed).
- Understand DNS options for GKE: The support team published an article on DNS options for GKE with pros and cons of each. This is a great article but if you are looking for more details including Open Source options the article I wrote 2 years ago is still up to date.
- GKE autopilot support Elastic Cloud: You can now take advantage of a managed solution like ECK (Elastic Cloud) on GKE autopilot.
- GKE Compliance dashboard updates: If you are using GKE Enterprise. The Compliance dashboard now can show evaluation for the CIS benchmark v1.5.0, Pod Security Standards Baseline and Pod Security Standards Restricted.
- GKE threat detection Preview: If you are using GKE Enterprise. This Preview feature is part of the GKE Security Posture Dashboard. You will be able to see detected threats following the MITRE ATT&CK® tactics.