Best practice rules for GCP Google Kubernetes Engine Service
Trend Micro Cloud One™ – Conformity monitors GCP Google Kubernetes Engine Service with the following rules:
- Enable Application-Layer Secrets Encryption for GKE Clusters
Ensure that encryption of Kubernetes secrets using Cloud KMS is enabled for GKE clusters.
- Enable Auto-Repair for GKE Cluster Nodes
Ensure that your Google Kubernetes Engine (GKE) clusters are using auto-repairing nodes.
- Enable Auto-Upgrade for GKE Cluster Nodes
Ensure that your Google Kubernetes Engine (GKE) clusters are using automatic upgrades for their nodes.
- Enable GKE Cluster Node Encryption with Customer-Managed Keys
Ensure that data at rest available on your GKE clusters is encrypted with Customer-Managed Keys.
- Enable Integrity Monitoring for GKE Cluster Nodes
Ensure that Integrity Monitoring is enabled for your Google Kubernetes Engine (GKE) cluster nodes.
- Enable Secure Boot for GKE Cluster Nodes
Ensure that Secure Boot feature is enabled for your Google Kubernetes Engine (GKE) cluster nodes.
- Restrict Network Access to GKE Clusters
Ensure that your Google Kubernetes Engine (GKE) clusters are not exposed to the Internet.
- Use Shielded GKE Cluster Nodes
Ensure that your GKE clusters nodes are shielded to protect against impersonation attacks.