Control types for @turbot/gcp-kubernetesengine

• GCP > Kubernetes Engine > API Enabled
• GCP > Kubernetes Engine > CMDB
• GCP > Kubernetes Engine > Discovery
• GCP > Kubernetes Engine > Region Cluster > Active
• GCP > Kubernetes Engine > Region Cluster > Approved
• GCP > Kubernetes Engine > Region Cluster > CMDB
• GCP > Kubernetes Engine > Region Cluster > Discovery
• GCP > Kubernetes Engine > Region Cluster > Kubernetes Dashboard Enabled
• GCP > Kubernetes Engine > Region Cluster > Labels
• GCP > Kubernetes Engine > Region Cluster > Legacy Abac
• GCP > Kubernetes Engine > Region Cluster > Logging
• GCP > Kubernetes Engine > Region Cluster > Master Authorized Networks Config
• GCP > Kubernetes Engine > Region Cluster > Network Policy Enabled
• GCP > Kubernetes Engine > Region Cluster > Pod Security Policy Config
• GCP > Kubernetes Engine > Region Cluster > Set Monitoring
• GCP > Kubernetes Engine > Region Cluster > Usage
• GCP > Kubernetes Engine > Region Cluster > Use IP Aliases
• GCP > Kubernetes Engine > Region Node Pool > Active
• GCP > Kubernetes Engine > Region Node Pool > Approved
• GCP > Kubernetes Engine > Region Node Pool > Auto Repair
• GCP > Kubernetes Engine > Region Node Pool > Auto Upgrade
• GCP > Kubernetes Engine > Region Node Pool > CMDB
• GCP > Kubernetes Engine > Region Node Pool > Discovery
• GCP > Kubernetes Engine > Region Node Pool > Usage
• GCP > Kubernetes Engine > Zone Cluster > Active
• GCP > Kubernetes Engine > Zone Cluster > Approved
• GCP > Kubernetes Engine > Zone Cluster > CMDB
• GCP > Kubernetes Engine > Zone Cluster > Discovery
• GCP > Kubernetes Engine > Zone Cluster > Kubernetes Dashboard Enabled
• GCP > Kubernetes Engine > Zone Cluster > Labels
• GCP > Kubernetes Engine > Zone Cluster > Network Policy Enabled
• GCP > Kubernetes Engine > Zone Cluster > Pod Security Policy Config
• GCP > Kubernetes Engine > Zone Cluster > Usage
• GCP > Kubernetes Engine > Zone Node Pool > Active
• GCP > Kubernetes Engine > Zone Node Pool > Approved
• GCP > Kubernetes Engine > Zone Node Pool > Auto Repair
• GCP > Kubernetes Engine > Zone Node Pool > Auto Upgrade
• GCP > Kubernetes Engine > Zone Node Pool > CMDB
• GCP > Kubernetes Engine > Zone Node Pool > Discovery
• GCP > Kubernetes Engine > Zone Node Pool > Usage

GCP > Kubernetes Engine > API Enabled

Check whether GCP Kubernetes Engine API is enabled.

API Enabled refers specifically to the API state of a service in a cloud project.
This control determines whether the API state is set as per desired level.

The GCP > Kubernetes Engine > API Enabled control compares
the API state against the API Enabled policies,
raises an alarm, and takes the defined enforcement action.

GCP > Kubernetes Engine > CMDB

Record and synchronize details for the GCP Kubernetes Engine into the CMDB.

The CMDB control is
responsible for populating and updating all the attributes for that
resource type in the Guardrails CMDB.

Note: If CMDB is set to Skip for a resource, then it will not be added
to the CMDB, and no controls that target it will run.

GCP > Kubernetes Engine > Discovery

Discover GCP Kubernetes Engine resources and add them to the CMDB.

The Discovery
control is tasked with identifying instances for a particular resource.
The Discovery control will periodically search for new target resources and
save them to the Guardrails CMDB. Once discovered, resources are then
responsible for tracking changes to themselves through the
CMDB control.

GCP > Kubernetes Engine > Region Cluster > Active

Take an action when an GCP Kubernetes Engine region cluster is not active based on the
GCP > Kubernetes Engine > Region Cluster > Active > * policies.

The Active control determines whether the resource is in active use, and if not, has
the ability to delete / cleanup the resource. When running an automated compliance
environment, it's common to end up with a wide range of alarms that are difficult
and time consuming to clear. The Active control brings automated, well-defined
control to this process.

The Active control checks the status of all defined Active policies for the
resource (GCP > Kubernetes Engine > Region Cluster > Active > *),
raises an alarm, and takes the defined enforcement action. Each Active
sub-policy can calculate a status of active, inactive or skipped. Generally,
if the resource appears to be Active for any reason it will be considered Active.

Note the contrast with Approved, where if the resource appears to be Unapproved
for any reason it will be considered Unapproved.

