Control types for @turbot/gcp-kubernetesengine
- GCP > Kubernetes Engine > API Enabled
- GCP > Kubernetes Engine > CMDB
- GCP > Kubernetes Engine > Discovery
- GCP > Kubernetes Engine > Region Cluster > Active
- GCP > Kubernetes Engine > Region Cluster > Approved
- GCP > Kubernetes Engine > Region Cluster > CMDB
- GCP > Kubernetes Engine > Region Cluster > Discovery
- GCP > Kubernetes Engine > Region Cluster > Kubernetes Dashboard Enabled
- GCP > Kubernetes Engine > Region Cluster > Labels
- GCP > Kubernetes Engine > Region Cluster > Legacy Abac
- GCP > Kubernetes Engine > Region Cluster > Logging
- GCP > Kubernetes Engine > Region Cluster > Master Authorized Networks Config
- GCP > Kubernetes Engine > Region Cluster > Network Policy Enabled
- GCP > Kubernetes Engine > Region Cluster > Pod Security Policy Config
- GCP > Kubernetes Engine > Region Cluster > Set Monitoring
- GCP > Kubernetes Engine > Region Cluster > Usage
- GCP > Kubernetes Engine > Region Cluster > Use IP Aliases
- GCP > Kubernetes Engine > Region Node Pool > Active
- GCP > Kubernetes Engine > Region Node Pool > Approved
- GCP > Kubernetes Engine > Region Node Pool > Auto Repair
- GCP > Kubernetes Engine > Region Node Pool > Auto Upgrade
- GCP > Kubernetes Engine > Region Node Pool > CMDB
- GCP > Kubernetes Engine > Region Node Pool > Discovery
- GCP > Kubernetes Engine > Region Node Pool > Usage
- GCP > Kubernetes Engine > Zone Cluster > Active
- GCP > Kubernetes Engine > Zone Cluster > Approved
- GCP > Kubernetes Engine > Zone Cluster > CMDB
- GCP > Kubernetes Engine > Zone Cluster > Discovery
- GCP > Kubernetes Engine > Zone Cluster > Kubernetes Dashboard Enabled
- GCP > Kubernetes Engine > Zone Cluster > Labels
- GCP > Kubernetes Engine > Zone Cluster > Network Policy Enabled
- GCP > Kubernetes Engine > Zone Cluster > Pod Security Policy Config
- GCP > Kubernetes Engine > Zone Cluster > Usage
- GCP > Kubernetes Engine > Zone Node Pool > Active
- GCP > Kubernetes Engine > Zone Node Pool > Approved
- GCP > Kubernetes Engine > Zone Node Pool > Auto Repair
- GCP > Kubernetes Engine > Zone Node Pool > Auto Upgrade
- GCP > Kubernetes Engine > Zone Node Pool > CMDB
- GCP > Kubernetes Engine > Zone Node Pool > Discovery
- GCP > Kubernetes Engine > Zone Node Pool > Usage
GCP > Kubernetes Engine > API Enabled
Check whether GCP Kubernetes Engine API is enabled.
API Enabled refers specifically to the API state of a service in a cloud project.
This control determines whether the API state is set as per desired level.
The GCP > Kubernetes Engine > API Enabled
control compares
the API state against the API Enabled policies,
raises an alarm, and takes the defined enforcement action.
tmod:@turbot/gcp-kubernetesengine#/control/types/kubernetesEngineApiEnabled
GCP > Kubernetes Engine > CMDB
Record and synchronize details for the GCP Kubernetes Engine into the CMDB.
The CMDB control is
responsible for populating and updating all the attributes for that
resource type in the Guardrails CMDB.
Note: If CMDB is set to Skip for a resource, then it will not be added
to the CMDB, and no controls that target it will run.
tmod:@turbot/gcp-kubernetesengine#/control/types/kubernetesEngineCmdb
GCP > Kubernetes Engine > Discovery
Discover GCP Kubernetes Engine resources and add them to the CMDB.
