🛡️ Google GKE Cluster Logging is not enabled🟢

• Contextual name: 🛡️ Cluster Logging is not enabled🟢
• ID: /ce/ca/google/gke/cluster-logging
• Tags:
  • 🟢 Policy with categories
  • 🟢 Policy with type
  • 🟢 Production policy
• Policy Type: COMPLIANCE_POLICY
• Policy Categories: SECURITY, RELIABILITY

Logic

• 🧠 prod.logic.yaml🟢
  • 📗 Google GKE Cluster
  • 🔌 Google GKE Cluster - object.extracts.yaml
  • 🧪 test-data.json

Description

Open File

Description

This policy identifies that Cloud Logging is enabled for all Google GKE Clusters.

Rationale

Enabling logging for GKE clusters provides detailed insights into the behavior of the control plane, nodes, and running applications. These logs are essential for troubleshooting issues, monitoring performance, and detecting security incidents.

By default, GKE collects Audit logs, System logs, and Application logs.

Impact

GKE logs are exported to Cloud Logging. Enabling logging may incur additional costs associated with Cloud Logging usage.

Audit

This policy marks a Google GKE Cluster as INCOMPLIANT if Logging Service is not set to logging.googleapis.com/kubernetes.

Default Value

Logging is enabled by default starting in GKE version 1.14.

Legacy Logging and Monitoring support is enabled by default for earlier versions.

References

1. https://cloud.google.com/stackdriver/docs/solutions/gke/observing
2. https://cloud.google.com/stackdriver/docs/solutions/gke/managing-logs
3. https://cloud.google.com/stackdriver/docs/solutions/gke/installing

... see more

Remediation

Open File

Remediation

To ensure comprehensive logging for troubleshooting, auditing, and security purposes, Cloud Logging should be enabled for GKE clusters.

Enable Cloud Logging on an Existing Cluster

From gcloud CLI

```sh
gcloud container clusters update {{cluster-name}} \
    --location {{location}} \
    --logging=SYSTEM,WORKLOAD,API_SERVER
```

policy.yaml

Open File

Linked Framework Sections

Section	Sub Sections	Internal Rules	Policies	Flags	Compliance
💼 CIS GKE v1.8.0 → 💼 5.7.1 Ensure Logging and Cloud Monitoring is Enabled (Automated)			2		no data
💼 Cloudaware Framework → 💼 Logging and Monitoring Configuration			65		no data
💼 PCI DSS v3.2.1 → 💼 10.2.2 All actions taken by any individual with root or administrative privileges.			16		no data
💼 PCI DSS v3.2.1 → 💼 10.2.7 Creation and deletion of system level objects.		1	2		no data
💼 PCI DSS v4.0.1 → 💼 10.2.1.2 Audit logs capture all actions taken by any individual with administrative access, including any interactive use of application or system accounts.			16		no data
💼 PCI DSS v4.0 → 💼 10.2.1.2 Audit logs capture all actions taken by any individual with administrative access, including any interactive use of application or system accounts.			16		no data