lacework-global-772
Create clusters with Private Nodes (Automated)
Description
Private Nodes are nodes with no public IP addresses. Disable public IP addresses for cluster nodes, so that they only have private IP addresses.
Remediation
Note: Lacework does not support Autopilot mode clusters, so the remediation only considers the standard mode cluster option.
It is not possible to remediate a cluster created without Private Nodes enabled. Rather you must recreate the cluster.
Using Google Cloud Console:
- Go to Kubernetes Engine by visiting: https://console.cloud.google.com/kubernetes/list.
- Click
CREATE CLUSTER
, and chooseCONFIGURE
for the Standard mode cluster. - Configure the cluster as required then click
Networking
underCLUSTER
in the navigation pane. - Under
IPv4 network access
, click thePrivate cluster radio button
. - Configure the other settings as required, and click
CREATE
.
Using Command Line:
To create a cluster with Private Nodes enabled, include the --enable-private-nodes
flag within the cluster create command:
gcloud container clusters create <cluster_name> --enable-private-nodes
Setting this flag also requires the setting of --enable-ip-alias
and --master-ipv4-cidr=<master_cidr_range>
.
References
https://cloud.google.com/kubernetes-engine/docs/how-to/private-clusters