Add a GKE cluster to an existing GCP environment

You can add a GKE (Google Kubernetes Engine) cluster to a GCP project that's already been added to Sophos Cloud Optix.

Add a cluster as follows:
  1. Click Settings (in the left-hand menu) and select Environments.
  2. Click Add New Environment.
  3. On the Add your Cloud Provider environment page, select the GCP tab.
  4. Go to Google Cloud Platform and select your project.
  5. Open Google Cloud Shell.
  6. Download the script using the command provided on the GCP tab in Sophos Cloud Optix. Then run it in the form shown there:

    CUSTOMER_ID=<…> REQUEST_ID=<…> bash onboard-gke.sh

    This creates a read-only service account in each GKE cluster.

  7. If you have restricted access to the cluster, whitelist the Sophos IP addresses (shown in Cloud Optix) in the firewall rules of your master node.
Sophos Cloud Optix now provides:
  • Inventory details: GKE clusters, nodepools, nodes, pods, services, and more.
  • Topology visualization: Instances are shown as GKE nodes.
  • Security best practice checks for GKE clusters. These are added to the GCP CIS benchmark policy.