For AI agents: A markdown version of this page is available at https://docs.datadoghq.com/security/default_rules/def-000-1oa.md. A documentation index is available at /llms.txt.

Google Cloud Kubernetes Engine cluster should not be publicly accessible

gke

Description

The control plane of a GKE cluster should not be open to the internet. Limiting internet access significantly reduces the attack surface.

Remediation

Consider allow-listing specific IP ranges in the cluster configuration.

Alternatively, consider making the cluster private and accessing it from an internal network or through Identity-aware Proxy (IaP).