Detections
Analytics

Ensure stackdriver monitoring is enabled on Google Container Cluster

HIGH

Description

Containers running within Google Kubernetes Engine container clusters can utilize Stackdriver for monitoring, auditing, and troubleshooting. It is considered best practice to have this feature enabled and available for use when running container clusters.

Remediation

In GCP Console -

  1. Open the GCP Portal and Go to the Google Kubernetes Engine (GKE).
  2. Select the cluster you want to edit.
  3. Click details, under Stackdriver Monitoring click on edit Stackdriver Monitoring.
  4. Choose enabled from the dropdown.
  5. Click Save.

In Terraform -

  1. In the google_container_cluster resource, ensure that in the monitoring_config block monitoring_service is set to monitoring.googleapis.com/kubernetes.

References:
https://cloud.google.com/stackdriver/docs/solutions/gke/legacy-stackdriver/monitoring
https://registry.terraform.io/providers/hashicorp/google/4.50.0/docs/resources/container_cluster#monitoring_config

Policy Details

Rule Reference ID: AC_GCP_0029
CSP: GCP
Remediation Available: Yes
Domain: Logging and Monitoring
Resource: google_container_cluster
Resource Category: Compute
Resource Type: Google Kubernetes Engine (GKE)

Frameworks