Cluster VPC flow logs and intranode visibility should be enabled

Description

VPC Flow Logs and intranode visibility should be enabled. This allows monitoring and analysis of network traffic within your GKE cluster.

Remediation

From the console

  1. Go to the Kubernetes Engine.
  2. Select Kubernetes clusters for which intranode visibility is disabled.
  3. Within the Details pane, under the Network section, click on the pencil icon named Edit intranode visibility.
  4. Check the box next to Enable Intranode visibility.
  5. Click SAVE CHANGES.

From the command line

  1. To enable intranode visibility, run the following command:
    gcloud container clusters update <cluster_name> --enable-intra-node-visibility

References