Ensure GCP Kubernetes engine clusters have label information

Error: GCP Kubernetes engine clusters do not have any label information

Bridgecrew Policy ID: BC_GCP_KUBERNETES_13
Checkov Check ID: CKV_GCP_21
Severity: LOW

Labels are key, value pairs that are attached to objects intended to be used to specify identifying attributes of objects that are meaningful and relevant to users, but do not directly imply semantics to the core system.

Labels can be used to organize and select subsets of objects. Labels can be attached to objects at creation time and subsequently added and modified at any time. Each object can have a set of key/value labels defined. Each Key must be unique for a given object. Labels enable users to map their own organizational structures onto system objects in a loosely coupled fashion, without requiring clients to store these mappings.

We recommend you configure Kubernetes clusters with labels.

Fix - Buildtime


resource "google_container_cluster" "primary" {
  name               = "marcellus-wallace"
  location           = "us-central1-a"
  initial_node_count = 3
  master_auth {
    client_certificate_config {
      issue_client_certificate = false
  node_config {
    # Google recommends custom service accounts that have cloud-platform scope and permissions granted via IAM Roles.
    service_account = google_service_account.default.email
    oauth_scopes = [
    labels = {
      foo = "bar"
    tags = ["foo", "bar"]
  timeouts {
    create = "30m"
    update = "40m"