Better Cluster Autoscaler, Gemma 2 and GUAC

The News

GKE

• Fully managed cAdvisor/Kubelet metrics: cAdvisor is an OSS agent that collects container-level performance metrics. With this feature, GKE fully manages cAdvisor and exports metrics from it and the Kubelet. These metrics can be used to control costs.
• Disable Kubelet Read-Only port: The Kubelet has a read-only port that, if not protected properly (with firewall rules, for example), can export some sensitive node information. This feature allows you to disable this port on both GKE Standard and Autopilot.
• Cluster Autoscaler faster, better, stronger: We made Cluster Autoscaler faster (up to 55% improvement) starting GKE 1.29. This article contains details and a benchmark for various type of workloads.

Google Cloud

• Gemma 2 is available in HF and Kaggle: The second generation of Google’s open LLM is available to download from HuggingFace and Kaggle. You can also use Ollama to run the models locally
• Gemini 1.5 Flash is GA: Gemini 1.5 Flash is an even more capable model compared to its predecessors.
• Understand Google Cloud Gitlab Integration: We announced a GitLab and Google Cloud Integration. Read this article to understand what that actually means.
• Committed use discounts with Cloud Volumes: NetAPP Cloud Volumes now support CUD.

The Editorial

GKE

• GKE Multi-Cluster Services (MCS): MCS is a GKE native feature that allows you to access services across clusters. In this article, Daniel discusses this feature and looks into the details of how it works.
• Combine Cloud Run and GKE: Learn how to take advantage of both GKE and Cloud Run using Kong API gateway.

Google Cloud

• Free SRE Courses: Learn what SRE is and have access to resources to study to be an SRE in this article
• Private Service Connect, the Why and How: Read this article to understand what Private Service Connect (PSC) is and how to use it.

Tools of the week

• https://github.com/chainguard-dev/terraform-google-prober: Deploy a custom prober logic to Google Cloud to probe Cloud Run.
• https://github.com/ssup2/kpexec: Run a highly privileged container on k8s to debug your pods.
• https://github.com/NetSPI/gcpwn: Pentesting framework for Google Cloud.

Video, audio, podcasts

• GUAC 101: GUAC stands for Graph for Understanding Artifact Composition. It’s a software supply chain observability tool for understanding how your software is built. In this webinar you can learn the basics.
• Kubernetes Podcast 229: In the last episode of the 10 years k8s special we spoke to Clayton, Dawn and Maciej about how AI/ML Impacted Kubernetes.
• Fleet Level Feature Management: Combining GKE Entreprise fleets with Feature Manager you can ensure GKE cluster that are enrolled into a fleet have some features enforced across. Watch this video where Mofi and Nick go into the details.
• Secure Ray on GKE: Ray is a very popular tool for running distributed workloads and it runs on Kubernetes also. In this video Mofi and his guest go into details on how to secure it.