TL, DR: Yanzu zaku iya kunna Kubernetes daga Google.
Google a yau (08.09.2020/XNUMX/XNUMX, kusan mai fassara) a wajen taron ya sanar da fadada layin samfurin sa tare da ƙaddamar da sabon sabis.
Sirri GKE nodes suna ƙara ƙarin keɓantawa zuwa nauyin aikin da ke gudana akan Kubernetes. A watan Yuli, an ƙaddamar da samfurin farko da ake kira , kuma a yau waɗannan injunan kama-da-wane sun riga sun kasance a bainar jama'a ga kowa.
Kwamfuta na Sirri sabon samfuri ne wanda ya ƙunshi adana bayanai a cikin rufaffen tsari yayin da ake sarrafa su. Wannan ita ce hanyar haɗi ta ƙarshe a cikin sarkar ɓoyayyen bayanai, tun da masu samar da sabis na girgije sun riga sun ɓoye bayanai ciki da waje. Har zuwa kwanan nan, ya zama dole a cire bayanan kamar yadda ake sarrafa su, kuma masana da yawa suna ganin wannan a matsayin rami mai haske a fagen ɓoye bayanan.
Ƙaddamar da Ƙirƙirar Ƙididdigar Sirri na Google ya dogara ne akan haɗin gwiwa tare da Confidential Computing Consortium, ƙungiyar masana'antu don inganta manufar Amintattun Muhalli na Kisa (TEEs). TEE wani sashe ne mai tsaro na processor wanda aka ɗora bayanan da aka ɗora a cikinsa da code ɗin, wanda ke nufin cewa ba za a iya samun wannan bayanin ta wasu sassan na'ura mai sarrafa guda ɗaya ba.
Sirri na VMs na Google yana aiki akan injinan kama-da-wane na N2D da ke aiki akan na'urori na AMD na ƙarni na biyu na EPYC, waɗanda ke amfani da fasaha ta Secure Encrypted Virtualization don ware injunan kama-da-wane daga hypervisor ɗin da suke gudana. Akwai tabbacin cewa bayanan sun ci gaba da ɓoye ba tare da la'akari da amfani da su ba: nauyin aiki, nazari, buƙatun ƙirar horarwa don basirar wucin gadi. An ƙera waɗannan injunan kama-da-wane don biyan buƙatun kowane kamfani da ke sarrafa mahimman bayanai a wuraren da aka tsara kamar masana'antar banki.
Wataƙila mafi mahimmanci shine sanarwar gwajin beta mai zuwa na nodes na GKE na Sirri, wanda Google ya ce za a gabatar da shi a cikin sakin 1.18 mai zuwa. (GKE). GKE shine yanayin sarrafawa, shirye-shiryen samarwa don gudanar da kwantena waɗanda ke ɗaukar sassan aikace-aikacen zamani waɗanda za'a iya gudana a cikin mahallin kwamfuta da yawa. Kubernetes kayan aikin kaɗe-kaɗe ne na buɗe tushen da ake amfani da su don sarrafa waɗannan kwantena.
Ƙara Sirri GKE nodes yana ba da babban sirri yayin gudanar da gungu na GKE. Lokacin ƙara sabon samfur zuwa layin Lissafin Sirri, muna son samar da sabon matakin
keɓantawa da ɗaukar nauyi don kayan aikin kwantena. Google's Confidential GKE nodes an gina su akan fasaha iri ɗaya da VMs na Sirri, yana ba ku damar rufaffen bayanai a cikin ƙwaƙwalwar ajiya ta amfani da maɓallin ɓoye takamaiman kumburi wanda na'urar sarrafa AMD EPYC ke sarrafawa kuma. Waɗannan nodes ɗin za su yi amfani da ɓoyayyen RAM na tushen kayan masarufi dangane da fasalin AMD's SEV, wanda ke nufin za a ɓoye kayan aikin ku da ke gudana akan waɗannan nodes yayin da suke gudana.
Sunil Potti da Eyal Manor, Injiniyoyi Cloud, Google
A kan nodes na GKE na Sirri, abokan ciniki na iya saita gungu na GKE domin wuraren tafki suna gudana akan VMs na Sirri. A taƙaice, duk wani nauyin aiki da ke gudana akan waɗannan nodes ɗin za a ɓoye shi yayin da ake sarrafa bayanai.
Kamfanoni da yawa suna buƙatar ƙarin sirri yayin amfani da sabis na girgije na jama'a fiye da yadda suke yi don ayyukan kan-gidan da ke gudana akan wuraren don kariya daga maharan. Fadada Google Cloud na layinsa na Sirri ya ɗaga wannan mashaya ta hanyar samarwa masu amfani damar ba da sirri ga gungu na GKE. Kuma da aka ba da shahararsa, Kubernetes babban ci gaba ne ga masana'antar, yana ba kamfanoni ƙarin zaɓuɓɓuka don amintaccen karɓar aikace-aikacen ƙarni na gaba a cikin girgijen jama'a.
Holger Mueller, Manazarci a Binciken Constellation.
NB Kamfaninmu yana ƙaddamar da sabunta kwas mai zurfi akan Satumba 28-30 ga waɗanda har yanzu ba su san Kubernetes ba, amma suna so su saba da shi kuma su fara aiki. Kuma bayan wannan taron a ranar 14-16 ga Oktoba, muna ƙaddamar da sabuntawa don ƙwararrun masu amfani da Kubernetes waɗanda yana da mahimmanci don sanin duk sabbin hanyoyin da ake amfani da su a cikin aiki tare da sabbin nau'ikan Kubernetes da yuwuwar "rake". Kunna Za mu yi nazari a cikin ka'idar kuma a aikace-aikace masu rikitarwa na shigarwa da daidaitawa tari mai shirye-shiryen samarwa ("hanya-ba-sauki-hanyar"), hanyoyin tabbatar da tsaro da rashin haƙuri na aikace-aikace.
Daga cikin wasu abubuwa, Google ya ce VMs na Sirri zai sami wasu sabbin abubuwa yayin da suke samun gabaɗaya daga yau. Misali, rahoton duba ya bayyana dauke da cikakkun bayanan rajistan ayyukan tabbatar da amincin AMD Secure Processor firmware da aka yi amfani da shi don samar da maɓalli ga kowane misali na VMs na Sirri.
Hakanan akwai ƙarin sarrafawa don saita takamaiman haƙƙin shiga, kuma Google ya ƙara da ikon kashe duk wani injin kama-da-wane da ba a tantance shi ba akan wani aikin da aka bayar. Google kuma yana haɗa VMs na Sirri tare da wasu hanyoyin sirri don samar da tsaro.
Kuna iya amfani da haɗin haɗin VPCs da aka raba tare da ka'idodin Tacewar zaɓi da ƙuntatawa manufofin ƙungiya don tabbatar da cewa VM na Sirri na iya sadarwa tare da wasu VMs na Sirri, koda kuwa suna gudana akan ayyuka daban-daban. Bugu da ƙari, zaku iya amfani da Gudanarwar Sabis na VPC don saita iyakar albarkatun GCP don VM ɗinku na Sirri.
Sunil Potti da Eyal Manor
source: www.habr.com