This is an example of how to create a GKE cluster with some sensible defaults and best practices for security.
Please, notice that this example contains the minimum security configuration that you can get without impacting other features, requiring additional network config, or the installation of third-party tools.
Security items covered in this example:
- Auto upgrades using regular release channel
- Shielded GKE Nodes
- Hardened node image with the containerd runtime
- Workload Identity
- Least privileged Google service account
If you are looking for a more thorough approach to secure your GKE cluster take a look at the Hardening your cluster's security GKE doc.