Skip to main content

lacework-global-772

Create clusters with Private Nodes (Automated)

Description

Private Nodes are nodes with no public IP addresses. Disable public IP addresses for cluster nodes, so that they only have private IP addresses.

Remediation

Note: Lacework does not support Autopilot mode clusters, so the remediation only considers the standard mode cluster option.

It is not possible to remediate a cluster created without Private Nodes enabled. Rather you must recreate the cluster.

Using Google Cloud Console:

  1. Go to Kubernetes Engine by visiting: https://console.cloud.google.com/kubernetes/list.
  2. Click CREATE CLUSTER, and choose CONFIGURE for the Standard mode cluster.
  3. Configure the cluster as required then click Networking under CLUSTER in the navigation pane.
  4. Under IPv4 network access, click the Private cluster radio button.
  5. Configure the other settings as required, and click CREATE.

Using Command Line:

To create a cluster with Private Nodes enabled, include the --enable-private-nodes flag within the cluster create command:

gcloud container clusters create <cluster_name> --enable-private-nodes

Setting this flag also requires the setting of --enable-ip-alias and --master-ipv4-cidr=<master_cidr_range>.

References

https://cloud.google.com/kubernetes-engine/docs/how-to/private-clusters

Last updated on