gke/BP/2021_001
GKE logging and monitoring enabled.
GKE
Google Kubernetes Engine
gke/BP/2022_001
GKE clusters are regional.
gke/BP/2022_002
GKE clusters are using unique subnets.
gke/BP/2022_003
GKE cluster is not near to end of life
gke/BP/2022_004
GKE clusters should have HTTP load balancing enabled to use GKE ingress.
gke/BP/2023_001
GKE network policy enforcement
gke/BP/2023_002
Stateful workloads not run on preemptible node
gke/BP/2023_004
GKE clusters are VPC-native.
gke/BP/2023_005
Enable gateway resources through Gateway API.
gke/BP_EXT/2022_001
Google Groups for RBAC enabled.
gke/BP_EXT/2023_003
GKE maintenance windows are defined
gke/BP_EXT/2023_006
GKE clusters are private clusters.
gke/ERR/2021_001
GKE nodes service account permissions for logging.
gke/ERR/2021_002
GKE nodes service account permissions for monitoring.
gke/ERR/2021_003
App-layer secrets encryption is activated and Cloud KMS key is enabled.
gke/ERR/2021_004
GKE nodes aren’t reporting connection issues to apiserver.
gke/ERR/2021_005
GKE nodes aren’t reporting connection issues to storage.google.com.
gke/ERR/2021_006
GKE Autoscaler isn’t reporting scaleup failures.
gke/ERR/2021_007
GKE service account permissions.
gke/ERR/2021_008
Google APIs service agent has Editor role.
gke/ERR/2021_009
Version skew between cluster and node pool
gke/ERR/2021_010
Check internal peering forwarding limits which affect GKE.
gke/ERR/2021_011
ip-masq-agent not reporting errors
gke/ERR/2021_012
Node pool service account exists and is not disabled.
gke/ERR/2021_013
GKE cluster firewall rules are configured.
gke/ERR/2021_014
GKE masters of private clusters can reach the nodes.
gke/ERR/2021_015
GKE connectivity: node to pod communication.
gke/ERR/2022_001
GKE connectivity: pod to pod communication.
gke/ERR/2022_002
GKE nodes of private clusters can access Google APIs and services.
gke/ERR/2022_003
GKE connectivity: load balancer to node communication (ingress).
gke/ERR/2022_012
Missing request for memory resources.
gke/ERR/2023_001
Container File System API quota not exceeded
gke/ERR/2023_002
GKE private clusters are VPC-native.
gke/ERR/2023_003
containerd config.toml is valid.
gke/ERR/2023_004
GKE ingresses are well configured.
gke/ERR/2023_005
Workloads not reporting misconfigured CNI plugins
gke/ERR/2023_006
GKE Gateway controller reporting misconfigured annnotations in Gateway resource
gke/ERR/2023_007
GKE Gateway controller reporting missing or invalid resource references in Gateway resource
gke/ERR/2023_007
Missing request for CPU resources.
gke/ERR/2023_008
GKE Cluster does not have any pods in Crashloopbackoff state.
gke/ERR/2023_010
NodeLocal DNSCache timeout errors.
gke/ERR/2023_011
GKE Metadata Server isn’t reporting errors for pod IP not found
gke/ERR/2024_001
Checking for no Pod Security Admission violations in the project.
gke/ERR/2024_002
GKE Webhook failures can seriously impact GKE Cluster.
gke/SEC/2021_001
GKE nodes don’t use the GCE default service account.
gke/SEC/2023_001
GKE Workload Identity is enabled
gke/WARN/2021_001
GKE master version available for new clusters.
gke/WARN/2021_002
GKE nodes version available for new clusters.
gke/WARN/2021_003
GKE cluster size close to maximum allowed by pod range
gke/WARN/2021_004
GKE system workloads are running stable.
gke/WARN/2021_005
GKE nodes have good disk performance.
gke/WARN/2021_006
GKE nodes aren’t reporting conntrack issues.
gke/WARN/2021_007
GKE nodes have enough free space on the boot disk.
gke/WARN/2021_008
Istio/ASM version not deprecated nor close to deprecation in GKE
gke/WARN/2021_009
GKE nodes use a containerd image.
gke/WARN/2022_001
GKE clusters with workload identity are regional.
gke/WARN/2022_002
GKE metadata concealment is not in use
gke/WARN/2022_003
GKE service account permissions to manage project firewall rules.
gke/WARN/2022_004
Cloud Logging API enabled when GKE logging is enabled
gke/WARN/2022_005
NVIDIA GPU device drivers are installed on GKE nodes with GPU
gke/WARN/2022_006
GKE NAP nodes use a containerd image.
gke/WARN/2022_007
GKE nodes need Storage API access scope to retrieve build artifacts
gke/WARN/2022_008
GKE connectivity: possible dns timeout in some gke versions.
gke/WARN/2023_001
Container File System has the required scopes for Image Streaming
gke/WARN/2023_002
GKE workload timeout to Compute Engine metadata server.
gke/WARN/2023_003
Cloud Monitoring API enabled when GKE monitoring is enabled
gke/WARN/2023_004
A Node Pool doesn’t have too low maxPodsPerNode number
gke/WARN/2024_001
GKE Node Auto Provisioning scales nodes to match workload demands.
gke/WARN/2024_002
Number of KSAs in the workload Identity-enabled clusters.
gke/WARN/2024_003
Ingress creation is successful if service is correctly mapped