Confidential GKE Nodes
Google this year launched the general availability of Confidential GKE Nodes which leverage hardware to make sure data is encrypted in memory.
To help increase security of GKE clusters, Google launched the Confidential GKE Nodes that enables encryption in-use for data processed inside a GKE cluster, without significant performance degradation.
Confidential GKE Nodes are built on the same technology foundation as Confidential VM and utilize AMD Secure Encrypted Virtualization. This feature allows customers to keep data encrypted in memory with node-specific, dedicated keys that are generated and managed by the processor.
Confidential GKE Nodes also leverage Shielded GKE nodes to offer additional protection against rootkit and bootkits, helping to ensure the integrity of the operating system running on the Confidential GKE Nodes
The Confidential GKE Nodes can be enabled as a cluster-level security setting or a node pool-level security setting. When enabled at the cluster level, the solution enforces the use of Confidential VMs on all worker nodes.