Recipes that include further recipes, often including the individual recipes below.
Best practices for GCP
Ensure secure boot for shielded GKE nodes is enabled
Ensure the GKE metadata server is enabled
Enable PodSecurityPolicy controller on Google Kubernetes Engine (GKE) clusters
PodSecurityPolicy
Enable VPC Flow Logs for subnetworks
Enable VPC flow logs and intranode visibility
Ensure GCP Kubernetes cluster node auto-repair configuration is enabled
Ensure GCP Kubernetes engine clusters have legacy compute engine metadata endpoints disabled
Ensure GCP VM instances have block project-wide SSH keys feature enabled
Ensure GCP cloud storage bucket with uniform bucket-level access are enabled
Ensure IP forwarding on instances is disabled
Ensure binary authorization is used
Ensure compute instances launch with shielded VM enabled
Ensure private cluster is enabled when creating Kubernetes clusters
Ensure shielded GKE nodes are enabled
Last updated 8 months ago