Ensure PodSecurityPolicy Configuration Enabled For Google Kubernetes Engine (GKE) Cluster

Ensure that PodSecurityPolicy configuration is enabled for Google Kubernetes Engine (GKE) clusters to enforce fine-grained authorization of pod creation and updates. This helps in securing the cluster by defining and controlling the security policies for pods, ensuring that only compliant pods are allowed to run in the cluster.

Suggest Edits

Risk Level: high
Cloud Entity: Google Kubernetes Engine (GKE)
Spectral Rule ID: TFGCP066
Category: Containers

REMEDIATION

set 'pod_security_policy_config.enabled' to True.

resource "google_container_cluster" "primary" {
  name     = "primary-cluster"
  location = "us-central1"


+  pod_security_policy_config {
+    enabled = true
+    ...
+  }
}

Google Kubernetes Engine (GKE)

GKE's Autopilot mode is a hands-off, fully managed Kubernetes platform that manages your cluster’s underlying compute infrastructure (without you needing to configure or monitor)—while still delivering a complete Kubernetes experience. And with per-pod billing, Autopilot ensures you pay only for your running pods, not system components, operating system overhead, or unallocated capacity for up to 85% savings from resource and operational efficiency.

Updated 7 days ago

REMEDIATION

Google Kubernetes Engine (GKE)

Read more: