Skip to content

node-shielding-enabled

Explanation

CIS GKE Benchmark Recommendation: 6.5.5. Ensure Shielded GKE Nodes are Enabled

Shielded GKE Nodes provide strong, verifiable node identity and integrity to increase the security of GKE nodes and should be enabled on all GKE clusters.

Possible Impact

Node identity and integrity can't be verified without shielded GKE nodes

Suggested Resolution

Enable node shielding

Insecure Example

The following example will fail the google-gke-node-shielding-enabled check.

resource "google_container_cluster" "bad_example" {
    enable_shielded_nodes = "false"
}

Secure Example

The following example will pass the google-gke-node-shielding-enabled check.

resource "google_container_cluster" "good_example" {
    enable_shielded_nodes = "true"
}