Disable the legacy GCE instance metadata APIs for GKE nodes. Under some circumstances, these can be used from within a pod to extract the node's credentials. Rationale: The legacy GCE metadata endpoint allows simple HTTP requests to be made returning sensitive information. To prevent the enumeration of metadata endpoints and data exfiltration, the legacy metadata endpoint must be disabled. Without requiring a custom HTTP header when accessing the legacy GCE metadata endpoint, a flaw in an application that allows an attacker to trick the code into retrieving the contents of an attacker-specified web URL could provide a simple method for enumeration and potential credential exfiltration. By requiring a custom HTTP header, the attacker needs to exploit an application flaw that allows them to control the URL and also add custom headers in order to carry out this attack successfully.
Solution
The legacy GCE metadata endpoint must be disabled upon the cluster or node-pool creation. For GKE versions 1.12 and newer, the legacy GCE metadata endpoint is disabled by default. Using Google Cloud Console To update an existing cluster, create a new Node pool with the legacy GCE metadata endpoint disabled: Go to Kubernetes Engine by visiting https://console.cloud.google.com/kubernetes/list Click on the name of cluster to be upgraded and click ADD NODE POOL. Ensure that GCE instance metadata is set to the key:value pair of disable-legacy-endpoints: true Click SAVE You will need to migrate workloads from any existing non-conforming Node pools, to the new Node pool, then delete non-conforming Node pools to complete the remediation. Using Command Line To update an existing cluster, create a new Node pool with the legacy GCE metadata endpoint disabled: gcloud container node-pools create [POOL_NAME] \ --metadata disable-legacy-endpoints=true \ --cluster [CLUSTER_NAME] \ --zone [COMPUTE_ZONE] You will need to migrate workloads from any existing non-conforming Node pools, to the new Node pool, then delete non-conforming Node pools to complete the remediation. Impact: Any workloads using the legacy GCE metadata endpoint will no longer be able to retrieve metadata from the endpoint. Use Workload Identity instead. Default Value: Note: In GKE cluster versions 1.12 and newer, the --metadata=disable-legacy-endpoints=true setting is automatically enabled.