GCP Introduction
GCP Pricing
GCP Threats
GCP Misconfigurations
- Getting Started with GCP Audit
- CloudSql Audit
- Cloud Tasks Monitoring
- Dataflow Monitoring
- Function Monitoring
- Monitoring Compliance
- PubSubLite Monitoring
- Spanner Monitoring
- NoSQL Monitoring
- Compute Audit
- IAM Audit
- BigQuery Monitoring
- CDN Monitoring
- DNS Monitoring
- KMS Monitoring
- Kubernetes Audit
- Load Balancer Monitoring
- Log Monitoring
- Storage Audit
- Pub/Sub Monitoring
- VPC Audit
- IAM Deep Dive
GCP Threats
Autoscaling Profile For Clusters Should Be Set To Optimize_Utilization or Balanced
More Info:
Ensure that cluster autoscaling profile is set to OPTIMIZE_UTILIZATION or BALANCED for optimal resource utilization
Risk Level
Medium
Address
Performance Efficiency, Operational Excellence, Reliability, Security
Compliance Standards
CBP
Triage and Remediation
Remediation
To remediate the Autoscaling Profile for Clusters misconfiguration in GCP using GCP console, follow these steps:
- Open the GCP console and navigate to the Kubernetes Engine page.
- Select the cluster that you want to remediate.
- Click on “Edit” button at the top of the page.
- In the “Node pools” section, click on the name of the node pool that you want to remediate.
- Scroll down to the “Autoscaling” section and click on “Edit”.
- In the “Autoscaling mode” section, select either “Optimize utilization” or “Balanced” depending on your requirements.
- Click on “Save” to apply the changes.
Once you have completed these steps, the Autoscaling Profile for Clusters misconfiguration will be remediated in GCP.
To remediate the misconfiguration “Autoscaling Profile For Clusters Should Be Set To Optimize_Utilization or Balanced” for GCP using GCP CLI, you can follow the below steps:
Step 1: Open the Cloud Shell in your GCP console.
Step 2: Run the following command to list all the existing node pool configurations in the cluster:
gcloud container node-pools list --cluster <cluster-name>
Step 3: Choose the node pool for which you want to set the autoscaling profile.
Step 4: Run the following command to set the autoscaling profile to “optimize-utilization”:
gcloud container node-pools update <node-pool-name> --cluster <cluster-name> --autoscaling-profile optimize-utilization
OR
Run the following command to set the autoscaling profile to “balanced”:
gcloud container node-pools update <node-pool-name> --cluster <cluster-name> --autoscaling-profile balanced
Note: Replace <cluster-name> and <node-pool-name> with the actual names of your cluster and node pool respectively.
Step 5: Verify that the autoscaling profile has been set correctly by running the following command:
gcloud container node-pools describe <node-pool-name> --cluster <cluster-name> --format="value(config.autoscaling.autoprovisioningProfile)"
This should return either “optimize-utilization” or “balanced” depending on which profile you chose to set.
By following these steps, you can remediate the misconfiguration “Autoscaling Profile For Clusters Should Be Set To Optimize_Utilization or Balanced” for GCP using GCP CLI.
To remediate the misconfiguration “Autoscaling Profile For Clusters Should Be Set To Optimize_Utilization or Balanced” in GCP, you can follow the below steps using Python:
- Import the required libraries:
from google.cloud import dataproc_v1 as dataproc
from google.protobuf import field_mask_pb2 as field_mask
- Set the project ID, region, and cluster name:
project_id = "your-project-id"
region = "your-region"
cluster_name = "your-cluster-name"
- Create a client object:
client = dataproc.ClusterControllerClient()
- Get the current cluster configuration:
cluster = client.get_cluster(project_id, region, cluster_name)
- Update the autoscaling configuration with the desired profile:
autoscaling_config = cluster.config.software_config.autoscaling_config
autoscaling_config.policy_uri = ""
autoscaling_config.secondary_worker_config = {}
autoscaling_config.policy_uri = ""
autoscaling_config.worker_config.autoscaling_policy.policy_uri = ""
autoscaling_config.worker_config.autoscaling_policy.basic_algorithm = "BASIC_AUTOSCALING"
autoscaling_config.worker_config.autoscaling_policy.yarn_config.graceful_decommission_timeout = {}
autoscaling_config.worker_config.autoscaling_policy.yarn_config.scale_up_factor = 0.5
autoscaling_config.worker_config.autoscaling_policy.yarn_config.scale_down_factor = 1.0
autoscaling_config.worker_config.autoscaling_policy.yarn_config.scale_down_min_worker_fraction = 0.8
autoscaling_config.secondary_worker_config.autoscaling_policy.policy_uri = ""
autoscaling_config.secondary_worker_config.autoscaling_policy.basic_algorithm = "BASIC_AUTOSCALING"
autoscaling_config.secondary_worker_config.autoscaling_policy.yarn_config.graceful_decommission_timeout = {}
autoscaling_config.secondary_worker_config.autoscaling_policy.yarn_config.scale_up_factor = 0.5
autoscaling_config.secondary_worker_config.autoscaling_policy.yarn_config.scale_down_factor = 1.0
autoscaling_config.secondary_worker_config.autoscaling_policy.yarn_config.scale_down_min_worker_fraction = 0.8
- Update the cluster configuration:
update_mask = field_mask.FieldMask(paths=["config.software_config.autoscaling_config"])
client.update_cluster(project_id, region, cluster_name, cluster, update_mask)
This will update the autoscaling configuration for the specified GCP cluster with the desired profile.