Proactively Secure Google Cloud Workloads with Upwind’s GKE Autopilot Integration

Flowchart showing interconnected blue nodes with document icons linked by colored lines. Central node connected to a white rectangle with the text upwind + followed by a blue cube logo. Lines are colored blue, green, and orange.
Denise Ashur

By Denise Ashur

Feb 27, 2025

We are excited to announce that Upwind is now an official Google Kubernetes Engine (GKE) Autopilot partner, enabling users to seamlessly deploy Upwind and proactively secure Google Cloud workloads. Many GKE Autopilot users struggle with securing their workloads due to limited control over infrastructure and security configurations. Upwind’s integration ensures a seamless, built-in security solution without added complexity.

Google Kubernetes Engine (GKE) Autopilot clusters don’t usually allow workloads that require elevated privileges, except for Autopilot partner workloads. An extremely limited number of Google Cloud Partners are vetted and approved, allowing them to provide specially-privileged workloads for Autopilot clusters.

Google evaluates every partner workload in a rigorous review process. This ensures that each workload has only the minimum required permissions to function correctly. Additionally, workloads must demonstrate fine-grained control over the resources they access.

“GKE Autopilot provides the most complete, scalable, and fully automated managed Kubernetes experience. Autopilot offers seamless scaling, strong out-of-the-box security, and provides a hands-off Google-managed Kubernetes experience where you pay-for-pods and only for the resources your applications’ require.”


-Victor Szalvay I Product Manager, GKE, at Google Cloud

As an official Google Autopilot Partner, Upwind provides users with the capability to seamlessly deploy automated, real-time security for workloads running within the GKE Autopilot environment.

What is GKE Autopilot?

GKE Autopilot is a fully-managed offering for running Kubernetes workloads on Google Cloud, managing infrastructure in the background. This allows you to deploy and scale Kubernetes applications efficiently, while maintaining familiar development workflows, and without the need for extensive architectural changes. GKE Autopilot removes some of the customer responsibility for running Kubernetes workloads on Google Cloud, allowing users to focus efforts on deploying and managing applications rather than managing the underlying infrastructure and cluster operations.

GKE Autopilot simplifies Kubernetes management, but users often face challenges in balancing efficiency, cost, and security. Leveraging GKE Autopilot offers users several benefits including:

  • Simplified Operations: Autopilot eliminates the need for users to manage low-level Kubernetes infrastructure tasks such as node scaling, upgrades, and hardware management. For example, users no longer need to manually provision nodes or apply security patches, as Autopilot automatically handles these tasks, reducing operational complexity. With automatic updates, workload optimization, and minimal operational overhead, it allows teams to focus on developing applications rather than managing Kubernetes infrastructure.
  • Automatic Infrastructure Scaling: Autopilot automatically scales the underlying infrastructure based on application demands, ensuring that the cluster always meets the needs of running workloads without over-provisioning or under-provisioning.
  • Optimized Resource Usage: GKE Autopilot’s per-pod billing model ensures users only pay for the exact resources their workloads use, optimizing cost efficiency by eliminating over-provisioning. This approach allows teams to scale dynamically while maintaining budget control and maximizing infrastructure utilization.
  • Enhanced Security: GKE Autopilot clusters come with several built-in security features, such as automated security patching and integrated Identity and Access Management (IAM). These measures help mitigate risks like unpatched vulnerabilities and unauthorized access, ensuring a secure Kubernetes environment by default. The system helps ensure that the cluster infrastructure is secure by default, reducing the overhead required for manual configuration and maintenance of security policies. Google Cloud’s security updates are also automatically applied to the underlying nodes, reducing the potential attack surface.

Overall, GKE Autopilot reduces operational overhead, enhances security, and provides users with an easy-to-manage Kubernetes environment. However, securing workloads in a dynamic, managed Kubernetes environment still presents challenges, which is where Upwind’s integration comes in.

Upwind’s GKE Integration

Screenshot of a cloud management interface showcasing an inventory dashboard. It includes information on Kubernetes, clusters, and services. A sidebar on the right displays specific insights and metrics for a selected resource.

With this integration, Upwind helps GKE Autopilot users to bake-in security for their Kubernetes clusters, enabling teams to focus on application development while maintaining robust security controls.

