Kubernetes Clusters must be configured with labels

ID

gcp_cluster_labels_disabled

Severity

low

Vendor

GCP

Resource

AIM

Tags

reachable

Description

It is recommended to apply labels to Kubernetes cluster on Google Cloud then use them to grant permissions based on those labels.

To fix it, you must use the resource_labels property to set up some labels.

Learn more about this topic at Creating and managing labels.

Examples

---
- name: create a cluster with labels
  google.cloud.gcp_container_cluster:
    name: my-cluster
    initial_node_count: 2
    node_config:
      machine_type: n1-standard-4
      disk_size_gb: 500
    location: us-central1-a
    project: test_project
    auth_kind: serviceaccount
    service_account_file: "/tmp/auth.pem"
    state: present

Mitigation / Fix

---
- name: create a cluster with labels
  google.cloud.gcp_container_cluster:
    name: my-cluster
    initial_node_count: 2
    node_config:
      machine_type: n1-standard-4
      disk_size_gb: 500
    location: us-central1-a
    project: test_project
    auth_kind: serviceaccount
    service_account_file: "/tmp/auth.pem"
    resource_labels:
      environment: dev # label key-value pair
      owner: alice # label key-value pair
    state: present