Best practice rules for GCP Google Kubernetes Engine Service
- Access Secrets Stored Outside GKE Clusters
Ensure that Google Kubernetes Engine (GKE) clusters can access Secret Manager secrets.
- Detect GCP GKE Configuration Changes
GKE configuration changes have been detected within your Google Cloud Platform (GCP) account.
- Enable Auto-Repair for GKE Cluster Nodes
Ensure that your Google Kubernetes Engine (GKE) clusters are using auto-repairing nodes.
- Enable Auto-Upgrade for GKE Cluster Nodes
Ensure that your Google Kubernetes Engine (GKE) cluster nodes are using automatic upgrades.
- Enable Encryption for Application-Layer Secrets for GKE Clusters
Ensure that encryption of Kubernetes secrets using Customer-Managed Keys is enabled for GKE clusters.
- Enable GKE Cluster Node Encryption with Customer-Managed Keys
Ensure that boot disk encryption with Customer-Managed Keys is enabled for GKE cluster nodes.
- Enable Integrity Monitoring for Cluster Nodes
Ensure that Integrity Monitoring is enabled for your Google Kubernetes Engine (GKE) cluster nodes.
- Enable Secure Boot for Cluster Nodes
Ensure that Secure Boot is enabled for your Google Kubernetes Engine (GKE) cluster nodes.
- Restrict Network Access to GKE Clusters
Ensure that your Google Kubernetes Engine (GKE) clusters are not exposed to the Internet.
- Use Shielded GKE Cluster Nodes
Ensure that your GKE clusters nodes are shielded to protect against impersonation attacks.