Integrate Google Kubernetes Engine with Google SecOps
Integration version: 7.0
This document explains how to configure and integrate Google Kubernetes Engine (GKE) with Google Security Operations (Google SecOps).
Use cases
The GKE integration can help you address the following use cases:
-
Cluster inventory: use the Google SecOps capabilities to automatically retrieve a list of all GKE clusters within a specified location. This helps security teams to maintain an up-to-date inventory of their Kubernetes infrastructure.
-
Dynamic auto scaling: use the Google SecOps capabilities to automatically adjust the size of node pools in response to security events or operational alerts, ensuring optimal performance.
-
Label-based isolation: use the Google SecOps capabilities to automatically apply labels to GKE clusters based on security policies or incident response procedures.
-
Add-on configuration adjustment: use the Google SecOps capabilities to automatically enable or disable GKE add-ons based on security best practices. Disabling insecure add-ons can reduce the attack surface.
-
Operation status monitoring: use the Google SecOps capabilities to automatically monitor the status of GKE operations that are triggered by security playbooks or incident response workflows. This lets security analysts monitor remediation progress and check the status of ongoing operations.
Before you begin
To use the integration, you need a custom Identity and Access Management (IAM) role and a Google Cloud service account. You can use an existing service account or create a new one .
Create and configure an IAM role
To create and configure a custom IAM role for the integration, complete the following steps:
-
In the Google Cloud console, go to the IAM Rolespage.
-
Click Create roleto create a custom role with permissions required for the integration.
-
For a new custom role, enter a Title, Description, and unique ID.
-
Set the Role Launch Stageto General Availability.
-
Add the following permissions to the created role:
-
container.clusters.list -
container.clusters.update -
container.clusters.get -
container.operations.list -
container.operations.get
-
-
Click Create.
Create a service account
-
For guidance on creating a service account, see Create service accounts .
-
Under Grant this service account access to project, grant your service account the custom role that you created in the previous section.
-
If you don't run workloads on Google Cloud, you need to create a service account key in JSON after you create a service account. If you don't configure the
Workload Identity Emailparameter, use the full content of the downloaded JSON file when you configure the integration parameters.For security reasons, we recommend using the workload identity email addresses instead of service account JSON keys. For more information about the workload identities, see Identities for workloads .
Integration parameters
The GKE integration requires the following parameters:
| Parameters | Description |
|---|---|
API Root
|
Optional. The GKE instance API root. The default value is |
Account Type
|
Optional. The type of GKE account. Provide the value that is set in the The default value is |
Project ID
|
Optional. The project ID of the GKE account. Enter the value that is set in the |
Private Key ID
|
Optional. The private key ID of the GKE account. Enter the value that is set in the |
Private Key
|
Optional. The private key of the GKE account. Enter the value that is set in the |
Client Email
|
Optional. The client email address of the GKE account. Enter the value that is set in the |
Client ID
|
Optional. The client ID of the GKE account. Enter the value that is set in the |
Auth URI
|
Optional. The authentication URI of the GKE account. Enter the value that is set in the The default value is |
Token URI
|
Optional. The token URI of the GKE account. Enter the value that is set in the The default value is |
Auth Provider X509 URL
|
Optional. The authentication provider X.509 URL of the GKE account. Enter the value that is set in the The default value is |
Client X509 URL
|
Optional. The client X.509 URL of the GKE account. Enter the value that is set in the |
Service Account Json File Content
|
Optional. The content of the service account key JSON file. You can configure this parameter or the To configure this parameter, enter the full content of the service account key JSON file that you have downloaded when you created a service account. If you configure this parameter, the integration ignores other connection parameters. |
Workload Identity Email
|
Optional. The client email address of your service account. You can configure this parameter or the If you set this parameter, configure
the To impersonate service accounts with the Workload Identity Federation,
grant the |
Location ID
|
Optional. The location ID to use in the integration. The
default value is |
Verify SSL
|
Optional. If selected, the integration validates the SSL certificate when connecting to the GKE server. Selected by default. |
For instructions about how to configure an integration in Google SecOps, see Configure integrations .
You can make changes at a later stage, if needed. After you configure an integration instance, you can use it in playbooks. For more information about how to configure and support multiple instances, see Supporting multiple instances .