The Discovery
control is tasked with identifying instances for a particular resource.
The Discovery control will periodically search for new target resources and
save them to the Guardrails CMDB. Once discovered, resources are then
responsible for tracking changes to themselves through the
CMDB control.
tmod:@turbot/gcp-kubernetesengine#/control/types/kubernetesEngineDiscovery
GCP > Kubernetes Engine > Region Cluster > Active
Take an action when an GCP Kubernetes Engine region cluster is not active based on theGCP > Kubernetes Engine > Region Cluster > Active > *
policies.
The Active control determines whether the resource is in active use, and if not, has
the ability to delete / cleanup the resource. When running an automated compliance
environment, it's common to end up with a wide range of alarms that are difficult
and time consuming to clear. The Active control brings automated, well-defined
control to this process.
The Active control checks the status of all defined Active policies for the
resource (GCP > Kubernetes Engine > Region Cluster > Active > *
),
raises an alarm, and takes the defined enforcement action. Each Active
sub-policy can calculate a status of active, inactive or skipped. Generally,
if the resource appears to be Active for any reason it will be considered Active.
Note the contrast with Approved, where if the resource appears to be Unapproved
for any reason it will be considered Unapproved.
See Active for more information.
tmod:@turbot/gcp-kubernetesengine#/control/types/regionClusterActive
GCP > Kubernetes Engine > Region Cluster > Approved
Take an action when a GCP Kubernetes Engine region cluster is not approved based on GCP > Kubernetes Engine > Region Cluster > Approved > *
policies.
The Approved control checks the status of the defined Approved sub-policies for the resource. If the resource is not approved according to any of these policies, this control raises an alarm and takes the defined enforcement action.
For any enforcement actions that specify if new
, e.g., Enforce: Delete unapproved if new
, this control will only take the enforcement actions for resources created within the last 60 minutes.
See Approved for more information.
tmod:@turbot/gcp-kubernetesengine#/control/types/regionClusterApproved
GCP > Kubernetes Engine > Region Cluster > CMDB
Record and synchronize details for the GCP Kubernetes Engine region cluster into the CMDB.
The CMDB control is
responsible for populating and updating all the attributes for that
resource type in the Guardrails CMDB.
Note: If CMDB is set to Skip for a resource, then it will not be added
to the CMDB, and no controls that target it will run.
CMDB controls also use the Regions policy associated with the resource. If
region is not in GCP > Kubernetes Engine > Region Cluster > Regions
policy, the CMDB control will delete the
resource from the CMDB.
tmod:@turbot/gcp-kubernetesengine#/control/types/regionClusterCmdb
GCP > Kubernetes Engine > Region Cluster > Discovery
Discover GCP Kubernetes Engine region cluster resources and add them to the CMDB.
The Discovery
control is tasked with identifying instances for a particular resource.
The Discovery control will periodically search for new target resources and
save them to the Guardrails CMDB. Once discovered, resources are then
responsible for tracking changes to themselves through the
CMDB control.
Note that Discovery and CMDB controls also use the Regions policy
associated with the resource. If the region is not in GCP > Kubernetes Engine > Region Cluster > Regions
policy, the CMDB
control will delete the resource from the CMDB.
tmod:@turbot/gcp-kubernetesengine#/control/types/regionClusterDiscovery
GCP > Kubernetes Engine > Region Cluster > Kubernetes Dashboard Enabled
Configure whether Kubernetes Dashboard Enabled is enabled for a Kubernetes Engine regionCluster.
tmod:@turbot/gcp-kubernetesengine#/control/types/regionClusterKubernetesDashboardEnabled
GCP > Kubernetes Engine > Region Cluster > Labels
Take an action when an GCP Kubernetes Engine region cluster labels is not updated based on the GCP > Kubernetes Engine > Region Cluster > Labels > *
policies.
