Best practice rules for GCP Google Kubernetes Engine Service
Trend Micro Cloud One™ – Conformity monitors GCP Google Kubernetes Engine Service with the following rules:
- Detect GCP GKE Configuration Changes
GKE configuration changes have been detected within your Google Cloud Platform (GCP) account.
- Enable Auto-Repair for GKE Cluster Nodes
Ensure that your Google Kubernetes Engine (GKE) clusters are using auto-repairing nodes.
- Enable Auto-Upgrade for GKE Cluster Nodes
Ensure that your Google Kubernetes Engine (GKE) cluster nodes are using automatic upgrades.
- Enable Encryption for Application-Layer Secrets for GKE Clusters
Ensure that encryption of Kubernetes secrets using Customer-Managed Keys is enabled for GKE clusters.
- Enable GKE Cluster Node Encryption with Customer-Managed Keys
Ensure that boot disk encryption with Customer-Managed Keys is enabled for GKE cluster nodes.
- Enable Integrity Monitoring for Cluster Nodes
Ensure that Integrity Monitoring is enabled for your Google Kubernetes Engine (GKE) cluster nodes.
- Enable Secure Boot for Cluster Nodes
Ensure that Secure Boot is enabled for your Google Kubernetes Engine (GKE) cluster nodes.
- Restrict Network Access to GKE Clusters
Ensure that your Google Kubernetes Engine (GKE) clusters are not exposed to the Internet.
- Use Shielded GKE Cluster Nodes
Ensure that your GKE clusters nodes are shielded to protect against impersonation attacks.