See Active for more information.

GCP > Kubernetes Engine > Region Cluster > Approved

Take an action when a GCP Kubernetes Engine region cluster is not approved based on GCP > Kubernetes Engine > Region Cluster > Approved > * policies.

The Approved control checks the status of the defined Approved sub-policies for the resource. If the resource is not approved according to any of these policies, this control raises an alarm and takes the defined enforcement action.

For any enforcement actions that specify if new, e.g., Enforce: Delete unapproved if new, this control will only take the enforcement actions for resources created within the last 60 minutes.

See Approved for more information.

GCP > Kubernetes Engine > Region Cluster > CMDB

Record and synchronize details for the GCP Kubernetes Engine region cluster into the CMDB.

The CMDB control is
responsible for populating and updating all the attributes for that
resource type in the Guardrails CMDB.

Note: If CMDB is set to Skip for a resource, then it will not be added
to the CMDB, and no controls that target it will run.

CMDB controls also use the Regions policy associated with the resource. If
region is not in GCP > Kubernetes Engine > Region Cluster > Regions policy, the CMDB control will delete the
resource from the CMDB.

GCP > Kubernetes Engine > Region Cluster > Discovery

Discover GCP Kubernetes Engine region cluster resources and add them to the CMDB.

The Discovery
control is tasked with identifying instances for a particular resource.
The Discovery control will periodically search for new target resources and
save them to the Guardrails CMDB. Once discovered, resources are then
responsible for tracking changes to themselves through the
CMDB control.

Note that Discovery and CMDB controls also use the Regions policy
associated with the resource. If the region is not in GCP > Kubernetes Engine > Region Cluster > Regions policy, the CMDB
control will delete the resource from the CMDB.

GCP > Kubernetes Engine > Region Cluster > Kubernetes Dashboard Enabled

Configure whether Kubernetes Dashboard Enabled is enabled for a Kubernetes Engine regionCluster.

GCP > Kubernetes Engine > Region Cluster > Labels

Take an action when an GCP Kubernetes Engine region cluster labels is not updated based on the GCP > Kubernetes Engine > Region Cluster > Labels > * policies.

If the resource is not updated with the labels defined in GCP > Kubernetes Engine > Region Cluster > Labels > Template, this control raises an alarm and takes the defined enforcement action.

See Labels for more information.

GCP > Kubernetes Engine > Region Cluster > Legacy Abac

Configure whether Legacy Abac is enabled for a Kubernetes Engine regionCluster.

GCP > Kubernetes Engine > Region Cluster > Logging

Configure whether Logging is enabled for a Kubernetes Engine regionCluster.

GCP > Kubernetes Engine > Region Cluster > Master Authorized Networks Config

Configure whether Master Authorized Networks Config is enabled for a Kubernetes Engine regionCluster.

GCP > Kubernetes Engine > Region Cluster > Network Policy Enabled

Configure whether Network Policy Enabled is enabled for a Kubernetes Engine regionCluster.

GCP > Kubernetes Engine > Region Cluster > Pod Security Policy Config

Configure whether Pod Security Policy Config is enabled for a Kubernetes Engine regionCluster.

GCP > Kubernetes Engine > Region Cluster > Set Monitoring

Configure whether Set Monitoring is enabled for a Kubernetes Engine regionCluster.

GCP > Kubernetes Engine > Region Cluster > Usage

The Usage control determines whether the number of GCP Kubernetes Engine region cluster resources exceeds the configured usage limit for this region.

You can configure the behavior of this control with the GCP > Kubernetes Engine > Region Cluster > Usage policy, and set the limit with the GCP > Kubernetes Engine > Region Cluster > Usage > Limit policy.

GCP > Kubernetes Engine > Region Cluster > Use IP Aliases

Configure whether useIpAliases is enabled for a Kubernetes Engine regionCluster.

GCP > Kubernetes Engine > Region Node Pool > Active

Take an action when an GCP Kubernetes Engine region node pool is not active based on the
GCP > Kubernetes Engine > Region Node Pool > Active > * policies.

The Active control determines whether the resource is in active use, and if not, has
the ability to delete / cleanup the resource. When running an automated compliance
environment, it's common to end up with a wide range of alarms that are difficult
and time consuming to clear. The Active control brings automated, well-defined
control to this process.

The Active control checks the status of all defined Active policies for the
resource (GCP > Kubernetes Engine > Region Node Pool > Active > *),
raises an alarm, and takes the defined enforcement action. Each Active
sub-policy can calculate a status of active, inactive or skipped. Generally,
if the resource appears to be Active for any reason it will be considered Active.

Note the contrast with Approved, where if the resource appears to be Unapproved
for any reason it will be considered Unapproved.

See Active for more information.

