Description:
Enable Integrity Monitoring for Shielded GKE Nodes to be notified of inconsistencies during the node boot sequence.
Rationale:
Integrity Monitoring provides active alerting for Shielded GKE nodes which allows administrators to respond to integrity failures and prevent compromised nodes from being deployed into the cluster.
None.
Once a Node pool is provisioned, it cannot be updated to enable Integrity Monitoring. You must create new Node pools within the cluster with Integrity Monitoring enabled
Using Google Cloud Console
You will also need to migrate workloads from existing non-conforming Node pools to the newly created Node pool, then the non-conforming pools.
Using Command Line
To create a Node pool within the cluster with Integrity Monitoring enabled, run the following command:
gcloud beta container node-pools create [NODEPOOL_NAME]
--cluster [CLUSTER_NAME] --zone [COMPUTE_ZONE]
--shielded-integrity-monitoring
You will also need to migrate workloads from existing non-conforming Node pools to the newly created Node pool, then delete the non-conforming pools.