cluster-1

Overview
Critical
0
High
7
Medium
11
Low
4
Informational
0
Security issues (22)
Severity Non-Compliance Issue Remediation Read more Action
Low Kubernetes cluster has an alias for IP ranges disabled. To assign ranges of internal IP addresses as alias to a network interface, make sure your Kubernetes clusters have an alias for IP ranges enabled. More info
Medium Kubernetes cluster has auto-repair disabled for the node pools: node-pool4, node-pool3. To enable auto-repair for the nodes that fail health checks, ensure auto-repair is enabled for all node pools in your Kubernetes Engine clusters. More info
Medium Kubernetes cluster has auto-upgrade disabled for the node pool: default-pool. To ensure the latest security patches are installed and each node stays current with the latest version of the master branch, enable auto-upgrade for all node pools in your Kubernetes Engine clusters. More info
High Kubernetes cluster has Container-Optimized OS disabled for node pool: node-pool2. To bring up your Docker containers on Google Cloud Platform quickly, efficiently, and securely, use Container-Optimized OS for all Kubernetes cluster nodes. More info
Low Kubernetes cluster with default service account used for node pools: node-pool3, node-pool2, default-pool... To reduce the attack surface in case of a malicious attack against the cluster, ensure that no Kubernetes cluster nodes are using the default service account. More info
Medium Kubernetes cluster has integrity monitoring disabled for node pools: node-pool4, node-pool3. To automatically monitor the integrity of your cluster nodes, ensure that integrity monitoring is enabled for your Kubernetes cluster nodes. More info
High PCI DSS 3.5 HIPAA (Encryption) No Customer-Managed Keys (CMK) encryption found for Kubernetes cluster node pools: node-pool4, node-pool3, default-pool. To fulfill HIPAA and PCI DSS compliance requirements for encryption of data at rest, make sure your Kubernetes cluster node pools are encrypted using CMK. More info
Medium Kubernetes cluster has Secure Boot security feature disabled for the node pools: node-pool2, default-pool. To protect your cluster nodes against malware and rootkits, ensure that Secure Boot security feature is enabled for all your Kubernetes cluster nodes. More info
High Kubernetes cluster has basic authentication enabled. To make sure no static passwords are used to authenticate, disable basic authentication on all clusters. More info
Low Kubernetes cluster has alpha feature enabled. As alpha clusters expire after thirty days and do not receive security updates, create a new cluster with the alpha feature disabled, migrate all data from the old cluster with the alpha feature, and then delete the old cluster. More info
Medium Kubernetes cluster has legacy authorization enabled. As legacy authorizer grants broad, statically defined permissions, ensure legacy authorization is disabled on all Kubernetes clusters. More info
Medium PCI DSS 10.2 HIPAA (Audit) Kubernetes cluster has logging disabled. To fulfill HIPAA compliance requirements for logging of all activity, ensure all Kubernetes clusters have logging enabled. More info
Medium Kubernetes cluster has master authorized networks disabled. To allow IP addresses in the specified CIDR ranges to access your cluster control plane endpoint using HTTPS, enable master authorized networks on all Kubernetes clusters. More info
High Kubernetes cluster has network policy disabled. For a more secure environment with only specified connections allowed between cluster pods, ensure all Kubernetes clusters have network policy enabled. More info
High PCI DSS 3.5 HIPAA (Encryption) Kubernetes cluster nodes are not encrypted using Customer-Managed Keys (CMK). To fulfill HIPAA and PCI DSS compliance requirements for encryption of data at rest, make sure your Kubernetes cluster nodes are encrypted using CMK. More info
Low Kubernetes cluster does not have any labels. To be better organize your Kubernetes clusters, it is recommended to add labels to Kubernetes clusters. More info
High Kubernetes cluster with default service account does not use minimal access scope. Ensure that all Kubernetes clusters created with default service account are created with minimal access scopes. More info
High Kubernetes cluster has pod security policy config disabled. To enable control of the security sensitive aspects of the pod configuration, ensure all Kubernetes clusters have pod security policy config enabled. More info
Medium Kubernetes cluster has private cluster disabled. To isolate workloads from the public Internet, ensure all Kubernetes clusters have private cluster enabled. More info
Medium Kubernetes cluster does not have private endpoint enabled. To route all traffic between the Kubernetes worker and control plane nodes over a private VPC endpoint rather than across the public internet, ensure all Kubernetes clusters have private endpoint enabled. More info
Medium Kubernetes cluster does not have Shielded Nodes feature enabled. To limit the ability of an attacker to impersonate a node in your cluster even if the attacker is able to extract the node credentials, ensure all Kubernetes clusters have Shielded Nodes feature enabled. More info
Medium Kubernetes cluster has web dashboard enabled. As web dashboard is backed by a highly privileged service account, ensure web dashboard is disabled on all Kubernetes clusters. More info