With the introduction of Anthos, Google has moved toward helping provide a consistent experience between their cloud and on-premise infrastructure.

GKE On-Prem is part of that offering, taking the best of Google’s cloud-based Kubernetes engine and bringing it to an on premise environment. This lets you run containerized workloads in an environment that is within your datacenter on a platform that is validated and kept up to date by Google. GKE On-Prem helps to remove the intricacies that may exist when running a Kubernetes cluster on-prem and also allows for easier management since policies can be enforced across all user clusters, whether on-prem or in the cloud.

Technical Deep Dive

GKE On-Prem is configured through a local, on-premise VMware vSphere environment, alongside an F5 Big-IP load balancer. As services are deployed to your Kubernetes environment, they will automatically configure within the F5 as well in order to provide access to the services. Installing Twistlock in GKE On-Prem is identical to deployment into any other Kubernetes platform and we’re able to offer the same protections here. Once Twistlock has been deployed within your environment, you will have full visibility into these services through multiple avenues.




The Console is then accessible via the load balanced IP and you are able to utilize all Twistlock security and functionality you would normally see, even giving visibility into the namespaces being utilized by the GKE On-Prem solution. Twistlock is also able to protect all GKE resources, regardless of on-prem or in the cloud, within a single Console.


GKE On-Prem fills the gap between cloud and on-prem Kubernetes workloads, making it an enticing look for enterprises either starting their cloud native journey or with an on-premise business need. At Twistlock, we strive to be able to protect your workloads wherever they may run and this is no exception. Since this is built on Kubernetes, we are able to offer support right out of the box to keep your on-premise workloads secure, just as we do for cloud.

Twistlock thanks LSU’s Stephenson National Center for Security Research & Training for loaning us the server hardware and LSU’s Innovation Park for the lab space for testing the on-premises parts of this solution.

← Back to All Posts Next Post →