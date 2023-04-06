



No deep Kubernetes cluster management expertise required: We’ve also made it easy for less experienced teams to work with Autopilot. Autopilot clusters are provisioned with good default configurations suitable for most production use cases. This greatly shortens the learning curve for Kubernetes and enables customers new to Kubernetes to adopt with confidence. Autopilot customers can deploy containerized applications 2.6x faster than competing platforms1.

Reduce overhead for day 2 operations: manage Kubernetes node pools and nodes. Node provisioning, scaling, maintenance, and security are all handled by Google SRE. The node is still within the scope of the project and we don’t have to worry about managing it.

Always-on reliability

Workload SLAs backed by Google SRE: In addition to the great SLAs offered by GKE Standard mode, Autopilot mode offers pod (workload) level SLAs backed by Google SRE. Google monitors the entire Autopilot cluster control plane, worker nodes, and core Kubernetes system components to ensure your pods are always scheduled.

Automatic provisioning and scaling: By optimizing your workload, Autopilot automatically provisions the right resources your workload needs, so you don’t need to know the size and shape of your nodes. Autopilot then uses his familiar Kubernetes tools like HPA and VPA to scale the workload to meet demand.

Flexible maintenance options: Flexible use of maintenance windows and exclusions. Combined with a pod’s disruption budget, you can effectively control when and how node maintenance occurs to avoid inappropriate disruptions.

This results in better workload uptime and better results. And importantly, we’re seeing better Autopilot cluster and node health across the fleet.

Improve your security posture

Let’s face it, Kubernetes security is a tough one. Platform teams often spend a lot of time creating secure environments that developers can use. Autopilot puts a security-focused version of her Kubernetes out-of-the-box, with the right security settings enabled by default. This reduces the potential attack surface and minimizes the impact of CVEs and configuration errors.

Enhanced default cluster configuration: Autopilot works out-of-the-box with strong security best practices. This includes many of Google’s recommended practices for hardening cluster security.

Privileged access by workloads or users is not allowed while the node is visible. There are few legitimate use cases for root access to nodes and privileged containers on Kubernetes. Autopilot enforces this from the start while providing exceptions for her workloads to allow-listed partners.

Shielded Nodes: Turned on by default in GKE Autopilot, Shielded Nodes provide strong, verifiable node identities and integrity to enhance the security of your GKE nodes.

Workload Identity: Autopilot provides Workload Identity out-of-the-box. This is the recommended way for workloads running on GKE to access Google Cloud services in a secure and manageable manner.

Single Tenant: To meet governance requirements, Autopilot-provisioned nodes remain within the scope of the project, providing more flexibility than a multi-tenant architecture while ensuring compliance with governance restrictions.

Lowest TCO for Kubernetes

With traditional managed Kubernetes, you pay for all provisioned infrastructure regardless of utilization. Most customers over-provision their clusters for scaling and do not bin-pack nodes efficiently. All this is paying for infrastructure you aren’t using.

With Autopilot, you only pay for what you use (Pod pricing). Billing is based on resource requests made in podSpecs, with no additional infrastructure costs. This completely eliminates the risk of inefficient bottling.

