Use GKE Sandbox to restrict untrusted workloads as an additional layer of protection when running in a multi-tenant environment. Rationale: GKE Sandbox provides an extra layer of security to prevent untrusted code from affecting the host kernel on your cluster nodes. When you enable GKE Sandbox on a Node pool, a sandbox is created for each Pod running on a node in that Node pool. In addition, nodes running sandboxed Pods are prevented from accessing other GCP services or cluster metadata. Each sandbox uses its own userspace kernel. Multi-tenant clusters and clusters whose containers run untrusted workloads are more exposed to security vulnerabilities than other clusters. Examples include SaaS providers, web-hosting providers, or other organizations that allow their users to upload and run code. A flaw in the container runtime or in the host kernel could allow a process running within a container to 'escape' the container and affect the node's kernel, potentially bringing down the node. The potential also exists for a malicious tenant to gain access to and exfiltrate another tenant's data in memory or on disk, by exploiting such a defect.
Solution
Once a node pool is created, GKE Sandbox cannot be enabled, rather a new node pool is required. The default node pool (the first node pool in your cluster, created when the cluster is created) cannot use GKE Sandbox. Using Google Cloud Console Go to Kubernetes Engine by visiting https://console.cloud.google.com/kubernetes/ Click ADD NODE POOL Configure the Node pool with following settings: For the node version, select v1.12.6-gke.8 or higher For the node image, select 'Container-Optimized OS with Containerd (cos_containerd) (beta)' Under 'Security', select 'Enable sandbox with gVisor' Configure other Node pool settings as required Click SAVE. Using Command Line To enable GKE Sandbox on an existing cluster, a new Node pool must be created. gcloud container node-pools create [NODE_POOL_NAME] \ --zone=[COMPUTE-ZONE] \ --cluster=[CLUSTER_NAME] \ --image-type=cos_containerd \ --sandbox type=gvisor Impact: Using GKE Sandbox requires the node image to be set to Container-Optimized OS with containerd (cos_containerd). It is not currently possible to use GKE Sandbox along with the following Kubernetes features: Accelerators such as GPUs or TPUs Istio Monitoring statistics at the level of the Pod or container Hostpath storage Per-container PID namespace CPU and memory limits are only applied for Guaranteed Pods and Burstable Pods, and only when CPU and memory limits are specified for all containers running in the Pod Pods using PodSecurityPolicies that specify host namespaces, such as hostNetwork, hostPID, or hostIPC Pods using PodSecurityPolicy settings such as privileged mode VolumeDevices Portforward Linux kernel security modules such as Seccomp, Apparmor, or Selinux Sysctl, NoNewPrivileges, bidirectional MountPropagation, FSGroup, or ProcMount Default Value: By default, GKE Sandbox is disabled.