Ensure PodSecurityPolicy controller is enabled on Google Container Cluster

HIGH

Description

PodSecurityPolicy controller has been disabled on the Google Container Cluster. PodSecurityPolicy controller allows you to better control security of your pods.

Remediation

Kubernetes has officially deprecated PodSecurityPolicy in version 1.21. PodSecurityPolicy will be removed in version 1.25.

In Terraform -

In the google_container_cluster resource, ensure that pod_security_policy_config block attribute is added with enabled attribute set to true.

References:
https://registry.terraform.io/providers/hashicorp/google/3.78.0/docs/resources/container_cluster
https://cloud.google.com/kubernetes-engine/docs/how-to/pod-security-policies?hl=en

Policy Details

Rule Reference ID: AC_GCP_0022

CSP: GCP

Remediation Available: Yes

Domain: Compliance Validation

Resource: google_container_cluster

Resource Category: Compute

Resource Type: Google Kubernetes Engine (GKE)

Frameworks

GDPR
HIPAA
NIST-800-171
NIST-800-53
NIST-CSF
ISO-27001

Detections

Analytics