Shielded GKE Nodes

Jan 1, 0001

Definition

Shielded GKE Nodes are a security feature in Google Kubernetes Engine (GKE) that provide enhanced protection for node integrity and data confidentiality. They leverage Shielded VM capabilities, such as Secure Boot, vTPM, and Integrity Monitoring, to ensure that nodes are running trusted software and have not been tampered with. This feature helps protect against rootkits and bootkits, ensuring that the nodes are in a known good state.

Secure Settings Example

apiVersion: container.cnrm.cloud.google.com/v1beta1
kind: ContainerCluster
metadata:
  name: secure-cluster
spec:
  location: us-central1
  initialNodeCount: 1
  nodeConfig:
    shieldedInstanceConfig:
      enableSecureBoot: true
      enableIntegrityMonitoring: true

Insecure Settings Example

apiVersion: container.cnrm.cloud.google.com/v1beta1
kind: ContainerCluster
metadata:
  name: insecure-cluster
spec:
  location: us-central1
  initialNodeCount: 1
  nodeConfig:
    shieldedInstanceConfig:
      enableSecureBoot: false
      enableIntegrityMonitoring: false

Shielded GKE Nodes

Definition

Secure Settings Example

Insecure Settings Example

Ask AppSec: free security newsletter

Ask AppSec: free security newsletter