Skip to main content
Skip table of contents

Kubernetes Integration for Google GKE

Overview

The Mend Kubernetes (K8s) integration can connect with your Google Kubernetes Engine using your provided access and secret keys, enabling you to scan and secure containers running in GKE environments, either in Autopilot or Standard mode.

Prerequisites before you Configure Mend’s Kubernetes Integration for Google GKE

  • Your Mend.io user must be an organization administrator.

  • A Google Cloud service account key file with permissions to access your GKE clusters.

Set up the Kubernetes Integration for Google GKE in the Mend AI Native AppSec Platform UI

As an administrator, navigate to the Integrations page and click the Google GKE integration card:

image-20251226-124051.png

This will spawn the integration setup wizard.

Step 1 - General Details

image-20251226-124810.png

  1. Fill in the desired Display Name (mandatory).

  2. Add a Description (optional).

  3. Select the Environment (Production/Dev/QA/Staging). (Mandatory; multi-selection is supported).

  4. Specify the Address for reaching the GKE cluster endpoint.

Step 2 - Authentication

Upload your Google Cloud service account key file.

image-20251226-125137.png

Once a valid key file is uploaded, the Test Connection button will become clickable. Use it to verify connectivity and proceed to the next step.

image-20250904-065308.png
image-20250904-065112.png
image-20250904-065220.png

Step 3 - Clusters

The summary of detected clusters will be displayed. Click Next to proceed to the next step.

image-20250714-160644.png

Step 4 - Configuration

Fill in the Configuration information to define your scan schedule:

image-20250714-134143.png

  • Enable Schedule - Toggle off to disable scheduling.

  • Scan Time

  • Frequency

  • Scan on Connect - While toggled on, it means a scan will be triggered automatically once the integration setup is completed.

Scheduling Kubernetes image scans is crucial for maintaining the security and integrity of your container images. By default, a scan interval of 7 days will be applied. You can change the scan interval in 1-day increments or select specific days of the week when you wish for scans to be executed.

Note: After the first scan (in which the latest 10 tags are scanned), in every scheduled scan only newly pushed images from the registry or changed images will be scanned. This is because vulnerability and package updates occur automatically in an asynchronous manner, keeping the security information up-to-date without requiring new scans.

Click the Next (image-20240727-113029.png) button at the bottom right to move on to the next step.

Step 5 - Summary

In this step, the summary of your input from the previous steps will be displayed. You can go back to the previous screens of the wizard to make changes, by clicking the ‘Back’ button at the bottom right corner of the screen. If you wish to confirm your configuration and add your registry, click the ‘Done’ button:

image-20240727-114442.png

Note: Kubernetes namespaces (i.e., kube-system, kube-public and kube-node-lease) are skipped during the scan as these images belong to Kubernetes system components rather than customer workloads. This behavior is intentional and cannot be changed.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close