GCP > Kubernetes Engine > Region Node Pool > Approved

Take an action when a GCP Kubernetes Engine region node pool is not approved based on GCP > Kubernetes Engine > Region Node Pool > Approved > * policies.

The Approved control checks the status of the defined Approved sub-policies for the resource. If the resource is not approved according to any of these policies, this control raises an alarm and takes the defined enforcement action.

For any enforcement actions that specify if new, e.g., Enforce: Delete unapproved if new, this control will only take the enforcement actions for resources created within the last 60 minutes.

See Approved for more information.

GCP > Kubernetes Engine > Region Node Pool > Auto Repair

Configure whether Auto Repair is enabled for a Kubernetes Engine regionNodePool.

GCP > Kubernetes Engine > Region Node Pool > Auto Upgrade

Configure whether Auto Upgrade is enabled for a Kubernetes Engine regionNodePool.

GCP > Kubernetes Engine > Region Node Pool > CMDB

Record and synchronize details for the GCP Kubernetes Engine region node pool into the CMDB.

The CMDB control is
responsible for populating and updating all the attributes for that
resource type in the Guardrails CMDB.

Note: If CMDB is set to Skip for a resource, then it will not be added
to the CMDB, and no controls that target it will run.

CMDB controls also use the Regions policy associated with the resource. If
region is not in GCP > Kubernetes Engine > Region Node Pool > Regions policy, the CMDB control will delete the
resource from the CMDB.

GCP > Kubernetes Engine > Region Node Pool > Discovery

Discover GCP Kubernetes Engine region node pool resources and add them to the CMDB.

The Discovery
control is tasked with identifying instances for a particular resource.
The Discovery control will periodically search for new target resources and
save them to the Guardrails CMDB. Once discovered, resources are then
responsible for tracking changes to themselves through the
CMDB control.

Note that Discovery and CMDB controls also use the Regions policy
associated with the resource. If the region is not in GCP > Kubernetes Engine > Region Node Pool > Regions policy, the CMDB
control will delete the resource from the CMDB.

GCP > Kubernetes Engine > Region Node Pool > Usage

The Usage control determines whether the number of GCP Kubernetes Engine region node pool resources exceeds the configured usage limit for this region.

You can configure the behavior of this control with the GCP > Kubernetes Engine > Region Node Pool > Usage policy, and set the limit with the GCP > Kubernetes Engine > Region Node Pool > Usage > Limit policy.

GCP > Kubernetes Engine > Zone Cluster > Active

Take an action when an GCP Kubernetes Engine zone cluster is not active based on the
GCP > Kubernetes Engine > Zone Cluster > Active > * policies.

The Active control determines whether the resource is in active use, and if not, has
the ability to delete / cleanup the resource. When running an automated compliance
environment, it's common to end up with a wide range of alarms that are difficult
and time consuming to clear. The Active control brings automated, well-defined
control to this process.

The Active control checks the status of all defined Active policies for the
resource (GCP > Kubernetes Engine > Zone Cluster > Active > *),
raises an alarm, and takes the defined enforcement action. Each Active
sub-policy can calculate a status of active, inactive or skipped. Generally,
if the resource appears to be Active for any reason it will be considered Active.

Note the contrast with Approved, where if the resource appears to be Unapproved
for any reason it will be considered Unapproved.

See Active for more information.

GCP > Kubernetes Engine > Zone Cluster > Approved

Take an action when a GCP Kubernetes Engine zone cluster is not approved based on GCP > Kubernetes Engine > Zone Cluster > Approved > * policies.

The Approved control checks the status of the defined Approved sub-policies for the resource. If the resource is not approved according to any of these policies, this control raises an alarm and takes the defined enforcement action.

For any enforcement actions that specify if new, e.g., Enforce: Delete unapproved if new, this control will only take the enforcement actions for resources created within the last 60 minutes.

See Approved for more information.

GCP > Kubernetes Engine > Zone Cluster > CMDB

Record and synchronize details for the GCP Kubernetes Engine zone cluster into the CMDB.

The CMDB control is
responsible for populating and updating all the attributes for that
resource type in the Guardrails CMDB.

Note: If CMDB is set to Skip for a resource, then it will not be added
to the CMDB, and no controls that target it will run.

CMDB controls also use the Regions policy associated with the resource. If
region is not in GCP > Kubernetes Engine > Zone Cluster > Regions policy, the CMDB control will delete the
resource from the CMDB.

GCP > Kubernetes Engine > Zone Cluster > Discovery

Discover GCP Kubernetes Engine zone cluster resources and add them to the CMDB.

The Discovery
control is tasked with identifying instances for a particular resource.
The Discovery control will periodically search for new target resources and
save them to the Guardrails CMDB. Once discovered, resources are then
responsible for tracking changes to themselves through the
CMDB control.

Note that Discovery and CMDB controls also use the Regions policy
associated with the resource. If the region is not in GCP > Kubernetes Engine > Zone Cluster > Regions policy, the CMDB
control will delete the resource from the CMDB.

