You can add a GKE (Google Kubernetes Engine) cluster to a GCP project that's already
been added to Sophos Cloud Optix.
Add a cluster as follows:
-
Click Settings (in the left-hand menu) and select
Environments.
-
Click Add New Environment.
-
On the Add your Cloud Provider environment page, select
the GCP tab.
-
Go to Google Cloud Platform and select your project.
-
Open Google Cloud Shell.
-
Download the script using the command provided on the
GCP tab in Sophos Cloud Optix.
Then run it in the form shown there:
CUSTOMER_ID=<…> REQUEST_ID=<…> bash
onboard-gke.sh
This creates a read-only service account in each GKE cluster.
-
If you have restricted access to the cluster, whitelist the Sophos IP addresses
(shown in Cloud Optix) in the firewall rules of your master node.
Sophos Cloud Optix now provides:
- Inventory details: GKE clusters, nodepools, nodes, pods, services, and
more.
- Topology visualization: Instances are shown as GKE nodes.
- Security best practice checks for GKE clusters. These are added to the GCP CIS
benchmark policy.
