Network misconfigurations

GKE using non-private nodes

Risk Level

Informational (4)

Platform(s)
  • N/A

Compliance Frameworks

Description

Disabling public IP addresses on cluster nodes restricts access to only internal networks, forcing attackers to obtain local network access before attempting to compromise the underlying Kubernetes hosts. It was detected that {GcpGkeCluster} is not using private nodes.
  • Recommended Mitigation

    Once a cluster is created without enabling Private Nodes, it cannot be remediated. Rather the cluster must be recreated. For more info: <a href="https://cloud.google.com/kubernetes-engine/docs/how-to/private-clusters" target="_blank" rel="noopener noreferrer">https://cloud.google.com/kubernetes-engine/docs/how-to/private-clusters</a>