GCP Kubernetes Engine Clusters Have HTTP Load Balancing Disabled

This policy identifies GCP Kubernetes Engine Clusters which have disabled HTTP load balancing. HTTP/HTTPS load balancing provides global load balancing for HTTP/HTTPS requests destined for your instances. Enabling HTTP/HTTPS load balancers will let the Kubernetes Engine to terminate unauthorized HTTP/HTTPS requests and make better context-aware load balancing decisions.

Policy Details

Policy Subtype
Run, Build
Severity
Medium
Template Type
Terraform

Build Rules

GCP Kubernetes Engine Clusters have HTTP load balancing disabled.
JSON Query:
$.resource[*].google_container_cluster exists and ($.resource[*].google_container_cluster.*[*].*.addons_config[*].http_load_balancing[*].disabled anyTrue)
Recommendation:
Recommended solution to enable GCP Kubernetes Engine Clusters HTTP load balancing.
Ensure that GCP Kubernetes Engine Clusters HTTP load balancing is enabled. Please make sure that "http_load_balancing" is enabled in the template.
For example:
"google_container_cluster": [ { "<container_cluster_name>": [ { "addons_config": [ { "http_load_balancing": [ { "disabled": false } ] } ] } ] } ]

Run Rule Recommendation

  1. Login to GCP Portal.
  2. Go to Kubernetes Engine (Left Panel).
  3. Select Kubernetes clusters.
  4. From the list of clusters, choose the reported cluster.
  5. Click on EDIT button.
  6. Set 'HTTP load balancing' to Enabled.
  7. Click on Save.

Compliance

There are 3 standards that are applicable to this policy:
  • PIPEDA
  • ISO 27001:2013
  • CCPA 2018

Recommended For You