GCP Kubernetes cluster intra-node visibility disabled
Description
Enable VPC Flow Logs and Intranode Visibility to see pod-level traffic, even for traffic within a worker node. With this feature, you can use VPC Flow Logs or other VPC features for intranode traffic.
Code Example
go
{
"resource "google_container_cluster" "example" {
name = var.name
location = var.location
project = data.google_project.project.name
+ enable_intranode_visibility = true
",
}Remediation
Terraform
- Resource: google_container_cluster
- Arguments: enable_intranode_visibility
Rule Details
| Field | Value |
|---|---|
| ID | IAC-0920 |
| Severity | INFO |
| IaC Type | Terraform |
| Frameworks | Terraform, TerraformPlan |
| Checkov ID | CKV_GCP_61 |