Actions
For more information about actions, see Respond to pending actions from Your Workdesk and Perform a manual action .
Get Operation Status
Use the Get Operation Statusaction to retrieve the GKE operation status.
This action is asynchronous. Adjust the Google SecOps integrated development environment (IDE) for the action as needed.
This action doesn't run on Google SecOps entities.
Action inputs
The Get Operation Statusaction requires the following parameters:
| Parameter | Description |
|---|---|
Location
|
Required. A location to retrieve the operation statuses, such
as |
Operation Name
|
Required. An operation to retrieve. |
Wait for the operation to finish
|
Optional. If selected, the action waits for the results of the operation. Not selected by default. |
Action outputs
The Get Operation Statusaction provides the following outputs:
| Action output type | Availability |
|---|---|
| Case wall attachment | Not available |
| Case wall link | Not available |
| Case wall table | Not available |
| Enrichment table | Not available |
| JSON result | Available |
| Output messages | Available |
| Script result | Available |
JSON result
The following example shows the JSON result output received when using the Get Operation Statusaction:
{
"name"
:
"operation- OPERATION_ID
"
,
"zone"
:
"europe-central2-a"
,
"operationType"
:
"SET_NODE_POOL_SIZE"
,
"status"
:
"RUNNING"
,
"selfLink"
:
"https://container.googleapis.com/v1/projects/ PROJECT_ID
/zones/europe-central2-a/operations/operation- OPERATION_ID
"
,
"targetLink"
:
"https://container.googleapis.com/v1/projects/ PROJECT_ID
/zones/europe-central2-a/clusters/cluster-test/nodePools/default-pool"
,
"startTime"
:
"2021-08-15T11:53:55.904254615Z"
}
Output messages
The Get Operation Statusaction can return the following output messages:
| Output message | Message description |
|---|---|
| |
The action succeeded. |
| |
The action failed. Check the connection to the server, input parameters, or credentials. |
Script result
The following table lists the value for the script result output when using the Get Operation Statusaction:
| Script result name | Value |
|---|---|
is_success
|
True
or False
|
List Clusters
Use the List Clustersaction to list GKE clusters based on the specified search criteria.
This action doesn't run on Google SecOps entities.
Action inputs
The List Clustersaction requires the following parameters:
Cluster Location
Required.
The location to search for clusters, such as europe-central2-a
.
Filter Logic
Optional.
The filter logic to apply.
The filtering logic
works with the cluster name
field.
The possible values are as follows:
-
Not Specified -
Equal -
Contains
The default
value is Not Specified
.
Filter Value
Optional.
The value to use for the filter.
The filtering
logic works with the cluster name
field.
If you set the Filter Logic
parameter to Equal
, the action
searches for the Filter Value
exact match among results. If you
set the Filter Logic
parameter to Contains
, the
action searches for results that contain the substring that you specify in
this parameter. If you don't set a value, the action ignores the filter.
Max Records To Return
Optional.
The number of records to return.
The default value is 50
.
Action outputs
The List Clustersaction provides the following outputs:
| Action output type | Availability |
|---|---|
| Case wall attachment | Not available |
| Case wall link | Not available |
| Case wall table | Available |
| Enrichment table | Not available |
| JSON result | Available |
| Output messages | Available |
| Script result | Available |
Case wall table
The List Clustersaction can return the following table:
Table name: Found Clusters
Table columns:
- ID
- Name
- Description
- Cluster Network
- Cluster IPv4 CIDR
- Labels
- Cluster Endpoint
- Status
- Location
- Zone
- Initial Cluster Version
- Current Master Version
- Current Node Version
- Create Time
JSON result
The following example shows the JSON result output received when using the List Clustersaction:
{
"name"
:
"cluster-test"
,
"description"
:
"Requested by user"
,
"nodeConfig"
:
{
"machineType"
:
"e2-micro"
,
"diskSizeGb"
:
15
,
"oauthScopes"
:
[
"https://www.googleapis.com/auth/devstorage.read_only"
,
"https://www.googleapis.com/auth/logging.write"
,
"https://www.googleapis.com/auth/monitoring"
,
"https://www.googleapis.com/auth/servicecontrol"
,
"https://www.googleapis.com/auth/service.management.readonly"
,
"https://www.googleapis.com/auth/trace.append"
],
"metadata"
:
{
"disable-legacy-endpoints"
:
"true"
},
"imageType"
:
"COS"
,
"tags"
:
[
"pod-net-tag"
],
"serviceAccount"
:
"default"
,
"diskType"
:
"pd-standard"
,
"shieldedInstanceConfig"
:
{
"enableIntegrityMonitoring"
:
true
}
},
"masterAuth"
:
{
"clusterCaCertificate"
:
" CERTIFICATE
"
}
}
Output messages
The List Clustersaction can return the following output messages:
| Output message | Message description |
|---|---|
| |
The action succeeded. |
| |
The action failed. Check the connection to the server, input parameters, or credentials. |
Script result
The following table lists the value for the script result output when using the List Clustersaction:
| Script result name | Value |
|---|---|
is_success
|
True
or False
|
List Node Pools
Use the List Node Poolsaction to list node pools for the GKE cluster based on the specified search criteria.
