PlatformResourcesSign inSign Up

Kubernetes Policies

Suggest Edits

How to Use this Page

This page lists the Google Cloud Kubernetes Policies that Bridgecrew helps you enforce. You can browse this page, or search for a specific policy ID or short title. For each policy, press the link for more details about a policy and its fix options.

Ensure Stackdriver logging on Kubernetes engine clusters is enabled
Policy ID: BC_GCP_KUBERNETES_1

Ensure ABAC authorization on Kubernetes engine clusters is disabled
Policy ID: BC_GCP_KUBERNETES_2

Ensure GCP Kubernetes engine clusters have stackdriver logging enabled
Policy ID: BC_GCP_KUBERNETES_3

Ensure GCP Kubernetes cluster node auto-repair configuration is enabled
Policy ID: BC_GCP_KUBERNETES_4

Ensure GCP Kubernetes cluster node auto-upgrade configuration is enabled
Policy ID: BC_GCP_KUBERNETES_5

Ensure private cluster is enabled when creating Kubernetes clusters
Policy ID: BC_GCP_KUBERNETES_6

Ensure GCP Kubernetes engine clusters have network policy enabled
Policy ID: BC_GCP_KUBERNETES_7

Ensure GCP Kubernetes engine clusters have client certificate enabled
Policy ID: BC_GCP_KUBERNETES_8

Ensure PodSecurityPolicy controller is enabled on Kubernetes engine clusters
Policy ID: BC_GCP_KUBERNETES_9

Ensure GKE control plane is not public
Policy ID: BC_GCP_KUBERNETES_10

Ensure GCP Kubernetes engine clusters have basic authentication disabled
Policy ID: BC_GCP_KUBERNETES_11

Ensure master authorized networks are enabled in GKE clusters
Policy ID: BC_GCP_KUBERNETES_12

Ensure GCP Kubernetes engine clusters have label information
Policy ID: BC_GCP_KUBERNETES_13

Ensure GCP Kubernetes engine clusters are using Container-Optimized OS for node image
Policy ID: BC_GCP_KUBERNETES_14

Ensure Kubernetes clusters are created with alias IP ranges enabled
Policy ID: BC_GCP_KUBERNETES_15

Ensure Kubernetes engine cluster nodes do not have default service account for project access
Policy ID: BC_GCP_KUBERNETES_16

Ensure secure boot for shielded GKE nodes is enabled
Policy ID: BC_GCP_KUBERNETES_17

Enable VPC flow logs and intranode visibility
Policy ID: BC_GCP_KUBERNETES_18

Ensure GCP Kubernetes Engine Clusters are configured with private nodes feature
Policy ID: BC_GCP_KUBERNETES_19

Ensure Kubernetes RBAC users are managed with Google Groups for GKE
Policy ID: BC_GCP_KUBERNETES_20

Ensure binary authorization is used
Policy ID: BC_GCP_KUBERNETES_21

Ensure GCP Kubernetes engine clusters have legacy compute engine metadata endpoints disabled
Policy ID: BC_GCP_KUBERNETES_22

Ensure the GKE metadata server is enabled
Policy ID: BC_GCP_KUBERNETES_23

Ensure shielded GKE nodes are enabled
Policy ID: BC_GCP_KUBERNETES_24

Ensure integrity monitoring for shielded GKE nodes is enabled
Policy ID: BC_GCP_KUBERNETES_25

Ensure the GKE Release Channel is set
Policy ID: BC_GCP_KUBERNETES_26

Updated about 2 years ago