GCP > Kubernetes Engine > Zone Cluster > Kubernetes Dashboard Enabled

Configure whether Kubernetes Dashboard Enabled is enabled for a Kubernetes Engine zoneCluster.

GCP > Kubernetes Engine > Zone Cluster > Labels

Take an action when an GCP Kubernetes Engine zone cluster labels is not updated based on the GCP > Kubernetes Engine > Zone Cluster > Labels > * policies.

If the resource is not updated with the labels defined in GCP > Kubernetes Engine > Zone Cluster > Labels > Template, this control raises an alarm and takes the defined enforcement action.

See Labels for more information.

GCP > Kubernetes Engine > Zone Cluster > Network Policy Enabled

Configure whether Network Policy Enabled is enabled for a Kubernetes Engine zoneCluster.

GCP > Kubernetes Engine > Zone Cluster > Pod Security Policy Config

Configure whether Pod Security Policy Config is enabled for a Kubernetes Engine zoneCluster.

GCP > Kubernetes Engine > Zone Cluster > Usage

The Usage control determines whether the number of GCP Kubernetes Engine zone cluster resources exceeds the configured usage limit for this zone.

You can configure the behavior of this control with the GCP > Kubernetes Engine > Zone Cluster > Usage policy, and set the limit with the GCP > Kubernetes Engine > Zone Cluster > Usage > Limit policy.

GCP > Kubernetes Engine > Zone Node Pool > Active

Take an action when an GCP Kubernetes Engine zone node pool is not active based on the
GCP > Kubernetes Engine > Zone Node Pool > Active > * policies.

The Active control determines whether the resource is in active use, and if not, has
the ability to delete / cleanup the resource. When running an automated compliance
environment, it's common to end up with a wide range of alarms that are difficult
and time consuming to clear. The Active control brings automated, well-defined
control to this process.

The Active control checks the status of all defined Active policies for the
resource (GCP > Kubernetes Engine > Zone Node Pool > Active > *),
raises an alarm, and takes the defined enforcement action. Each Active
sub-policy can calculate a status of active, inactive or skipped. Generally,
if the resource appears to be Active for any reason it will be considered Active.

Note the contrast with Approved, where if the resource appears to be Unapproved
for any reason it will be considered Unapproved.

See Active for more information.

GCP > Kubernetes Engine > Zone Node Pool > Approved

Take an action when a GCP Kubernetes Engine zone node pool is not approved based on GCP > Kubernetes Engine > Zone Node Pool > Approved > * policies.

The Approved control checks the status of the defined Approved sub-policies for the resource. If the resource is not approved according to any of these policies, this control raises an alarm and takes the defined enforcement action.

For any enforcement actions that specify if new, e.g., Enforce: Delete unapproved if new, this control will only take the enforcement actions for resources created within the last 60 minutes.

See Approved for more information.

GCP > Kubernetes Engine > Zone Node Pool > Auto Repair

Configure whether Auto Repair is enabled for a Kubernetes Engine zoneNodePool.

GCP > Kubernetes Engine > Zone Node Pool > Auto Upgrade

Configure whether Auto Upgrade is enabled for a Kubernetes Engine zoneNodePool.

GCP > Kubernetes Engine > Zone Node Pool > CMDB

Record and synchronize details for the GCP Kubernetes Engine zone node pool into the CMDB.

The CMDB control is
responsible for populating and updating all the attributes for that
resource type in the Guardrails CMDB.

Note: If CMDB is set to Skip for a resource, then it will not be added
to the CMDB, and no controls that target it will run.

CMDB controls also use the Regions policy associated with the resource. If
region is not in GCP > Kubernetes Engine > Zone Node Pool > Regions policy, the CMDB control will delete the
resource from the CMDB.

GCP > Kubernetes Engine > Zone Node Pool > Discovery

Discover GCP Kubernetes Engine zone node pool resources and add them to the CMDB.

The Discovery
control is tasked with identifying instances for a particular resource.
The Discovery control will periodically search for new target resources and
save them to the Guardrails CMDB. Once discovered, resources are then
responsible for tracking changes to themselves through the
CMDB control.

Note that Discovery and CMDB controls also use the Regions policy
associated with the resource. If the region is not in GCP > Kubernetes Engine > Zone Node Pool > Regions policy, the CMDB
control will delete the resource from the CMDB.

GCP > Kubernetes Engine > Zone Node Pool > Usage

The Usage control determines whether the number of GCP Kubernetes Engine zone node pool resources exceeds the configured usage limit for this zone.

You can configure the behavior of this control with the GCP > Kubernetes Engine > Zone Node Pool > Usage policy, and set the limit with the GCP > Kubernetes Engine > Zone Node Pool > Usage > Limit policy.