Loading controls...
Benchmark: Kubernetes
Description
This benchmark provides a set of controls that detect Terraform GCP Kubernetes Engine(GKE) resources deviating from security best practices.
Usage
Browse dashboards and select Kubernetes:
steampipe dashboardOr run the benchmarks in your terminal:
steampipe check terraform_gcp_compliance.benchmark.kubernetesSnapshot and share results via Steampipe Cloud:
steampipe loginsteampipe check --share terraform_gcp_compliance.benchmark.kubernetesControls
- Ensure automatic node repair is enabled on all node pools in a GKE cluster
- Ensure Automatic node upgrades is enabled on Kubernetes Engine Clusters nodes
- Ensure Legacy Authorization is set to Disabled on Kubernetes Engine Clusters
- Check that legacy metadata endpoints are disabled on Kubernetes clusters(disabled by default since GKE 1.12+)
- Check that GKE clusters have a Network Policy installed
- Ensure Container-Optimized OS (cos) is used for Kubernetes engine clusters
- Verify all GKE clusters are Private Clusters