Skip to content

GKE Shielded VMs #2026

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
aumohr opened this issue Jan 30, 2024 · 1 comment · Fixed by #2036 or #2105
Closed

GKE Shielded VMs #2026

aumohr opened this issue Jan 30, 2024 · 1 comment · Fixed by #2036 or #2105
Labels
cspr

Comments

@aumohr
Copy link
Collaborator

aumohr commented Jan 30, 2024

Describe the bug
In stage 3-gke-multitenant, Shielded VMs are not used for the GKE nodes, even though it is a GCP security best practice.

Rationale
Shielded VMs are virtual machines (VMs) on Google Cloud Platform hardened by a set of security controls that help defend against rootkits and bootkits. Ensures that the boot loader and firmware are signed/untampered. Optionally, if you do not use any custom or unsigned drivers, also enable secure boot.

Expected behavior
Use the Shielded VM option while deploying GKE.
@aumohr aumohr added the cspr label Jan 30, 2024
@ludoo ludoo mentioned this issue Feb 1, 2024
Merged
@ludoo
Copy link
Collaborator

ludoo commented Feb 16, 2024

Reopening as this needs to also be passed in to the nodepool module in node_config.

@ludoo ludoo reopened this Feb 16, 2024
@ludoo ludoo mentioned this issue Feb 22, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
cspr
Projects
None yet
Milestone
No milestone
2 participants
@ludoo @aumohr