Aqua CSPM

Private Cluster Enabled

Quick Info

Plugin TitlePrivate Cluster Enabled
CloudGOOGLE
CategoryKubernetes
DescriptionEnsures private cluster is enabled for all Kubernetes clusters
More InfoKubernetes private clusters only have internal ip ranges, which ensures that their workloads are isolated from the public internet.
GOOGLE Linkhttps://cloud.google.com/kubernetes-engine/docs/how-to/private-clusters
Recommended ActionEnsure that all Kubernetes clusters have private cluster enabled.

Detailed Remediation Steps

  1. Log into the Google Cloud Platform Console.
  2. Scroll down the left navigation panel and choose the “Kubernetes Engine” option under the “Compute” and select the “Clusters.”
  3. On the “Kubernetes clusters” page , click on the “Name” as a link option to select the cluster.
  4. On the “Clusters” page, click on the “Edit” button at the top.
  5. Scroll down the “Clusters - Edit” page and check whether “Private cluster” is enabled or disabled. If it’s set to disabled then it’s not as per the best recommended method.
  6. Repeat steps number 2 - 5 to verify other “Clusters” in the account.
  7. Navigate to the “Kubernetes Engine” option under the “Compute”, choose the “Clusters” and click on the “Edit” button at the top.
  8. On the “Clusters - Edit” page, scroll down and choose the “Enabled” option from the dropdown menu next to “Private cluster."
  9. Click on the “Save” button to make the changes.
  10. Repeat steps number 7 - 9 to ensure that all Kubernetes clusters have private cluster enabled.