GCP Kubernetes Engine private cluster has private endpoint disabled

Description

Private clusters enable isolation of nodes from any inbound and outbound connectivity to the public internet. This is achieved as the nodes have internal RFC 1918 IP addresses only. In private clusters, the cluster master has private and public endpoints. You can configure which endpoint should be enabled or disabled to control access to the public internet. We recommend you enable private cluster when creating Kubernetes clusters. By creating a private cluster, the nodes will have a reserved set of IP addresses, ensuring their workloads are isolated from the public internet.

Code Example

resource "google_container_cluster" "cluster" {
...
+ private_cluster_config {
+   enable_private_nodes=true
+ }
...
}

Remediation

Terraform

Add Block: private_cluster_config with attribute enable_private_nodes set to true.

Rule Details

Field	Value
ID	IAC-0884
Severity	MEDIUM
IaC Type	Terraform
Frameworks	Terraform, TerraformPlan
Checkov ID	CKV_GCP_25

References

Checkov Rule

Overview

SAST (Application Security)

SCA (Dependencies)

Secrets Detection

IaC Security

License Compliance

SAST Rules

IaC Rules

License Rules

GCP Kubernetes Engine private cluster has private endpoint disabled

Description

Code Example

Remediation

Rule Details

References

SAST Rules

IaC Rules

License Rules

GCP Kubernetes Engine private cluster has private endpoint disabled ​

Description ​

Code Example ​

Remediation ​

Rule Details ​

References ​

GCP Kubernetes Engine private cluster has private endpoint disabled

Description

Code Example

Remediation

Rule Details

References