Our new name highlights IBM’s strategic investment in Kubernetes within our managed container service, running on IBM Cloud. Also, Kubernetes in our updated name reflects that IBM is a founder of CNCF Conformance Testing.
As one of the first fully managed and mature Kubernetes offerings in the cloud, IBM Cloud Kubernetes Service has been generally available since May 2017. You can learn more in our docs or landing page. In the meantime, you’ll still see some references to “IBM Cloud Container Service” in user interfaces, documentation, tutorials, patterns, and other collateral. We’ll be working to update those.
New name, same great capabilities
IBM Cloud Kubernetes Service deliversbuilt-in security, isolation, an intuitive user experience, and automated toolchains to enable rapid delivery of applications all while leveraging IBM Cloud Services including AI capabilities from Watson. IBM Cloud Kubernetes Service provides native Kubernetes capabilities such as intelligent scheduling, self-healing, horizontal scaling, service discovery & load balancing, automated rollouts and rollbacks, and secret and configuration management. Additionally, IBM is adding capabilities to the IBM Cloud Kubernetes Service including simplified cluster management, ability to design your own cluster, completely native Kubernetes CLI and API, and integrated operational tools or support to bring your own tools to ensure operational consistency with other deployments. Finally you can run your clusters and apps in the specific geographies that are important to you.
Secure to the core
Security is a critical component of IBM Cloud Kubernetes Service. One aspect of security is our cluster isolation. Every Kubernetes cluster is single-tenant and dedicated by default, and we even provide multiple options for worker node compute – shared or dedicated virtual machines and bare metal:
The shared model is a standard cloud IaaS, providing a single-tenant virtual machine on multi-tenant hypervisor and hardware, still without any over commitment of those physical resources.
The dedicated compute model is a single-tenant offering including VM, hypervisor, and hardware, providing additional isolation to your workloads.
Announced in March 2018, bare metal worker nodes are available to provide greater isolation and performance for your containerized workloads. Bare metal worker nodes provide support for Trusted Compute, which can verify your worker nodes against tampering.
All worker nodes run in your IBM Cloud account ensuring you have full control over the compute, storage, and networks.
Another aspect of security is handled by Vulnerability Advisor (VA). VA is integrated seamlessly into the IBM Cloud Kubernetes Service, providing not only static image vulnerability scanningbut also policy scanning based on ISO 27k, live container scanning, and package security scanning for known malware. The IBM Cloud Container Registry provides image signing, encryption at-rest and in-flight, and image deployment enforcement allowing you to define what can be deployed in your IBM Cloud Kubernetes Service clusters.
IBM Cloud Functions now allows you to create triggers based on Cloud Object Storage bucket changes. With the new package, you can create triggers and rules to fire actions when bucket objects are created, modified, or deleted.
IBM Cloud Service Endpoint allows customers to connect to IBM Cloud services through the internal IBM Cloud network. Moving these workloads from IBM’s public cloud network offers considerable advantages to the client.