Kubernetes Policies
How to Use this Page
This page lists the Google Cloud Kubernetes Policies that Bridgecrew helps you enforce. You can browse this page, or search for a specific policy ID or short title. For each policy, press the link for more details about a policy and its fix options.
Ensure Stackdriver logging on Kubernetes engine clusters is enabled
Policy ID: BC_GCP_KUBERNETES_1
Ensure ABAC authorization on Kubernetes engine clusters is disabled
Policy ID: BC_GCP_KUBERNETES_2
Ensure GCP Kubernetes engine clusters have stackdriver logging enabled
Policy ID: BC_GCP_KUBERNETES_3
Ensure GCP Kubernetes cluster node auto-repair configuration is enabled
Policy ID: BC_GCP_KUBERNETES_4
Ensure GCP Kubernetes cluster node auto-upgrade configuration is enabled
Policy ID: BC_GCP_KUBERNETES_5
Ensure private cluster is enabled when creating Kubernetes clusters
Policy ID: BC_GCP_KUBERNETES_6
Ensure GCP Kubernetes engine clusters have network policy enabled
Policy ID: BC_GCP_KUBERNETES_7
Ensure GCP Kubernetes engine clusters have client certificate enabled
Policy ID: BC_GCP_KUBERNETES_8
Ensure PodSecurityPolicy controller is enabled on Kubernetes engine clusters
Policy ID: BC_GCP_KUBERNETES_9
Ensure GKE control plane is not public
Policy ID: BC_GCP_KUBERNETES_10
Ensure GCP Kubernetes engine clusters have basic authentication disabled
Policy ID: BC_GCP_KUBERNETES_11
Ensure master authorized networks are enabled in GKE clusters
Policy ID: BC_GCP_KUBERNETES_12
Ensure GCP Kubernetes engine clusters have label information
Policy ID: BC_GCP_KUBERNETES_13
Ensure GCP Kubernetes engine clusters are using Container-Optimized OS for node image
Policy ID: BC_GCP_KUBERNETES_14
Ensure Kubernetes clusters are created with alias IP ranges enabled
Policy ID: BC_GCP_KUBERNETES_15
Ensure Kubernetes engine cluster nodes do not have default service account for project access
Policy ID: BC_GCP_KUBERNETES_16
Ensure secure boot for shielded GKE nodes is enabled
Policy ID: BC_GCP_KUBERNETES_17
Enable VPC flow logs and intranode visibility
Policy ID: BC_GCP_KUBERNETES_18
Ensure GCP Kubernetes Engine Clusters are configured with private nodes feature
Policy ID: BC_GCP_KUBERNETES_19
Ensure Kubernetes RBAC users are managed with Google Groups for GKE
Policy ID: BC_GCP_KUBERNETES_20
Ensure binary authorization is used
Policy ID: BC_GCP_KUBERNETES_21
Ensure GCP Kubernetes engine clusters have legacy compute engine metadata endpoints disabled
Policy ID: BC_GCP_KUBERNETES_22
Ensure the GKE metadata server is enabled
Policy ID: BC_GCP_KUBERNETES_23
Ensure shielded GKE nodes are enabled
Policy ID: BC_GCP_KUBERNETES_24
Ensure integrity monitoring for shielded GKE nodes is enabled
Policy ID: BC_GCP_KUBERNETES_25
Ensure the GKE Release Channel is set
Policy ID: BC_GCP_KUBERNETES_26
Updated about 2 years ago