Resource Type: GCP > Kubernetes Engine > Region Cluster

The Region Cluster resource type is a containerized application platform that can be used to create new Kubernetes workloads across multiple zones within a region.

Resource Context

Region Cluster is a part of the Kubernetes Engine service.

Each Region Cluster lives under a Region.

Controls

The primary controls for GCP > Kubernetes Engine > Region Cluster are:

It is also targeted by these controls:

GCP > CIS v1 > 7 Kubernetes Engine > 7.01 Ensure Stackdriver Logging is set to Enabled on Kubernetes Engine Clusters (Scored)
GCP > CIS v1 > 7 Kubernetes Engine > 7.02 Ensure Stackdriver Monitoring is set to Enabled on Kubernetes Engine Clusters (Scored)
GCP > CIS v1 > 7 Kubernetes Engine > 7.03 Ensure Legacy Authorization is set to Disabled on Kubernetes Engine Clusters (Scored)
GCP > CIS v1 > 7 Kubernetes Engine > 7.04 Ensure Master authorized networks is set to Enabled on Kubernetes Engine Clusters (Not Scored)
GCP > CIS v1 > 7 Kubernetes Engine > 7.05 Ensure Kubernetes Clusters are configured with Labels (Not Scored)
GCP > CIS v1 > 7 Kubernetes Engine > 7.06 Ensure Kubernetes web UI / Dashboard is disabled (Scored)
GCP > CIS v1 > 7 Kubernetes Engine > 7.07 Ensure `Automatic node repair` is enabled for Kubernetes Clusters (Scored)
GCP > CIS v1 > 7 Kubernetes Engine > 7.10 Ensure Basic Authentication is disabled on Kubernetes Engine Clusters (Scored)
GCP > CIS v1 > 7 Kubernetes Engine > 7.11 Ensure Network policy is enabled on Kubernetes Engine Clusters (Scored)
GCP > CIS v1 > 7 Kubernetes Engine > 7.12 Ensure Kubernetes Cluster is created with Client Certificate enabled (Scored)
GCP > CIS v1 > 7 Kubernetes Engine > 7.13 Ensure Kubernetes Cluster is created with Alias IP ranges enabled (Scored)
GCP > CIS v1 > 7 Kubernetes Engine > 7.14 Ensure PodSecurityPolicy controller is enabled on the Kubernetes Engine Clusters (Scored)
GCP > CIS v1 > 7 Kubernetes Engine > 7.15 Ensure Kubernetes Cluster is created with Private cluster enabled (Scored)
GCP > CIS v1 > 7 Kubernetes Engine > 7.17 Ensure default Service account is not used for Project access in Kubernetes Clusters (Scored)
GCP > Kubernetes Engine > Region Node Pool > Discovery
GCP > Kubernetes Engine > Zone Cluster > Network Policy Enabled

In Your Workspace

Developers

Resource Type URI

tmod:@turbot/gcp-kubernetesengine#/resource/types/regionCluster

Category URI

tmod:@turbot/turbot#/resource/categories/container

GraphQL

query resource(id: "tmod:@turbot/gcp-kubernetesengine#/resource/types/regionCluster") { … }

query resourceActivities(filter: "resourceId:'tmod:@turbot/gcp-kubernetesengine#/resource/types/regionCluster'") { … }

mutation createResource(input: { … })

mutation updateResource(input: { … })

CLI

Get Resource

turbot graphql resource --id "tmod:@turbot/gcp-kubernetesengine#/resource/types/regionCluster"

Steampipe Query

Get Resource

select * from guardrails_resource where resource_type_uri = 'tmod:@turbot/gcp-kubernetesengine#/resource/types/regionCluster';

Get Policy Settings (By Resource ID)

select * from guardrails_policy_setting where filter = 'resourceTypeId:"tmod:@turbot/gcp-kubernetesengine#/resource/types/regionCluster"';

Get Resource Notification

select * from guardrails_notification where resource_type_uri = 'tmod:@turbot/gcp-kubernetesengine#/resource/types/regionCluster' and notification_type in ('resource_updated', 'resource_created');