Network Policy should be enabled on GKE clusters
| Property | |
|---|---|
| Language |  |
| Severity |  |
| Service | gke |
| Provider | |
| Vulnerability Type | omission |
Description#
The GKE cluster is configured without network policy enforcement, allowing unrestricted network traffic between pods across all namespaces. This configuration fails to segment network communication within the cluster.
Impact#
Without network policies, any compromised pod or malicious actor inside the cluster could freely communicate with and potentially exploit other pods, increasing the risk of lateral movement, data exposure, and unauthorized access to sensitive services within the cluster.
Resolution#
Enable network policy