Stackdriver Monitoring Disabled

Query id: bbfc97ab-e92a-4a7b-954c-e88cec815011
Query name: Stackdriver Monitoring Disabled
Platform: GoogleDeploymentManager
Severity: Medium
Category: Observability
CWE: 732
URL: Github

Description¶

Kubernetes Engine Clusters must have Stackdriver Monitoring enabled, which means the attribute 'monitoringService' must be defined and different than 'none'
Documentation

Code samples¶

Code samples with security vulnerabilities¶

Positive test num. 1 - yaml file

resources:
  - name: my-cluster
    type: container.v1.cluster
    properties:
      description: cluster

Positive test num. 2 - yaml file

resources:
  - name: my-cluster
    type: container.v1.cluster
    properties:
      description: cluster
      monitoringService: "none"

Code samples without security vulnerabilities¶

Negative test num. 1 - yaml file

resources:
  - name: my-cluster
    type: container.v1.cluster
    properties:
      description: cluster
      monitoringService: "monitoring.googleapis.com/kubernetes"