This page provides an overview of the GKE Compliance dashboard in the Google Cloud console, which provides actionable insights to strengthen your security posture. To explore the dashboard yourself, go to the Compliance page in the Google Cloud console.
The GKE Compliance dashboard is available for users who have enabled GKE Enterprise.
When to use the GKE Compliance dashboard
You should use the GKE Compliance dashboard if you're a compliance officer, security administrator or platform administrator who wants to automate compliance reporting for industry benchmarks and standards, with built-in guidance for resolving compliance concerns.
How the GKE Compliance dashboard works
To use the GKE Compliance dashboard, enable the Container Security API in your project. The dashboard shows you insights based on the following standards:
Name |
Description |
CIS Google Kubernetes Engine Benchmark v1.5.0 |
A set of recommended security controls for configuring Google Kubernetes Engine (GKE), based on the CIS Google Kubernetes Engine (GKE) Benchmarks v1.5.0. |
Pod Security Standards Baseline |
A set of recommended protections for Kubernetes clusters, based on the Kubernetes Pod Security Standards (PSS) Baseline policy. |
Pod Security Standards Restricted |
A set of recommended protections for Kubernetes clusters, based on the Kubernetes Pod Security Standards (PSS) Restricted policy. |
Benefits of the GKE Compliance dashboard
The GKE Compliance dashboard is a foundational compliance measure that you can enable for any eligible GKE Enterprise cluster. Google Cloud recommends using the GKE Compliance dashboard for all of your clusters for the following reasons:
- End-to-end compliance: Get comprehensive compliance assessments from cluster to container workloads.
- Actionable recommendations: When available, the compliance posture dashboard provides action items to fix discovered concerns. These actions include examples of configuration changes to make and advice about what to do to improve your compliance against specific standards.
- Centralized visualization: The compliance posture dashboard provides a high-level visualization of concerns affecting clusters across your fleet, and includes charts and graphs to show the progress you've made and the potential impact of each concern.
- Automated reporting: Automatically audit your workloads against opinionated, industry standards and get actionable, attestable compliance reports.
Pricing
The compliance posture dashboard is offered through the GKE Enterprise API. For more information about GKE Enterprise pricing, see the GKE Pricing page.
About the compliance page
The Compliance page in the Google Cloud console has the following tabs:
- Dashboard: a high-level, visual representation of the results of compliance audit. Includes charts and standard-specific information. For details about the standards available, see How the compliance posture dashboard works in this document.
- Concerns: a detailed, filterable view of any compliance issues detected through compliance auditing. You can select individual standards for details and mitigation options. You can change the view to show issues for individual standards or filter by the affected cluster. To view details about a specific concern, expand the standard section until you see the description link and then click the standard description to open the Compliance Constraint pane.
Example workflow
This section is an example of the workflow for a cluster administrator who wants to check their clusters for compliance concerns against the Pod Security Standards Baseline standard.
- Enroll the cluster in compliance by using the Google Cloud console.
- Check the GKE Compliance dashboard for results, which might take up to 15 minutes to appear.
- Click the Concerns tab to open the detailed results.
- Select the Pod Security Standards Baseline standard filter.
- Expand Pod Security Standards Baseline and Privileged Containers, and then click Disallow privileged containers to open the Compliance Constraint pane for the Pod Security Standards Baseline standard.
- On the Details tab, note the recommended configuration change and update the Pod specification with the recommendation.
- Apply the updated Pod specification to the cluster.
The next time that the compliance audit runs, the GKE Compliance dashboard no longer displays the concern that you fixed.