Kubernetes Engine Clusters must have Stackdriver Logging enabled

ID

gcp_stackdriver_logging_disabled

Severity

low

Vendor

GCP

Resource

Logging

Tags

non-reachable

Description

Setting logging_service to none can pose a potential risks if no other way of storing log data is configured.

To fix it, you must configure the logging_service property of the database instance to an existing logging services or remove it to use default Google Logging service.

Learn more about this topic at Using logging for your apps running on Kubernetes Engine.

Examples

---
- name: create a cluster2
  google.cloud.gcp_container_cluster:
    name: my-cluster2
    initial_node_count: 2
    master_auth:
      username: cluster_admin
      password: my-secret-password
    node_config:
      machine_type: n1-standard-4
      disk_size_gb: 500
    location: us-central1-a
    project: test_project
    auth_kind: serviceaccount
    service_account_file: "/tmp/auth.pem"
    state: present
    logging_service: none

Mitigation / Fix

- name: create a cluster
  google.cloud.gcp_container_cluster:
    name: my-cluster
    initial_node_count: 2
    master_auth:
      username: cluster_admin
      password: my-secret-password
    node_config:
      machine_type: n1-standard-4
      disk_size_gb: 500
    location: us-central1-a
    project: test_project
    auth_kind: serviceaccount
    service_account_file: /tmp/auth.pem
    state: present
    logging_service: logging.googleapis.com