Kubernetes Engine Clusters must have Stackdriver Monitoring enabled

ID

gcp_stackdriver_monitoring_disabled

Severity

high

Vendor

GCP

Resource

Application Security

Tags

reachable

Description

monitoring_service is a parameter that specifies which monitoring service to use for Google Cloud container cluster. It can be either monitoring.googleapis.com (the default value) or none.

To fix it, you must use monitoring.googleapis.com instead none for the monitoring_service property.

Learn more about this topic at Introduction to Cloud Monitoring.

Examples

---
- name: create a cluster2
  google.cloud.gcp_container_cluster:
    name: my-cluster2
    initial_node_count: 2
    master_auth:
      username: cluster_admin
      password: my-secret-password
    node_config:
      machine_type: n1-standard-4
      disk_size_gb: 500
    location: us-central1-a
    project: test_project
    auth_kind: serviceaccount
    service_account_file: "/tmp/auth.pem"
    state: present
    monitoring_service: none

Mitigation / Fix

---
- name: create a cluster
  google.cloud.gcp_container_cluster:
    name: my-cluster
    initial_node_count: 2
    master_auth:
      username: cluster_admin
      password: my-secret-password
    node_config:
      machine_type: n1-standard-4
      disk_size_gb: 500
    location: us-central1-a
    project: test_project
    auth_kind: serviceaccount
    service_account_file: /tmp/auth.pem
    state: present
    monitoring_service: monitoring.googleapis.com