If the resource is not updated with the labels defined in GCP > Kubernetes Engine > Region Cluster > Labels > Template
, this control raises an alarm and takes the defined enforcement action.
See Labels for more information.
tmod:@turbot/gcp-kubernetesengine#/control/types/regionClusterLabels
GCP > Kubernetes Engine > Region Cluster > Legacy Abac
Configure whether Legacy Abac is enabled for a Kubernetes Engine regionCluster.
tmod:@turbot/gcp-kubernetesengine#/control/types/regionClusterLegacyAbac
GCP > Kubernetes Engine > Region Cluster > Logging
Configure whether Logging is enabled for a Kubernetes Engine regionCluster.
tmod:@turbot/gcp-kubernetesengine#/control/types/regionClusterLogging
GCP > Kubernetes Engine > Region Cluster > Master Authorized Networks Config
Configure whether Master Authorized Networks Config is enabled for a Kubernetes Engine regionCluster.
tmod:@turbot/gcp-kubernetesengine#/control/types/regionClusterMasterAuthorizedNetworksConfig
GCP > Kubernetes Engine > Region Cluster > Network Policy Enabled
Configure whether Network Policy Enabled is enabled for a Kubernetes Engine regionCluster.
tmod:@turbot/gcp-kubernetesengine#/control/types/regionClusterNetworkPolicyEnabled
GCP > Kubernetes Engine > Region Cluster > Pod Security Policy Config
Configure whether Pod Security Policy Config is enabled for a Kubernetes Engine regionCluster.
tmod:@turbot/gcp-kubernetesengine#/control/types/regionClusterPodSecurityPolicyConfig
GCP > Kubernetes Engine > Region Cluster > Set Monitoring
Configure whether Set Monitoring is enabled for a Kubernetes Engine regionCluster.
tmod:@turbot/gcp-kubernetesengine#/control/types/regionClusterMonitoring
GCP > Kubernetes Engine > Region Cluster > Usage
The Usage control determines whether the number of GCP Kubernetes Engine region cluster resources exceeds the configured usage limit for this region.
You can configure the behavior of this control with the GCP > Kubernetes Engine > Region Cluster > Usage
policy, and set the limit with the GCP > Kubernetes Engine > Region Cluster > Usage > Limit
policy.
tmod:@turbot/gcp-kubernetesengine#/control/types/regionClusterUsage
GCP > Kubernetes Engine > Region Cluster > Use IP Aliases
Configure whether useIpAliases is enabled for a Kubernetes Engine regionCluster.
tmod:@turbot/gcp-kubernetesengine#/control/types/regionClusterUseipaliases
GCP > Kubernetes Engine > Region Node Pool > Active
Take an action when an GCP Kubernetes Engine region node pool is not active based on theGCP > Kubernetes Engine > Region Node Pool > Active > *
policies.
The Active control determines whether the resource is in active use, and if not, has
the ability to delete / cleanup the resource. When running an automated compliance
environment, it's common to end up with a wide range of alarms that are difficult
and time consuming to clear. The Active control brings automated, well-defined
control to this process.
The Active control checks the status of all defined Active policies for the
resource (GCP > Kubernetes Engine > Region Node Pool > Active > *
),
raises an alarm, and takes the defined enforcement action. Each Active
sub-policy can calculate a status of active, inactive or skipped. Generally,
if the resource appears to be Active for any reason it will be considered Active.
Note the contrast with Approved, where if the resource appears to be Unapproved
for any reason it will be considered Unapproved.
See Active for more information.
tmod:@turbot/gcp-kubernetesengine#/control/types/regionNodePoolActive
GCP > Kubernetes Engine > Region Node Pool > Approved
Take an action when a GCP Kubernetes Engine region node pool is not approved based on GCP > Kubernetes Engine > Region Node Pool > Approved > *
policies.
The Approved control checks the status of the defined Approved sub-policies for the resource. If the resource is not approved according to any of these policies, this control raises an alarm and takes the defined enforcement action.
