GKE Cluster Audit

12/9/2021

What are the points to be reviewed while auditing a GKE cluster? We have a production cluster and I would like to what all points need to be reviewed while auditing my GKE cluster. What needs to be configured/removed for better security and HA.

-- Elzin

audit

google-kubernetes-engine

kubernetes

security

Similar Questions

Kubernetes with helm on local persistent volume with docker for Windows

Azure file storage with kubernetes and spring boot application

kubernetes find out which container crashes in a pod

Nginx controller service name wrongly configured

How to pass a deployment's full name to a variable in helm values.yaml?

1 Answer

4/30/2022

This is a very broad topic.

Short answer(Main points):

Apply Least privilege principle for IAM entities and RBAC entities
Enable binary authorizarion
Limit privileges on Containers
Enable image scanner
Use the Secret Manager
Create private clusters when possible
Spread your work nodes between AZs

But I strongly recommend you verify Google official docs:

https://cloud.google.com/kubernetes-engine/docs/concepts/security-overview#node_upgrades

See ya

-- Eumagnun

Source: StackOverflow