Logging and monitoring

GKE Nodepool creating nodes without Integrity Monitoring

Description

Integrity Monitoring provides active alerting for Shielded GKE nodes which allows administrators to respond to integrity failures and prevent compromised nodes from being deployed into the cluster. It was detected that {GcpGkeCluster.NodePools} does not use Integrity Monitoring for it's nodes.
  • Recommended Mitigation

    Consider enabling Integrity Monitoring for Shielded GKE nodes. Foe more info: <a href="https://cloud.google.com/kubernetes-engine/docs/how-to/shielded-gke-nodes#system_integrity_monitoring" target="_blank" rel="noopener noreferrer">https://cloud.google.com/kubernetes-engine/docs/how-to/shielded-gke-nodes#system_integrity_monitoring</a>