For any enforcement actions that specify if new
, e.g., Enforce: Delete unapproved if new
, this control will only take the enforcement actions for resources created within the last 60 minutes.
See Approved for more information.
tmod:@turbot/gcp-kubernetesengine#/control/types/regionNodePoolApproved
GCP > Kubernetes Engine > Region Node Pool > Auto Repair
Configure whether Auto Repair is enabled for a Kubernetes Engine regionNodePool.
tmod:@turbot/gcp-kubernetesengine#/control/types/regionNodePoolAutoRepair
GCP > Kubernetes Engine > Region Node Pool > Auto Upgrade
Configure whether Auto Upgrade is enabled for a Kubernetes Engine regionNodePool.
tmod:@turbot/gcp-kubernetesengine#/control/types/regionNodePoolAutoUpgrade
GCP > Kubernetes Engine > Region Node Pool > CMDB
Record and synchronize details for the GCP Kubernetes Engine region node pool into the CMDB.
The CMDB control is
responsible for populating and updating all the attributes for that
resource type in the Guardrails CMDB.
Note: If CMDB is set to Skip for a resource, then it will not be added
to the CMDB, and no controls that target it will run.
CMDB controls also use the Regions policy associated with the resource. If
region is not in GCP > Kubernetes Engine > Region Node Pool > Regions
policy, the CMDB control will delete the
resource from the CMDB.
tmod:@turbot/gcp-kubernetesengine#/control/types/regionNodePoolCmdb
GCP > Kubernetes Engine > Region Node Pool > Discovery
Discover GCP Kubernetes Engine region node pool resources and add them to the CMDB.
The Discovery
control is tasked with identifying instances for a particular resource.
The Discovery control will periodically search for new target resources and
save them to the Guardrails CMDB. Once discovered, resources are then
responsible for tracking changes to themselves through the
CMDB control.
Note that Discovery and CMDB controls also use the Regions policy
associated with the resource. If the region is not in GCP > Kubernetes Engine > Region Node Pool > Regions
policy, the CMDB
control will delete the resource from the CMDB.
tmod:@turbot/gcp-kubernetesengine#/control/types/regionNodePoolDiscovery
GCP > Kubernetes Engine > Region Node Pool > Usage
The Usage control determines whether the number of GCP Kubernetes Engine region node pool resources exceeds the configured usage limit for this region.
You can configure the behavior of this control with the GCP > Kubernetes Engine > Region Node Pool > Usage
policy, and set the limit with the GCP > Kubernetes Engine > Region Node Pool > Usage > Limit
policy.
tmod:@turbot/gcp-kubernetesengine#/control/types/regionNodePoolUsage
GCP > Kubernetes Engine > Zone Cluster > Active
Take an action when an GCP Kubernetes Engine zone cluster is not active based on theGCP > Kubernetes Engine > Zone Cluster > Active > *
policies.
The Active control determines whether the resource is in active use, and if not, has
the ability to delete / cleanup the resource. When running an automated compliance
environment, it's common to end up with a wide range of alarms that are difficult
and time consuming to clear. The Active control brings automated, well-defined
control to this process.
The Active control checks the status of all defined Active policies for the
resource (GCP > Kubernetes Engine > Zone Cluster > Active > *
),
raises an alarm, and takes the defined enforcement action. Each Active
sub-policy can calculate a status of active, inactive or skipped. Generally,
if the resource appears to be Active for any reason it will be considered Active.
Note the contrast with Approved, where if the resource appears to be Unapproved
for any reason it will be considered Unapproved.
See Active for more information.
tmod:@turbot/gcp-kubernetesengine#/control/types/zoneClusterActive
GCP > Kubernetes Engine > Zone Cluster > Approved
Take an action when a GCP Kubernetes Engine zone cluster is not approved based on GCP > Kubernetes Engine > Zone Cluster > Approved > *
policies.
