GKE Cluster Audit

12/9/2021
  1. What are the points to be reviewed while auditing a GKE cluster? We have a production cluster and I would like to what all points need to be reviewed while auditing my GKE cluster. What needs to be configured/removed for better security and HA.
-- Elzin
audit
google-kubernetes-engine
kubernetes
security

1 Answer

4/30/2022

This is a very broad topic.

Short answer(Main points):

  • Apply Least privilege principle for IAM entities and RBAC entities
  • Enable binary authorizarion
  • Limit privileges on Containers
  • Enable image scanner
  • Use the Secret Manager
  • Create private clusters when possible
  • Spread your work nodes between AZs

But I strongly recommend you verify Google official docs:

https://cloud.google.com/kubernetes-engine/docs/concepts/security-overview#node_upgrades

See ya

-- Eumagnun
Source: StackOverflow