Ensure private cluster is enabled when creating Kubernetes clusters

Error: Private cluster is disabled when creating Kubernetes clusters

Bridgecrew Policy ID: BC_GCP_KUBERNETES_6
Checkov Check ID: CKV_GCP_25
Severity: MEDIUM

Private cluster is disabled when creating Kubernetes clusters

Description

Private clusters enable isolation of nodes from any inbound and outbound connectivity to the public internet. This is achieved as the nodes have internal RFC 1918 IP addresses only. In private clusters, the cluster master has private and public endpoints. You can configure which endpoint should be enabled or disabled to control access to the public internet.

We recommend you enable private cluster when creating Kubernetes clusters. By creating a private cluster, the nodes will have a reserved set of IP addresses, ensuring their workloads are isolated from the public internet.

Fix - Buildtime

Terraform

Add Block: private_cluster_config with attribute enable_private_nodes set to true.

resource "google_container_cluster" "cluster" {
...
+ private_cluster_config {
+   enable_private_nodes=true
+ }
...
}