The Approved control checks the status of the defined Approved sub-policies for the resource. If the resource is not approved according to any of these policies, this control raises an alarm and takes the defined enforcement action.
For any enforcement actions that specify if new
, e.g., Enforce: Delete unapproved if new
, this control will only take the enforcement actions for resources created within the last 60 minutes.
See Approved for more information.
tmod:@turbot/gcp-kubernetesengine#/control/types/zoneClusterApproved
GCP > Kubernetes Engine > Zone Cluster > CMDB
Record and synchronize details for the GCP Kubernetes Engine zone cluster into the CMDB.
The CMDB control is
responsible for populating and updating all the attributes for that
resource type in the Guardrails CMDB.
Note: If CMDB is set to Skip for a resource, then it will not be added
to the CMDB, and no controls that target it will run.
CMDB controls also use the Regions policy associated with the resource. If
region is not in GCP > Kubernetes Engine > Zone Cluster > Regions
policy, the CMDB control will delete the
resource from the CMDB.
tmod:@turbot/gcp-kubernetesengine#/control/types/zoneClusterCmdb
GCP > Kubernetes Engine > Zone Cluster > Discovery
Discover GCP Kubernetes Engine zone cluster resources and add them to the CMDB.
The Discovery
control is tasked with identifying instances for a particular resource.
The Discovery control will periodically search for new target resources and
save them to the Guardrails CMDB. Once discovered, resources are then
responsible for tracking changes to themselves through the
CMDB control.
Note that Discovery and CMDB controls also use the Regions policy
associated with the resource. If the region is not in GCP > Kubernetes Engine > Zone Cluster > Regions
policy, the CMDB
control will delete the resource from the CMDB.
tmod:@turbot/gcp-kubernetesengine#/control/types/zoneClusterDiscovery
GCP > Kubernetes Engine > Zone Cluster > Kubernetes Dashboard Enabled
Configure whether Kubernetes Dashboard Enabled is enabled for a Kubernetes Engine zoneCluster.
tmod:@turbot/gcp-kubernetesengine#/control/types/zoneClusterKubernetesDashboardEnabled
GCP > Kubernetes Engine > Zone Cluster > Labels
Take an action when an GCP Kubernetes Engine zone cluster labels is not updated based on the GCP > Kubernetes Engine > Zone Cluster > Labels > *
policies.
If the resource is not updated with the labels defined in GCP > Kubernetes Engine > Zone Cluster > Labels > Template
, this control raises an alarm and takes the defined enforcement action.
See Labels for more information.
tmod:@turbot/gcp-kubernetesengine#/control/types/zoneClusterLabels
GCP > Kubernetes Engine > Zone Cluster > Network Policy Enabled
Configure whether Network Policy Enabled is enabled for a Kubernetes Engine zoneCluster.
tmod:@turbot/gcp-kubernetesengine#/control/types/zoneClusterNetworkPolicyEnabled
GCP > Kubernetes Engine > Zone Cluster > Pod Security Policy Config
Configure whether Pod Security Policy Config is enabled for a Kubernetes Engine zoneCluster.
tmod:@turbot/gcp-kubernetesengine#/control/types/zoneClusterPodSecurityPolicyConfig
GCP > Kubernetes Engine > Zone Cluster > Usage
The Usage control determines whether the number of GCP Kubernetes Engine zone cluster resources exceeds the configured usage limit for this zone.
You can configure the behavior of this control with the GCP > Kubernetes Engine > Zone Cluster > Usage
policy, and set the limit with the GCP > Kubernetes Engine > Zone Cluster > Usage > Limit
policy.
tmod:@turbot/gcp-kubernetesengine#/control/types/zoneClusterUsage
GCP > Kubernetes Engine > Zone Node Pool > Active
Take an action when an GCP Kubernetes Engine zone node pool is not active based on theGCP > Kubernetes Engine > Zone Node Pool > Active > *
policies.