The filtering logic works with the node pool name
field.
This action doesn't run on Google SecOps entities.
Action inputs
The List Node Poolsaction requires the following parameters:
Cluster Location
Required.
A location to search for clusters, such as europe-central2-a
.
Cluster Name
Required.
The name of the cluster to search for.
Filter Logic
Optional.
The filter logic to apply.
The filtering logic
works with the node pool name
field.
The possible values are as follows:
-
Not Specified -
Equal -
Contains
The default
value is Not Specified
.
Filter Value
Optional.
The value to use for the filter.
The filtering
logic works with the node pool name
field.
If you set the Filter Logic
parameter to Equal
, the action
searches for the Filter Value
exact match among results. If you
set the Filter Logic
parameter to Contains
, the
action searches for results that contain the substring that you specify in
this parameter. If you don't set a value, the action ignores the filter.
Max Records To Return
Optional.
The number of records to return.
The default value is 50
.
Action outputs
The List Node Poolsaction provides the following outputs:
| Action output type | Availability |
|---|---|
| Case wall attachment | Not available |
| Case wall link | Not available |
| Case wall table | Available |
| Enrichment table | Not available |
| JSON result | Available |
| Output messages | Available |
| Script result | Available |
Case wall table
The List Node Poolsaction can return the following table:
Table name: Found Node Pools
- Name
- Status
- Version
- Machine Type
- Tags
- Service Account
- Initial Node Count
- Autoscaling
- Max Pods Constraint
- Locations
JSON result
The following example shows the JSON result output received when using the List Node Poolsaction:
{
"nodePools"
:
[
{
"name"
:
"example-pool"
,
"config"
:
{
"machineType"
:
"e2-micro"
,
"diskSizeGb"
:
15
,
"oauthScopes"
:
[
"https://www.googleapis.com/auth/devstorage.read_only"
,
"https://www.googleapis.com/auth/logging.write"
,
"https://www.googleapis.com/auth/monitoring"
,
"https://www.googleapis.com/auth/servicecontrol"
,
"https://www.googleapis.com/auth/service.management.readonly"
,
"https://www.googleapis.com/auth/trace.append"
],
"metadata"
:
{
"disable-legacy-endpoints"
:
"true"
},
"imageType"
:
"COS"
,
"tags"
:
[
"pod-net-tag"
],
"serviceAccount"
:
"default"
,
"diskType"
:
"pd-standard"
,
"shieldedInstanceConfig"
:
{
"enableIntegrityMonitoring"
:
true
}
},
"initialNodeCount"
:
3
,
"autoscaling"
:
{},
"management"
:
{
"autoUpgrade"
:
true
,
"autoRepair"
:
true
},
"maxPodsConstraint"
:
{
"maxPodsPerNode"
:
"8"
},
"podIpv4CidrSize"
:
28
,
"locations"
:
[
"europe-central2-a"
],
"networkConfig"
:
{
"podRange"
:
"gke-cluster-example-pods- ID
"
,
"podIpv4CidrBlock"
:
"192.0.2.0/24"
},
"selfLink"
:
"https://container.googleapis.com/v1/projects/ PROJECT_ID
/zones/europe-central2-a/clusters/cluster-example/nodePools/example-pool"
,
"version"
:
"1.18.20-gke.900"
,
"instanceGroupUrls"
:
[
"https://www.googleapis.com/compute/v1/projects/ PROJECT_ID
/zones/europe-central2-a/instanceGroupManagers/gke-cluster-example-example-pool- ID
-grp"
],
"status"
:
"RUNNING"
,
"upgradeSettings"
:
{
"maxSurge"
:
1
}
}
]
}
Output messages
The List Node Poolsaction can return the following output messages:
| Output message | Message description |
|---|---|
| |
The action succeeded. |
| |
The action failed. Check the connection to the server, input parameters, or credentials. |
Script result
The following table lists the value for the script result output when using the List Node Poolsaction:
| Script result name | Value |
|---|---|
is_success
|
True
or False
|
List Operations
Use the List Operationsaction to list GKE operations for a location based on the specified search criteria.
