lacework-global-796

Enable Virtual Private Cloud (VPC) Flow Logs and Intranode Visibility (Automated)

Description

Enable VPC Flow Logs and Intranode Visibility to see pod-level traffic, even for traffic within a worker node. Enabling Intranode Visibility makes intranode pod to pod traffic visible to the networking fabric. With this feature, you can use VPC Flow Logs for intranode traffic.

Remediation

Enable Intranode Visibility:

Using Google Cloud Console:

1. Go to Kubernetes Engine by visiting: https://console.cloud.google.com/kubernetes/list.
2. Select Kubernetes clusters with intranode visibility disabled.
3. Within the Details pane, under the Network section, click the pencil icon named Edit intranode visibility.
4. Check the box next to Enable Intranode visibility.
5. Click Save Changes.

Using Command Line:

To enable intranode visibility on an existing cluster, run the following command:

gcloud container clusters update <cluster_name> --enable-intra-node-visibility

Enable VPC Flow Logs:

Using Google Cloud Console:

1. Go to Kubernetes Engine by visiting: https://console.cloud.google.com/kubernetes/list.
2. Select Kubernetes clusters with VPC Flow Logs disabled.
3. Select Nodes tab.
4. Select Node Pool without VPC Flow Logs enabled.
5. Select an Instance Group within the node pool.
6. Select an Instance Group Member.
7. Select the Subnetwork under Network Interfaces.
8. Click Edit.
9. Set Flow logs to On.
10. Click Save.

Using Command Line:

1. Find the subnetwork name associated with the cluster.

gcloud container clusters describe <cluster_name> --region <cluster_region> --format json | jq '.subnetwork'

2. Update the subnetwork to enable VPC Flow Logs.

gcloud compute networks subnets update <subnet_name> --enable-flow-logs

References

https://cloud.google.com/kubernetes-engine/docs/how-to/intranode-visibility
https://cloud.google.com/vpc/docs/using-flow-logs