Control: Verify all GKE clusters are Private Clusters
Description
This control checks that all GKE clusters are Private Clusters.
Usage
Run the control in your terminal:
powerpipe control run terraform_gcp_compliance.control.kubernetes_cluster_private_cluster_config_enabledSnapshot and share results via Turbot Pipes:
powerpipe loginpowerpipe control run terraform_gcp_compliance.control.kubernetes_cluster_private_cluster_config_enabled --shareSQL
This control uses a named query:
select address as resource, case when (attributes_std -> 'private_cluster_config') is null then 'alarm' when (attributes_std -> 'private_cluster_config' -> 'enable_private_nodes') is null then 'alarm' when (attributes_std -> 'private_cluster_config' -> 'enable_private_nodes')::bool then 'ok' else 'alarm' end as status, split_part(address, '.', 2) || case when (attributes_std -> 'private_cluster_config') is null then ' private cluster config disabled' when (attributes_std -> 'private_cluster_config' -> 'enable_private_nodes') is null then ' ''enable_private_nodes'' not defined' when (attributes_std -> 'private_cluster_config' -> 'enable_private_nodes')::bool then ' private cluster config enabled' else ' private cluster config disabled' end || '.' reason , path || ':' || start_linefrom terraform_resourcewhere type = 'google_container_cluster';