Ensure integrity monitoring for shielded GKE nodes is enabled
Error: Integrity monitoring for shielded GKE nodes is not enabled
Bridgecrew Policy ID: BC_GCP_KUBERNETES_25
Checkov Check ID: CKV_GCP_72
Severity: MEDIUM
Integrity monitoring for shielded GKE nodes is not enabled
Description
Enable Integrity Monitoring for Shielded GKE Nodes to be notified of inconsistencies during the node boot sequence.
Integrity Monitoring provides active alerting for Shielded GKE nodes which allows administrators to respond to integrity failures and prevent compromised nodes from being deployed into the cluster.
Fix - Buildtime
Terraform
- Resource: google_container_cluster / google_container_node_pool
- Argument: node_config.shielded_instance_config.enable_integrity_monitoring
resource "google_container_cluster" "fail" {
name = var.name
location = var.location
initial_node_count = 1
project = data.google_project.project.name
node_config {
shielded_instance_config {
- enable_integrity_monitoring = false
}
}
Updated 12 months ago