Vendor services misconfigurations

GKE Nodepool creating nodes without GKE Metadata Server

Platform(s)
Compliance Frameworks

CCPA, CPRA, GKE CIS, iso_27001_2022, iso_27002_2022, Mitre ATT&CK, NIST 800-171, NIST 800-53, PDPA, UK Cyber Essentials

Description

Every node stores its metadata on a metadata server. Some of this metadata, such as kubelet credentials and the VM instance identity token, is sensitive and should not be exposed to a Kubernetes workload. Enabling the GKE Metadata server prevents pods (that are not running on the host network) from accessing this metadata and facilitates Workload Identity. It was detected that {GcpGkeCluster.NodePools} is using nodes that are exposing it's metadata server to it's underlying pods.
Need help?

Get a free Security Risk Assessment. Start today

A screenshot of the Orca platform dashboard summarizing all of your cloud security risks

Personalized Demo

See Orca Security in Action

Gain visibility, achieve compliance, and prioritize risks with the Orca Cloud Security Platform.

Get a Demo