“We are thrilled to be one of the few technology partners approved as an official GKE Autopilot partner and believe this highlights the powerful ‘better together’ story that Google Cloud and Upwind share. This partnership gives Google Autopilot users the ability to build and scale quickly with built-in comprehensive security from Upwind – allowing them to accelerate development while proactively mitigating the risks that matter.”

-Amiram Shachar, Co-Founder and CEO, Upwind

GKE Autopilot users can easily deploy Upwind on their GKE Autopilot clusters by following these steps:

  1. Onboard the Upwind platform.
  2. Deploy a Helm chart for Upwind.
  3. Toggle a specific flag during installation to include the allowlist resources.

This streamlined process ensures seamless security integration with minimal manual configuration.

By using Upwind’s integration for GKE Autopilot, users automatically gain:

  • Complete GKE inventory – discover the complete GKE inventory, including compute, storage, running images, and running packages – including package dependencies.
  • Monitoring of GKE resource communication – view real-time and over-time GKE topology map and network communication including in cluster, in account, communication with Google Cloud services, and from or to the internet.
  • Posture management – view misconfigurations, compliance, exposed secrets, malware, and external exposures.
  • Real-time threat detection and response for GKE – Detect threats in real time and respond to them at the process, network, file, or system-call level.
  • Vulnerability management for GKE – Discover all vulnerabilities in GKE and prioritize them based on real environmental variables.
  • API security for GKE – Discover and catalog all APIs for GKE resources, monitor API traffic and requests over time, and discover all your API vulnerabilities.
  • Secured Google Cloud identities – View and secure all Google Cloud identities

Leverage Upwind’s GKE integration to strengthen security for GKE Autopilot clusters with real-time threat detection and proactive defense measures, offering more comprehensive security than standard built-in protections. Upwind continuously monitors workloads, detects vulnerabilities, and prevents potential threats before they impact your environment. This allows your teams to accelerate deployment times with confidence. To learn more about Upwind’s GKE integration and Kubernetes security, visit the Upwind Documentation Center (login required) or schedule a demo.

Proactively Secure Google Cloud Workloads with Upwind’s GKE Autopilot Integration

Further Reading

Diagram showing data flow between components labeled onlineboutique, cert-manager, and monitoring with arrows. Icons represent sensitive data, critical vulnerabilities, and detections. A legend on the left categorizes these elements. Logo: upwind.
Product

Automatically Visualize Sensitive Data Flows in Upwind’s Topology Map

Joshua

By Joshua Burgin

Feb 26, 2025

We are excited to announce a powerful new functionality in the Upwind platform that enhances security and compliance by automatically visualizing sensitive data flow data in the Upwind Topology Map. This feature helps organizations quickly identify and mitigate risks by providing clear insights into how sensitive data moves across their cloud environment. How Upwind Classifies […]

Pattern of outlined buckets with center one in green, surrounded by lighter outlines. Upwind logo in top left corner.
Product

Easily Visualize S3 Bucket Communication on the Upwind Topology Map

Denise Ashur

By Denise Ashur

Feb 26, 2025

We are excited to announce a powerful new capability in the Upwind platform – enhancing security and operational efficiency by allowing you to easily visualize specific S3 buckets that resources are communicating with in the Upwind Topology Map.  Upwind previously provided the ability to discover the specific S3 buckets that your assets are communicating with, […]

Icon set with cloud symbols in red, blue, green, and yellow circles connected by lines in a curved layout. upwind is written in the top left corner.
Product

Visualize End-to-End Google Cloud Cross-Account Traffic with Upwind 

Denise Ashur

By Denise Ashur

Feb 20, 2025

We are excited to introduce a major enhancement to the Upwind platform – comprehensive end-to-end traffic visibility across accounts and clusters in Google Cloud. For organizations that build cloud infrastructure hosted in Google Cloud, viewing cross-account and cross-cluster traffic can be a major challenge. Upwind’s latest release solves this problem, offering end-to-end visibility of resource […]

Stay in touch

Product

CNAPP
Vulnerability Management
CSPM
Container Security
CWPP
CDR
API Security
Identity Security

General

About
Contact
Careers
Feed
Events
Case Studies
Get A Demo
Glossary

Social

Twitter
LinkedIn
Facebook

Resources

Documentation

Privacy Policy
Terms of Use

© 2025, Upwind Security