Ensure GCP Kubernetes engine clusters have network policy enabled

Error: GCP Kubernetes engine clusters have network policy disabled

Bridgecrew Policy ID: BC_GCP_KUBERNETES_7
Checkov Check ID: CKV_GCP_12
Severity: MEDIUM

GCP Kubernetes engine clusters have network policy disabled

Description

Defining a network policy helps ensure that a compromised front-end service in your application cannot communicate directly with an external interface, for example, a billing or an accounting service several levels down. Network policy rules can ensure that Pods and Services in a given namespace cannot access other Pods or Services in a different namespace.

We recommend you enable Network Policy on kubernetes engine clusters to determine which Pods and Services can access one another inside your cluster. This ensures only the required services are communicating and no explicitly indicated traffic is able to reach private clusters.

Fix - Buildtime

Terraform

resource "google_container_cluster" "pass" {
  name = "google_cluster"
  network_policy {
    enabled = true
  }
}