Skip to main content

lacework-global-773

Enable Network Policy and set as appropriate (Automated)

Description

Use Network Policy to restrict pod to pod traffic within a cluster and segregate workloads.

Remediation

Using Google Cloud Console:

  1. Go to Kubernetes Engine by visiting: https://console.cloud.google.com/kubernetes/list.
  2. Select the cluster with Network policy disabled.
  3. Under the details pane, within the Networking section, click the pencil icon named Edit network policy.
  4. Set Network policy for control plane to Enabled.
  5. Click Save Changes.
  6. Once the cluster has updated, repeat steps 1-3.
  7. Set Network Policy for nodes to Enabled.
  8. Click Save Changes.

Using Command Line:

To enable Network Policy for an existing cluster, firstly enable the Network Policy add-on:

gcloud container clusters update <cluster_name> --zone <compute_zone> --update-addons NetworkPolicy=ENABLED

Then, enable Network Policy:

gcloud container clusters update <cluster_name> --zone <compute_zone> --enable-network-policy

References

https://cloud.google.com/kubernetes-engine/docs/how-to/network-policy

Last updated on