Kubernetes Policies

How to Use this Page

This page lists the Google Cloud Kubernetes Policies that Bridgecrew helps you enforce. You can browse this page, or search for a specific policy ID or short title. For each policy, press the link for more details about a policy and its fix options.

Ensure Stackdriver logging on Kubernetes engine clusters is enabled
Policy ID: BC_GCP_KUBERNETES_1

Ensure ABAC authorization on Kubernetes engine clusters is disabled
Policy ID: BC_GCP_KUBERNETES_2

Ensure GCP Kubernetes engine clusters have stackdriver logging enabled
Policy ID: BC_GCP_KUBERNETES_3

Ensure GCP Kubernetes cluster node auto-repair configuration is enabled
Policy ID: BC_GCP_KUBERNETES_4

Ensure GCP Kubernetes cluster node auto-upgrade configuration is enabled
Policy ID: BC_GCP_KUBERNETES_5

Ensure private cluster is enabled when creating Kubernetes clusters
Policy ID: BC_GCP_KUBERNETES_6

Ensure GCP Kubernetes engine clusters have network policy enabled
Policy ID: BC_GCP_KUBERNETES_7

Ensure GCP Kubernetes engine clusters have client certificate enabled
Policy ID: BC_GCP_KUBERNETES_8

Ensure PodSecurityPolicy controller is enabled on Kubernetes engine clusters
Policy ID: BC_GCP_KUBERNETES_9

Ensure GKE control plane is not public
Policy ID: BC_GCP_KUBERNETES_10

Ensure GCP Kubernetes engine clusters have basic authentication disabled
Policy ID: BC_GCP_KUBERNETES_11

Ensure master authorized networks are enabled in GKE clusters
Policy ID: BC_GCP_KUBERNETES_12

Ensure GCP Kubernetes engine clusters have label information
Policy ID: BC_GCP_KUBERNETES_13

Ensure GCP Kubernetes engine clusters are using Container-Optimized OS for node image
Policy ID: BC_GCP_KUBERNETES_14

Ensure Kubernetes clusters are created with alias IP ranges enabled
Policy ID: BC_GCP_KUBERNETES_15

Ensure Kubernetes engine cluster nodes do not have default service account for project access
Policy ID: BC_GCP_KUBERNETES_16

Ensure secure boot for shielded GKE nodes is enabled
Policy ID: BC_GCP_KUBERNETES_17

Enable VPC flow logs and intranode visibility
Policy ID: BC_GCP_KUBERNETES_18

Ensure GCP Kubernetes Engine Clusters are configured with private nodes feature
Policy ID: BC_GCP_KUBERNETES_19

Ensure Kubernetes RBAC users are managed with Google Groups for GKE
Policy ID: BC_GCP_KUBERNETES_20

Ensure binary authorization is used
Policy ID: BC_GCP_KUBERNETES_21

Ensure GCP Kubernetes engine clusters have legacy compute engine metadata endpoints disabled
Policy ID: BC_GCP_KUBERNETES_22

Ensure the GKE metadata server is enabled
Policy ID: BC_GCP_KUBERNETES_23

Ensure shielded GKE nodes are enabled
Policy ID: BC_GCP_KUBERNETES_24

Ensure integrity monitoring for shielded GKE nodes is enabled
Policy ID: BC_GCP_KUBERNETES_25

Ensure the GKE Release Channel is set
Policy ID: BC_GCP_KUBERNETES_26