The filtering logic works with the operation name
field.
This action doesn't run on Google SecOps entities.
Action inputs
The List Operationsaction requires the following parameters:
Cluster Location
Required.
The location to search for operations, such as europe-central2-a
.
Filter Logic
Optional.
The filter logic to apply.
The filtering logic
works with the cluster name
field.
The possible values are as follows:
-
Equal -
Contains
The default value is Equal
.
Filter Value
Optional.
The value to use for the filter.
The filtering
logic works with the cluster name
field.
If you set the Filter Logic
parameter to Equal
, the action
searches for the Filter Value
exact match among results. If you
set the Filter Logic
parameter to Contains
, the
action searches for results that contain the substring that you specify in
this parameter. If you don't set a value, the action ignores the filter.
Max Records To Return
Optional.
The number of records to return.
The default value is 50
.
Action outputs
The List Operationsaction provides the following outputs:
| Action output type | Availability |
|---|---|
| Case wall attachment | Not available |
| Case wall link | Not available |
| Case wall table | Available |
| Enrichment table | Not available |
| JSON result | Available |
| Output messages | Available |
| Script result | Available |
Case wall table
The List Operationsaction can return the following table:
Table name: Found Operations
Table columns:
- Name
- Zone
- Operation Type
- Status
- Start Time
- End Time
- Target Link
- Self Link
JSON result
The following example shows the JSON result output received when using the List Operationsaction:
{
"operations"
:
[
{
"name"
:
"operation- OPERATION_ID
"
,
"zone"
:
"europe-central2-a"
,
"operationType"
:
"UPGRADE_MASTER"
,
"status"
:
"DONE"
,
"selfLink"
:
"https://container.googleapis.com/v1/projects/ PROJECT_ID
/zones/europe-central2-a/operations/operation- OPERATION_ID
"
,
"targetLink"
:
"https://container.googleapis.com/v1/projects/ PROJECT_ID
/zones/europe-central2-a/clusters/cluster-example"
,
"startTime"
:
"2021-08-06T12:33:51.614562051Z"
,
"endTime"
:
"2021-08-06T12:38:55.038159801Z"
},
]
}
Output messages
The List Operationsaction can return the following output messages:
| Output message | Message description |
|---|---|
| |
The action succeeded. |
| |
The action failed. Check the connection to the server, input parameters, or credentials. |
Script result
The following table lists the value for the script result output when using the List Operationsaction:
| Script result name | Value |
|---|---|
is_success
|
True
or False
|
Ping
Use the Pingaction to test the connectivity to GKE.
This action doesn't run on Google SecOps entities.
Action inputs
None.
Action outputs
The Pingaction provides the following outputs:
| Action output type | Availability |
|---|---|
| Case wall attachment | Not available |
| Case wall link | Not available |
| Case wall table | Not available |
| Enrichment table | Not available |
| JSON result | Not available |
| Output messages | Available |
| Script result | Available |
Output messages
The Pingaction can return the following output messages:
| Output message | Message description |
|---|---|
Successfully connected to the GKE service with the provided
connection parameters!
|
The action succeeded. |
Failed to connect to the GKE service! Error is ERROR_REASON
|
The action failed. Check the connection to the server, input parameters, or credentials. |
Script result
The following table lists the value for the script result output when using the Pingaction:
| Script result name | Value |
|---|---|
is_success
|
True
or False
|
Set Cluster Addons
Use the Set Cluster Addonsaction to set add-ons for the GKE cluster.