The Active control determines whether the resource is in active use, and if not, has
the ability to delete / cleanup the resource. When running an automated compliance
environment, it's common to end up with a wide range of alarms that are difficult
and time consuming to clear. The Active control brings automated, well-defined
control to this process.
The Active control checks the status of all defined Active policies for the
resource (GCP > Kubernetes Engine > Zone Node Pool > Active > *
),
raises an alarm, and takes the defined enforcement action. Each Active
sub-policy can calculate a status of active, inactive or skipped. Generally,
if the resource appears to be Active for any reason it will be considered Active.
Note the contrast with Approved, where if the resource appears to be Unapproved
for any reason it will be considered Unapproved.
See Active for more information.
tmod:@turbot/gcp-kubernetesengine#/control/types/zoneNodePoolActive
GCP > Kubernetes Engine > Zone Node Pool > Approved
Take an action when a GCP Kubernetes Engine zone node pool is not approved based on GCP > Kubernetes Engine > Zone Node Pool > Approved > *
policies.
The Approved control checks the status of the defined Approved sub-policies for the resource. If the resource is not approved according to any of these policies, this control raises an alarm and takes the defined enforcement action.
For any enforcement actions that specify if new
, e.g., Enforce: Delete unapproved if new
, this control will only take the enforcement actions for resources created within the last 60 minutes.
See Approved for more information.
tmod:@turbot/gcp-kubernetesengine#/control/types/zoneNodePoolApproved
GCP > Kubernetes Engine > Zone Node Pool > Auto Repair
Configure whether Auto Repair is enabled for a Kubernetes Engine zoneNodePool.
tmod:@turbot/gcp-kubernetesengine#/control/types/zoneNodePoolAutoRepair
GCP > Kubernetes Engine > Zone Node Pool > Auto Upgrade
Configure whether Auto Upgrade is enabled for a Kubernetes Engine zoneNodePool.
tmod:@turbot/gcp-kubernetesengine#/control/types/zoneNodePoolAutoUpgrade
GCP > Kubernetes Engine > Zone Node Pool > CMDB
Record and synchronize details for the GCP Kubernetes Engine zone node pool into the CMDB.
The CMDB control is
responsible for populating and updating all the attributes for that
resource type in the Guardrails CMDB.
Note: If CMDB is set to Skip for a resource, then it will not be added
to the CMDB, and no controls that target it will run.
CMDB controls also use the Regions policy associated with the resource. If
region is not in GCP > Kubernetes Engine > Zone Node Pool > Regions
policy, the CMDB control will delete the
resource from the CMDB.
tmod:@turbot/gcp-kubernetesengine#/control/types/zoneNodePoolCmdb
GCP > Kubernetes Engine > Zone Node Pool > Discovery
Discover GCP Kubernetes Engine zone node pool resources and add them to the CMDB.
The Discovery
control is tasked with identifying instances for a particular resource.
The Discovery control will periodically search for new target resources and
save them to the Guardrails CMDB. Once discovered, resources are then
responsible for tracking changes to themselves through the
CMDB control.
Note that Discovery and CMDB controls also use the Regions policy
associated with the resource. If the region is not in GCP > Kubernetes Engine > Zone Node Pool > Regions
policy, the CMDB
control will delete the resource from the CMDB.
tmod:@turbot/gcp-kubernetesengine#/control/types/zoneNodePoolDiscovery
GCP > Kubernetes Engine > Zone Node Pool > Usage
The Usage control determines whether the number of GCP Kubernetes Engine zone node pool resources exceeds the configured usage limit for this zone.
You can configure the behavior of this control with the GCP > Kubernetes Engine > Zone Node Pool > Usage
policy, and set the limit with the GCP > Kubernetes Engine > Zone Node Pool > Usage > Limit
policy.
tmod:@turbot/gcp-kubernetesengine#/control/types/zoneNodePoolUsage