Control: Compute Instance preemptible termination should be disabled

Description

This control ensures that Compute Instance preemptible termination is disabled. Compute Instance preemptible termination can lead to unexpected loss of service when the VM instance is terminated.

Usage

Run the control in your terminal:

powerpipe control run gcp_compliance.control.compute_instance_preemptible_termination_disabled

Snapshot and share results via Turbot Pipes:

powerpipe login
powerpipe control run gcp_compliance.control.compute_instance_preemptible_termination_disabled --share

SQL

This control uses a named query:

select
  self_link resource,
  case
    when name like 'gke-%' then 'skip'
    when scheduling ->> 'preemptible' = 'true' then 'alarm'
    else 'ok'
  end as status,
  case
    when name like 'gke-%' and labels ? 'goog-gke-node'
      then title || ' created by GKE.'
    when scheduling ->> 'preemptible' = 'true' then title || ' preemptible termination enabled.'
    else title || ' preemptible termination disabled.'
  end as reason
  
  , location as location, project as project
from
  gcp_compute_instance;

Control: Compute Instance preemptible termination should be disabled

Description

Usage

SQL

Tags