Skip to content

Latest commit

 

History

History
51 lines (32 loc) · 2.61 KB

README.md

File metadata and controls

51 lines (32 loc) · 2.61 KB

Google Kubernetes Engine Service

This app module is used to create a long-running service such as an API, Web App, or Background Worker.

When to use

GKE Service is a great choice for APIs, Web Apps, or Background Workers and you do not want to manage a Kubernetes cluster.

Security & Compliance

Security scanning is graciously provided by Bridgecrew. Bridgecrew is the leading fully hosted, cloud-native solution providing continuous Terraform security and compliance.

Infrastructure Security CIS AWS V1.3 PCI-DSS V3.2 NIST-800-53 ISO27001 SOC2 HIPAA

Platform

This module uses GCP GKE, which is a technology that allows you to run Kubernetes container applications without managing servers.

Network Access

When the service is provisioned, it is placed into private subnets on the connected network. As a result, the Fargate Service can route to services on the private network and is accessible on the private network.

Public Access

To enable public access to the service, add an Ingress capability.

In most cases, a Load Balancer capability is the best choice for exposing as it enables rollout deployments with no downtime. Additionally, a Load Balancer allows you to split traffic between more than 1 task based on load.

Logs

Logs are automatically emitted to AWS Cloudwatch Log Group: /<task-name>. To access through the Nullstone CLI, use nullstone logs CLI command. (See logs for more information)

Secrets

Nullstone automatically injects secrets into your GKE Service through environment variables. (They are stored in GCP Secrets Manager and injected by Kubernetes during launch.)

File system

The root file system is configured to be read-only to prevent an attacker from making permanent local changes and prevents binaries from being written to the local filesystem. To create a persistent file system, add a Datastore to attach volumes or object storage.