Policy: GCP > CIS v1 > 7 Kubernetes Engine > 7.15 Ensure Kubernetes Cluster is created with Private cluster enabled (Scored)

Configures auditing against a CIS Benchmark item.

Level: 1 (Scored)

A private cluster is a cluster that makes your master inaccessible from the public internet. In a private cluster, nodes do not have public IP addresses, so your workloads run in an environment that is isolated from the internet. Nodes have addressed only in the private RFC 1918 address space. Nodes and masters communicate with each other privately using VPC peering.

Targets

This policy targets the following resource types:

Primary Policy

This policy is used with the following primary policy:

GCP > CIS v1 > 7 Kubernetes Engine

Controls

Setting this policy configures this control:

GCP > CIS v1 > 7 Kubernetes Engine > 7.15 Ensure Kubernetes Cluster is created with Private cluster enabled (Scored)

Policy Specification

Schema Type	`string`
Default	`Per GCP > CIS v1`
Valid Values [YAML]	`Per GCP > CIS v1` `Skip` `Check: Level 1 (Scored)`

In Your Workspace

Policy Settings by Type report

Developers

Category URI

tmod:@turbot/cis#/control/categories/v0711

Policy Type URI

tmod:@turbot/gcp-cisv1#/policy/types/r0715

GraphQL

query policyType(id: "tmod:@turbot/gcp-cisv1#/policy/types/r0715") { … }

query policySettings(filter: "policyTypeId:'tmod:@turbot/gcp-cisv1#/policy/types/r0715'") { … }

query policyValues(filter: "policyTypeId:'tmod:@turbot/gcp-cisv1#/policy/types/r0715'") { … }

CLI

Get Policy Type

turbot graphql policy-type --id "tmod:@turbot/gcp-cisv1#/policy/types/r0715"

Get Policy Settings

turbot graphql policy-settings --filter "policyTypeId:tmod:@turbot/gcp-cisv1#/policy/types/r0715"