For AI agents: A markdown version of this page is available at https://docs.datadoghq.com/security/default_rules/def-000-za6.md. A documentation index is available at /llms.txt.

Ensure GKE node pools do not use default service accounts

Description

The service account running the nodes in a cluster should have the principle of least privilege applied. Without a minimally privileged service account, the impact during a node comprise could be much worse.

Remediation

Follow the documentation from Google Cloud’s Harden your cluster’s security article to configure a non-default service account for your Cluster’s nodes.