Google Kubernetes Engine (GKE) clusters can be configured in different ways that make accessing the control plane, your Kubernetes master or API server, a non-trivial task. You will see that it's not only where the master is but also where you are. I will explore the different scenarios and configurations to help you decide your access model and troubleshoot your setup.

Scenarios

You need to use tools like kubectl to access the Kubernetes API and manage your cluster workloads, and how your GKE cluster is configured imposes access restrictions. First let's see the different places from where you may want to…

Despite the title, probably most of the audience will really know what a DMZ (demilitarized zone) is in networking security. In this article I’m going to analyze it a bit in detail. We will see how this concept translates to GCP (Google Cloud Platform) and for that we need to understand not only the design but the intent of a DMZ. My goal is to analyze DMZs and the broader concept of network segmentation.

DMZs

A DMZ is a network typically exposing public services like web, DNS or email functions, in a subnetwork separated from the internal network of a company…

Background

Google Cloud provides encryption and/or integrity of data in transit and at rest by default. We also employ other techniques like sandboxing to help protect our infrastructure and customer data. This virtualization security model allows us to offer a secure multi-tenant architecture where VMs can run isolated and protected from each other.

In this security model, the hypervisor is part of the Trusted Computing Base since it creates, manages and isolates these VMs. Hence, it is critical to the security of the system. If the hypervisor itself is compromised all the VMs can become vulnerable.

We put a lot of…

I was faced with a difficult question: in the case of a security incident, one customer desired a “big red button” to completely shut down Google Cloud Platform (GCP). But how to do that? Is there a right way to do it? Let’s see.

The problem

Imagine an attacker could hack our Cloud systems and exfiltrate sensitive data, or abuse the system to launch an attack. How do we keep control? Can we just shut down GCP? Would it stop the attack and contain the damage?

Organizations in regulated industries often feel they are obligated to demonstrate such a level of control…

Background

When you want to make a call to an API to e.g. create a GCS bucket, you use your Google Cloud Platform (GCP) account to be authorized. That account is your identity and it has the format of an email address, like username@yourdomain.com. If you have the proper role/permissions to do so, your call will succeed.

Service accounts are another kind of account used by applications, not humans, to make authorized API calls. Service accounts also use an email address to identify them, following a format like this: sa-name@project-id.iam.gserviceaccount.com.

Service accounts differ from user accounts in a few ways, and…