workload_metadata_config block within
node_config is included, the
node_metadata attribute should be configured securely.
The attribute should be set to
SECURE to use metadata concealment, or
GKE_METADATA_SERVER if workload identity is enabled. This ensures that the VM metadata is not unnecessarily exposed to pods.
The following example will fail the GCP006 check.
The following example will pass the GCP006 check.