Resource Type: GCP > Kubernetes Engine > Zone Cluster
The Zone Cluster resource type is a configuration blueprint that can be used to create and manage new Kubernetes clusters within a specific zone.
Resource Context
Zone Cluster is a part of the Kubernetes Engine service.
Each Zone Cluster lives under a Zone.
Controls
The primary controls for GCP > Kubernetes Engine > Zone Cluster are:
- Active
- Approved
- CMDB
- Discovery
- Kubernetes Dashboard Enabled
- Labels
- Master Authorized Networks Config
- Network Policy Enabled
- Pod Security Policy Config
- ServiceNow
- Usage
It is also targeted by these controls:
- GCP > CIS v1 > 7 Kubernetes Engine > 7.01 Ensure Stackdriver Logging is set to Enabled on Kubernetes Engine Clusters (Scored)
- GCP > CIS v1 > 7 Kubernetes Engine > 7.02 Ensure Stackdriver Monitoring is set to Enabled on Kubernetes Engine Clusters (Scored)
- GCP > CIS v1 > 7 Kubernetes Engine > 7.03 Ensure Legacy Authorization is set to Disabled on Kubernetes Engine Clusters (Scored)
- GCP > CIS v1 > 7 Kubernetes Engine > 7.04 Ensure Master authorized networks is set to Enabled on Kubernetes Engine Clusters (Not Scored)
- GCP > CIS v1 > 7 Kubernetes Engine > 7.05 Ensure Kubernetes Clusters are configured with Labels (Not Scored)
- GCP > CIS v1 > 7 Kubernetes Engine > 7.06 Ensure Kubernetes web UI / Dashboard is disabled (Scored)
- GCP > CIS v1 > 7 Kubernetes Engine > 7.07 Ensure `Automatic node repair` is enabled for Kubernetes Clusters (Scored)
- GCP > CIS v1 > 7 Kubernetes Engine > 7.10 Ensure Basic Authentication is disabled on Kubernetes Engine Clusters (Scored)
- GCP > CIS v1 > 7 Kubernetes Engine > 7.11 Ensure Network policy is enabled on Kubernetes Engine Clusters (Scored)
- GCP > CIS v1 > 7 Kubernetes Engine > 7.12 Ensure Kubernetes Cluster is created with Client Certificate enabled (Scored)
- GCP > CIS v1 > 7 Kubernetes Engine > 7.13 Ensure Kubernetes Cluster is created with Alias IP ranges enabled (Scored)
- GCP > CIS v1 > 7 Kubernetes Engine > 7.14 Ensure PodSecurityPolicy controller is enabled on the Kubernetes Engine Clusters (Scored)
- GCP > CIS v1 > 7 Kubernetes Engine > 7.15 Ensure Kubernetes Cluster is created with Private cluster enabled (Scored)
- GCP > CIS v1 > 7 Kubernetes Engine > 7.17 Ensure default Service account is not used for Project access in Kubernetes Clusters (Scored)
- GCP > Kubernetes Engine > Region Cluster > Use IP Aliases
- GCP > Kubernetes Engine > Zone Node Pool > Discovery
Category
In Your Workspace
- Controls by Resource Type report
- Policy Settings by Resource Type report
- Resources by Resource Type report
Developers
- tmod:@turbot/gcp-kubernetesengine#/resource/types/zoneCluster
- tmod:@turbot/turbot#/resource/categories/container
- turbot graphql resource --id "tmod:@turbot/gcp-kubernetesengine#/resource/types/zoneCluster"
Get Resource- select * from guardrails_resource where resource_type_uri = 'tmod:@turbot/gcp-kubernetesengine#/resource/types/zoneCluster';
- select * from guardrails_policy_setting where filter = 'resourceTypeId:"tmod:@turbot/gcp-kubernetesengine#/resource/types/zoneCluster"';
- select * from guardrails_notification where resource_type_uri = 'tmod:@turbot/gcp-kubernetesengine#/resource/types/zoneCluster' and notification_type in ('resource_updated', 'resource_created');
Get ResourceGet Policy Settings (By Resource ID)Get Resource Notification
Resource Type URI
Category URI
GraphQL
CLI
Steampipe Query