lacework-global-768

Enable Shielded Google Kubernetes Engine (GKE) Nodes (Automated)

Description

Shielded GKE Nodes provides verifiable integrity via secure boot, virtual trusted platform module (vTPM)-enabled measured boot, and integrity monitoring.

Remediation

Note: From version 1.18, Shielded GKE nodes are default enabled on clusters.

Using Google Cloud Console:

To update an existing cluster to use Shielded GKE nodes:

Navigate to Kubernetes Engine by visiting: https://console.cloud.google.com/kubernetes/list.
Select the cluster which on which to enable Shielded GKE Nodes.
With in the Details pane, under the Security heading, click the pencil icon named Edit Shielded GKE nodes.
Check the box named Enable Shielded GKE nodes.
Click Save Changes.

Using Command Line:

To migrate an existing cluster, you must specify the flag --enable-shielded-nodes in the cluster update command:

gcloud container clusters update <cluster_name> --zone <cluster_zone> --enable-shielded-nodes

References

https://cloud.google.com/kubernetes-engine/docs/how-to/shielded-gke-nodes

Enable Shielded Google Kubernetes Engine (GKE) Nodes (Automated)​

Description​

Remediation​

References​

Enable Shielded Google Kubernetes Engine (GKE) Nodes (Automated)

Description

Remediation

References