Kubernetes Clusters must be created with Private Clusters enabled

ID

gcp_private_cluster_disabled

Severity

high

Vendor

GCP

Resource

Network

Tags

reachable

Description

Kubernetes Clusters must be created with Private Clusters enabled, meaning the 'private_cluster_config' must be defined and the attributes 'enable_private_endpoint' and 'enable_private_nodes' must be true to provide more security and isolation to the cluster.

Learn more about this topic at GKE - Private Clusters.

Examples

---
- name: create a cluster4
  google.cloud.gcp_container_cluster:
    name: my-cluster4
    initial_node_count: 2
    master_auth:
      username: cluster_admin
      password: my-secret-password
    node_config:
      machine_type: n1-standard-4
      disk_size_gb: 500
    location: us-central1-a
    project: test_project
    auth_kind: serviceaccount
    service_account_file: "/tmp/auth.pem"
    state: present
    private_cluster_config:
      enable_private_endpoint: no
      enable_private_nodes: no

Mitigation / Fix

- name: create a cluster
  google.cloud.gcp_container_cluster:
    name: my-cluster
    initial_node_count: 1
    master_auth:
      username: cluster_admin
      password: secret-password
    node_config:
      machine_type: n1-standard
      disk_size_gb: 500
    location: us-central1-a
    project: test_project
    auth_kind: serviceaccount
    service_account_file: /tmp/auth.pem
    state: present
    private_cluster_config:
      enable_private_endpoint: yes
      enable_private_nodes: yes