Skip to content

Integrity monitoring for shielded GKE nodes is not enabled

Description

Enable Integrity Monitoring for Shielded GKE Nodes to be notified of inconsistencies during the node boot sequence.
Integrity Monitoring provides active alerting for Shielded GKE nodes which allows administrators to respond to integrity failures and prevent compromised nodes from being deployed into the cluster.

Fix - Buildtime

Terraform

  • Resource: google_container_cluster / google_container_node_pool
  • Argument: node_config.shielded_instance_config.enable_integrity_monitoring
resource "google_container_cluster" "fail" {
  name               = var.name
  location           = var.location
  initial_node_count = 1
  project            = data.google_project.project.name

  node_config {

    shielded_instance_config {
-     enable_integrity_monitoring = false
    }
  }