GKE 集群审计
[英]GKE Cluster Audit
问题描述
- What are the points to be reviewed while auditing a GKE cluster?
审计GKE集群有哪些要点? We have a production cluster and I would like to what all points need to be reviewed while auditing my GKE cluster.我们有一个生产集群,我想知道在审核我的 GKE 集群时需要审查哪些要点。 What needs to be configured/removed for better security and HA.需要配置/删除什么以获得更好的安全性和 HA。
1 个解决方案
解决方案1
0 2022-04-30 14:14:16
This is a very broad topic.这是一个非常广泛的话题。
Short answer(Main points):简答(要点):
- Apply Least privilege principle for IAM entities and RBAC entities对 IAM 实体和 RBAC 实体应用最小特权原则
- Enable binary authorizarion启用二进制授权
- Limit privileges on Containers限制容器的权限
- Enable image scanner启用图像扫描仪
- Use the Secret Manager使用秘密管理器
- Create private clusters when possible尽可能创建私有集群
- Spread your work nodes between AZs在 AZ 之间传播您的工作节点
But I strongly recommend you verify Google official docs:但我强烈建议你验证谷歌官方文档:
https://cloud.google.com/kube.netes-engine/docs/concepts/security-overview#node_upgrades https://cloud.google.com/kube.netes-engine/docs/concepts/security-overview#node_upgrades
See ya再见
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.
相关问题
在 GKE 中配置审计 - Configure Audit in GKE
GKE 集群迁移 - GKE cluster migration
GKE:无法删除集群 - GKE: Impossible to delete a cluster
GKE 自动重启集群 - GKE automatically restarted cluster
更改 GKE 集群名称 - Change GKE cluster name
GKE 集群节点未启动 - GKE Cluster Node not booting
GKE 集群 - kernel - GKE cluster - kernel
在 GKE 中运行 Keycloak 集群 - Running a Keycloak Cluster in GKE
更改GKE集群的CIDR su.net - Change the CIDR subnet of GKE cluster
集群角色绑定不适用于 GKE 集群 + OIDC 设置 - Cluster Rolebinding not working for GKE Cluster + OIDC settings
相关标签