March 27, 2025, Conformity—RTM for GCP
RTM now supports the following rules:
- GKE-007: Enable Auto-Repair for GKE Cluster Nodes: This rule ensures that the Auto-Repair feature is enabled for all your GKE cluster nodes.
- GKE-008: Enable Integrity Monitoring for Cluster Nodes: This rule ensures that Integrity Monitoring is enabled for your Google Kubernetes Engine (GKE) cluster nodes.
- GKE-009: Automate Cluster Version Upgrades using Release Channels: This rule ensures that Automate version management for your Google Kubernetes Engine (GKE) clusters using Release Channels.
- GKE-010: Prevent Default Service Account Usage: This rule ensures that GKE clusters are not configured to use the default service account.
- GKE-011: Enable Workload Vulnerability Scanning: This rule ensures that workload vulnerability scanning is enabled for Google Kubernetes Engine (GKE) clusters.
- GKE-012: Check for Alpha Clusters in Production: This rule ensures that Alpha GKE clusters are not used for production workloads.
- GKE-022: Enable VPC-Native Traffic Routing: This rule ensures that VPC-native traffic routing is enabled for Google Kubernetes Engine (GKE) clusters.
- GKE-023: Use Sandbox with gVisor for GKE Clusters Nodes: This rule ensures that your cluster nodes are using GKE Sandbox with gVisor to isolate untrusted workloads to enhance security in the multi-tenant Google Kubernetes Engine (GKE) environments,
- GKE-024: Use Container-Optimized OS for GKE Clusters Nodes: This rule ensures that your Google Kubernetes Engine (GKE) cluster nodes use the Container-Optimized OS (cos_containerd), a managed, optimized, and hardened base OS provided by GKE to limit the host's attack surface.