Ensure Kubernetes Clusters are configured with Labels
A cluster label is a key-value pair that helps you organize your Google Cloud Platform resources, such as clusters. You can attach a label to each resource, then filter the resources based on their labels. Information about labels is forwarded to the billing system, so you can break down your billing charges by the label.
Risk Level: Low
Cloud Entity: Kubernetes Cluster
CloudGuard Rule ID: D9.GCP.OPE.01
Covered by Spectral: Yes
Category: Compute
GSL LOGIC
GkeCluster should have tags length()!=0
REMEDIATION
From Portal
- Go to Kubernetes GCP Console by visiting https://console.cloud.google.com/kubernetes/list?
- In the cluster list, select the checkboxes for one or more clusters that you want to modify.
- Click on Edit icon next to the Labels filed.
- Add or update labels as desired.
- Click Save.
From TF
Add to the cluster the filed 'resource_labels' with key and label:
resource "google_container_cluster" "primary" {
name = CLUSTER_NAME
location = LOCTION
initial_node_count = 3
resource_labels = tomap({"KEY"="VALUE"})
...
}
From Command Line
To Update existing cluster with labels:
gcloud container clusters update CLUSTER_NAME --region COMPUTE_REGION | --zone COMPUTE_ZONE --update-labels KEY=VALUE
References
- https://cloud.google.com/kubernetes-engine/docs/how-to/creating-managing-labels#gcloud_1
- https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/container_cluster
Kubernetes Cluster
Kubernetes Engine is a managed, production-ready environment for deploying containerized applications. It brings our latest innovations in developer productivity, resource efficiency, automated operations, and open source flexibility to accelerate your time to market.
Launched in 2015, Kubernetes Engine builds on Google's experience of running services like Gmail and YouTube in containers for over 12 years. Kubernetes Engine allows you to get up and running with Kubernetes in no time, by completely eliminating the need to install, manage, and operate your own Kubernetes clusters.
Compliance Frameworks
- CloudGuard GCP All Rules Ruleset
- GCP CIS Foundations v. 1.0.0
- GCP CloudGuard Best Practices
- GCP NIST 800-53 Rev 5
Updated over 1 year ago