If the target cluster is already undergoing a configuration change, it cannot accept new configuration changes until the current configuration change is complete.
This action runs asynchronous. Adjust the Google SecOps IDE settings as needed.
This action doesn't run on Google SecOps entities.
Action inputs
The Set Cluster Addonsaction requires the following parameters:
Cluster Location
Required.
A location to search for clusters, such as europe-central2-a
.
Cluster Name
Required.
The name of the cluster to search for.
HTTP Load Balancing
Optional.
The value for the HTTP load balancing add-on.
The possible values are as follows:
-
Not Changed -
Disabled -
Enabled
The default value is Not Changed
.
Horizontal Pod Autoscaling
Optional.
The value for the horizontal Pod autoscaling add-on.
The possible values are as follows:
-
Not Changed -
Disabled -
Enabled
The default value is Not Changed
.
Network Policy Config
Optional.
The value for the network policy configuration add-on.
The possible values are as follows:
-
Not Changed -
Disabled -
Enabled
The default value is Not Changed
.
Cloud Run Config
Optional.
The value for the Cloud Run configuration add-on.
The possible values are as follows:
-
Not Changed -
Disabled -
Enabled, Load Balancer Type Unspecified -
Enabled, Load Balancer Type External -
Enabled, Load Balancer Type Internal
The
default value is Not Changed
.
DNS Cache Config
Optional.
The value for the DNS cache configuration add-on.
The possible values are as follows:
-
Not Changed -
Disabled -
Enabled
The default value is Not Changed
.
Config Connector Config
Optional.
The value for the Config Connector configuration add-on.
The possible values are as follows:
-
Not Changed -
Disabled -
Enabled
The default value is Not Changed
.
Persistent Disk Csi Driver Config
Optional.
Specify the value for the Compute Engine persistent disk Container Storage Interface (CSI) Driver configuration add-on.
The possible values are as follows:
-
Not Changed -
Disabled -
Enabled
The default value is Not Changed
.
Wait for cluster configuration change operation to finish
Optional.
If selected, the action waits for the results of the cluster configuration change operation.
Selected by default.
Action outputs
The Set Cluster Addonsaction provides the following outputs:
| Action output type | Availability |
|---|---|
| Case wall attachment | Not available |
| Case wall link | Not available |
| Case wall table | Not available |
| Enrichment table | Not available |
| JSON result | Available |
| Output messages | Available |
| Script result | Available |
JSON result
The following example shows the JSON result output received when using the Set Cluster Addonsaction:
{
"name"
:
"operation- OPERATION_ID
"
,
"zone"
:
"europe-central2-a"
,
"operationType"
:
"UPDATE_CLUSTER"
,
"status"
:
"RUNNING"
,
"selfLink"
:
"https://container.googleapis.com/v1/projects/ PROJECT_ID
/zones/europe-central2-a/operations/operation- OPERATION_ID
"
,
"targetLink"
:
"https://container.googleapis.com/v1/projects/ PROJECT_ID
/zones/europe-central2-a/clusters/cluster-test"
,
"startTime"
:
"2021-08-15T11:34:43.051036236Z"
}
Output messages
The Set Cluster Addonsaction can return the following output messages:
| Output message | Message description |
|---|---|
| |
The action succeeded. |
| |
The action failed. Check the connection to the server, input parameters, or credentials. |
Script result
The following table lists the value for the script result output when using the Set Cluster Addonsaction:
| Script result name | Value |
|---|---|
is_success
|
True
or False
|
Set Cluster Labels
Use the Set Cluster Labelsaction to set labels for the GKE cluster. The action appends new labels to any existing cluster labels.
If the target cluster is already undergoing a configuration change, it cannot accept new configuration changes until the current configuration change is complete.
This action runs asynchronous. Adjust the Google SecOps IDE settings as needed.
This action doesn't run on Google SecOps entities.
