March 18, 2025, Conformity—RTM for GCP
RTM now supports the following rules:
- GKE-001: Enable GKE Cluster Node Encryption with Customer-Managed Keys: This rule ensures that boot disk encryption with Customer-Managed Keys is enabled for GKE cluster nodes.
- GKE-013: Restrict Network Access: Ensure that your Google Kubernetes Engine (GKE) clusters are configured with master authorised networks.
- GKE-014: Enable Binary Authorization: This rule ensures that the Binary Authorization feature is enabled for GKE clusters.
- GKE-015: Disable Legacy Authorization: This rule ensures that legacy authorization (also known as Attribute-Based Access Control or ABAC) is disabled for your Google Kubernetes Engine (GKE) clusters to guarantee compatibility with Role-Based Access Control (RBAC).
- GKE-016: Enable and Configure Cluster Logging: This rule ensures that logging is enabled for your Google Kubernetes Engine (GKE) clusters to collect logs emitted by your Kubernetes applications and the GKE infrastructure that runs your applications.
- GKE-017: Enable Private Nodes: Ensure that your Google Kubernetes Engine (GKE) clusters are configured to provision all nodes with only internal IP addresses (i.e., private nodes).
- GKE-018: Enable Intranode Visibility: This rule ensures that intranode visibility is enabled for your GKE clusters.
- GKE-019: Enable and Configure Cluster Monitoring: This rule ensures that Cloud Monitoring is enabled for your Google Kubernetes Engine (GKE) clusters.
- GKE-020: Enable GKE Metadata Server: This rule ensures that GKE Metadata Server is enabled for your Google Kubernetes Engine (GKE) cluster nodes in order to enhance security by restricting workload access to sensitive instance information.
- GKE-021: Use GKE Clusters with Private Endpoints Only: This rule ensures to restrict the control plane access to your Google Kubernetes Engine (GKE) clusters to private endpoints only, effectively disabling external access to the Kubernetes API.