Link Search Menu Expand Document

Shielded GKE nodes not enabled.

Explanation

CIS GKE Benchmark Recommendation: 6.5.5. Ensure Shielded GKE Nodes are Enabled

Shielded GKE Nodes provide strong, verifiable node identity and integrity to increase the security of GKE nodes and should be enabled on all GKE clusters.

Insecure Example

The following example will fail the GCP010 check.

resource "google_container_cluster" "gke" {
	enable_shielded_nodes = "false"
}

Secure Example

The following example will pass the GCP010 check.

resource "google_container_cluster" "gke" {
	enable_shielded_nodes = "true"
}