Action inputs
The Set Cluster Labelsaction requires the following parameters:
| Parameter | Description |
|---|---|
Cluster Location
|
Required. A location to search for clusters, such as |
Cluster Name
|
Required. The name of the cluster to search for. |
Cluster Labels
|
Required. A JSON object that contains labels to add to the cluster. The action appends new labels to any existing cluster labels. The default value is as follows: {
"key1":"value1",
"key2":"value2"
}
|
Wait for cluster configuration change operation to finish
|
Optional. If selected, the action waits for the results of the cluster configuration change operation. Not selected by default. |
Action outputs
The Set Cluster Labelsaction provides the following outputs:
| Action output type | Availability |
|---|---|
| Case wall attachment | Not available |
| Case wall link | Not available |
| Case wall table | Not available |
| Enrichment table | Not available |
| JSON result | Available |
| Output messages | Available |
| Script result | Available |
JSON result
The following example shows the JSON result output received when using the Set Cluster Labelsaction:
{
"name"
:
"operation- OPERATION_ID
"
,
"zone"
:
"europe-central2-a"
,
"operationType"
:
"UPDATE_CLUSTER"
,
"status"
:
"RUNNING"
,
"selfLink"
:
"https://container.googleapis.com/v1/projects/ PROJECT_ID
/zones/europe-central2-a/operations/operation- OPERATION_ID
"
,
"targetLink"
:
"https://container.googleapis.com/v1/projects/ PROJECT_ID
/zones/europe-central2-a/clusters/cluster-test"
,
"startTime"
:
"2021-08-15T11:53:55.904254615Z"
}
Output messages
The Set Cluster Labelsaction can return the following output messages:
| Output message | Message description |
|---|---|
| |
The action succeeded. |
| |
The action failed. Check the connection to the server, input parameters, or credentials. |
Script result
The following table lists the value for the script result output when using the Set Cluster Labelsaction:
| Script result name | Value |
|---|---|
is_success
|
True
or False
|
Set Node Autoscaling
Use the Set Node Autoscalingaction to set the node pool auto scaling configuration for the GKE cluster. The action is asynchronous.
If the target cluster is already undergoing a configuration change, it cannot accept new configuration changes until the current configuration change is complete.
This action runs asynchronous. Adjust the Google SecOps IDE settings as needed.
This action doesn't run on Google SecOps entities.
Action inputs
The Set Node Autoscalingaction requires the following parameters:
Cluster Location
Required.
A location to search for clusters, such as europe-central2-a
.
Cluster Name
Required.
The name of the cluster to search for.
Node Pool Name
Required.
The node pool name for the cluster.
Autoscaling Mode
Optional.
The auto scaling mode status for the node pool.
The possible values are as follows:
-
Not Changed -
Enabled -
Disabled
The default value is Not Changed
.
Minimum Node Count
Optional.
The minimum number of nodes for the node pool configuration.
Maximum Node Count
Optional.
The maximum number of nodes for the node pool configuration.
Wait for cluster configuration change operation to finish
Optional.
If selected, the action waits for the results of the cluster configuration change operation.
Not selected by default.
Action outputs
The Set Node Autoscalingaction provides the following outputs:
| Action output type | Availability |
|---|---|
| Case wall attachment | Not available |
| Case wall link | Not available |
| Case wall table | Not available |
| Enrichment table | Not available |
| JSON result | Available |
| Output messages | Available |
| Script result | Available |
JSON result
The following example shows the JSON result output received when using the Set Node Autoscalingaction:
{
"name"
:
"operation- OPERATION_ID
"
,
"zone"
:
"europe-central2-a"
,
"operationType"
:
"UPDATE_CLUSTER"
,
"status"
:
"RUNNING"
,
"selfLink"
:
"https://container.googleapis.com/v1/projects/ PROJECT_ID
/zones/europe-central2-a/operations/operation- OPERATION_ID
"
,
"targetLink"
:
"https://container.googleapis.com/v1/projects/ PROJECT_ID
/zones/europe-central2-a/clusters/cluster-test"
,
"startTime"
:
"2021-08-15T11:53:55.904254615Z"
}
Output messages
The Set Node Autoscalingaction can return the following output messages:
| Output message | Message description |
|---|---|
| |
The action succeeded. |
| |
The action failed. Check the connection to the server, input parameters, or credentials. |
Script result
The following table lists the value for the script result output when using the Set Node Autoscalingaction:
| Script result name | Value |
|---|---|
is_success
|
True
or False
|
Set Node Pool Management
Use the Set Node Pool Managementaction to set the node pool management configuration for the GKE cluster.
This action runs asynchronous. Adjust the Google SecOps IDE settings as needed.
