lacework-global-768
Enable Shielded Google Kubernetes Engine (GKE) Nodes (Automated)
Description
Shielded GKE Nodes provides verifiable integrity via secure boot, virtual trusted platform module (vTPM)-enabled measured boot, and integrity monitoring.
Remediation
Note: From version 1.18, Shielded GKE nodes are default enabled on clusters.
Using Google Cloud Console:
To update an existing cluster to use Shielded GKE nodes:
- Navigate to Kubernetes Engine by visiting: https://console.cloud.google.com/kubernetes/list.
- Select the cluster which on which to enable
Shielded GKE Nodes
. - With in the
Details
pane, under theSecurity
heading, click the pencil icon namedEdit Shielded GKE nodes
. - Check the box named
Enable Shielded GKE nodes
. - Click
Save Changes
.
Using Command Line:
To migrate an existing cluster, you must specify the flag --enable-shielded-nodes
in the cluster update command:
gcloud container clusters update <cluster_name> --zone <cluster_zone> --enable-shielded-nodes
References
https://cloud.google.com/kubernetes-engine/docs/how-to/shielded-gke-nodes