GCP Kubernetes Engine Clusters Using The Default Network

This policy identifies Google Kubernetes Engine (GKE) clusters that are configured to use the default network. Because GKE uses this network when creating routes and firewalls for the cluster, as a best practice define a network configuration that meets your security and networking requirements for ingress and egress traffic, instead of using the default network.

Policy Details

Policy Subtype
Run, Build
Severity
Medium
Template Type
Terraform

Build Rules

GCP Kubernetes Engine Clusters using the default network.
JSON Query:
$.resource[*].google_project[*].*[*].auto_create_network anyTrue or $.resource[*].google_project[*].*[*].auto_create_network anyNull
Recommendation:
Recommended solution for not using default network in Kubernetes Engine Clusters.
Ensure that GCP Kubernetes Engine Clusters does not uses default network. Please make sure that the template has "auto_create_network" set as "false".
For example:
{ "project": [ { "auto_create_network": false, "folder_id": "something", "name": "dummy", "project_id": "abc" } ] }

Run Rule Recommendation

You cannot change the network attached to an existing GKE cluster. To resolve this alert, create a new cluster with a custom network that meets your requirements, then migrate the cluster data from the reported cluster to this newly created GKE cluster and delete the reported GKE cluster.
To create new Kubernetes engine cluster with the custom network, perform the following:.
  1. Login to GCP Portal.
  2. Go to Kubernetes Engine (Left Panel).
  3. Select Kubernetes clusters.
  4. Click on CREATE CLUSTER button.
  5. Set new cluster parameters as per your requirement and make sure 'Network' is set to other than 'default' under Networking section.
  6. Click on Save.
    To delete reported Kubernetes engine cluster, perform the following:
  7. Login to GCP Portal.
  8. Go to Kubernetes Engine (Left Panel).
  9. Select Kubernetes clusters.
  10. Click on reported Kubernetes cluster.
  11. Click on the DELETE button.
  12. On 'Delete a cluster' popup dialog, Click on DELETE to confirm the deletion of the cluster.

Compliance

There are 2 standards that are applicable to this policy:
  • PIPEDA
  • CCPA 2018

Recommended For You