This action doesn't run on Google SecOps entities.
Action inputs
The Set Node Pool Managementaction requires the following parameters:
| Parameter | Description |
|---|---|
Cluster Location
|
Required. A location to search for clusters, such as |
Cluster Name
|
Required. The name of the cluster to search for. |
Node Pool Name
|
Required. The node pool name for the GKE cluster. |
Auto Upgrade
|
Optional. The status of the auto upgrade management feature. |
Auto Repair
|
Optional. The status of auto repair management feature. |
Wait for cluster configuration change operation to finish
|
Optional. If selected, the action waits for the results of the cluster configuration change operation. Not selected by default. |
Action outputs
The Set Node Pool Managementaction provides the following outputs:
| Action output type | Availability |
|---|---|
| Case wall attachment | Not available |
| Case wall link | Not available |
| Case wall table | Not available |
| Enrichment table | Not available |
| JSON result | Available |
| Output messages | Available |
| Script result | Available |
JSON result
The following example shows the JSON result output received when using the Set Node Pool Managementaction:
{
"name"
:
"operation- OPERATION_ID
"
,
"zone"
:
"europe-central2-a"
,
"operationType"
:
"SET_NODE_POOL_MANAGEMENT"
,
"status"
:
"RUNNING"
,
"selfLink"
:
"https://container.googleapis.com/v1/projects/ PROJECT_ID
/zones/europe-central2-a/operations/operation- OPERATION_ID
"
,
"targetLink"
:
"https://container.googleapis.com/v1/projects/ PROJECT_ID
/zones/europe-central2-a/clusters/cluster-test/nodePools/default-pool"
,
"startTime"
:
"2021-08-15T11:53:55.904254615Z"
}
Output messages
The Set Node Pool Managementaction can return the following output messages:
| Output message | Message description |
|---|---|
| |
The action succeeded. |
| |
The action failed. Check the connection to the server, input parameters, or credentials. |
Script result
The following table lists the value for the script result output when using the Set Node Pool Managementaction:
| Script result name | Value |
|---|---|
is_success
|
True
or False
|
Set Node Count
Use the Set Node Countaction to set the node count for the GKE cluster node pool.
This action runs asynchronous. Adjust the Google SecOps IDE settings as needed.
This action doesn't run on Google SecOps entities.
Action inputs
The Set Node Countaction requires the following parameters:
| Parameter | Description |
|---|---|
Cluster Location
|
Required. A location to search for clusters, such as |
Cluster Name
|
Required. The name of the cluster to search for. |
Node Pool Name
|
Required. The node pool name for the GKE cluster. |
Node Count
|
Required. The number of nodes for the GKE cluster node pool. |
Wait for cluster configuration change operation to finish
|
Optional. If selected, the action waits for the results of the cluster configuration change operation. Not selected by default. |
Action outputs
The Set Node Countaction provides the following outputs:
| Action output type | Availability |
|---|---|
| Case wall attachment | Not available |
| Case wall link | Not available |
| Case wall table | Not available |
| Enrichment table | Not available |
| JSON result | Available |
| Output messages | Available |
| Script result | Available |
JSON result
The following example shows the JSON result output received when using the Set Node Countaction:
{
"name"
:
"operation- OPERATION_ID
"
,
"zone"
:
"europe-central2-a"
,
"operationType"
:
"SET_NODE_POOL_SIZE"
,
"status"
:
"RUNNING"
,
"selfLink"
:
"https://container.googleapis.com/v1/projects/ PROJECT_ID
/zones/europe-central2-a/operations/operation- OPERATION_ID
"
,
"targetLink"
:
"https://container.googleapis.com/v1/projects/ PROJECT_ID
/zones/europe-central2-a/clusters/cluster-test/nodePools/default-pool"
,
"startTime"
:
"2021-08-15T11:53:55.904254615Z"
}
Output messages
The Set Node Countaction can return the following output messages:
| Output message | Message description |
|---|---|
| |
The action succeeded. |
| |
The action failed. Check the connection to the server, input parameters, or credentials. |
Script result
The following table lists the value for the script result output when using the Set Node Countaction:
| Script result name | Value |
|---|---|
is_success
|
True
or False
|
Need more help? Get answers from Community members and Google SecOps professionals.
