add gke module

[joshrwolf]

adds a reusable GKE module

[wiz-inc-643c6df573]

Wiz Scan Summary

Scan Module						Total
IaC Misconfigurations	0	0	1	4	0	5
Vulnerabilities	0	0	0	0	0	0
Secrets	0	0	0	0	0	0
Total	0	0	1	4	0	5

View scan details in Wiz

[k4leung4]

do you want to address the wiz findings?

[pnasrat]

This would be really helpful I don't have access to the wiz scans (requested) but happy to take a look if someone pastes the details

terrascan picks up the 0.0.0.0 in master_authorized_networks_config I suspect that is set as we fall under the documented limitations of ip endpoints:

https://cloud.google.com/kubernetes-engine/docs/concepts/network-isolation#limitations-ip-endpoints

If you have clients connecting from networks with dynamic IP addresses, such as employees on home networks, you must update the list of authorized networks frequently to maintain access to the cluster.

[pnasrat]

1. GKE cluster should have a Pod Security Policy enabled - deprecated in 1.25 so false positive
2. GKE cluster network policy should be enabled - implied by ADVANCED_DATAPATH false positive
3. GKE cluster basic authentication should be disabled - removed in 1.19 false positive
4. GKE cluster should have label information - nodes labeled in dynamic block, added squad/name resource labels
5. GKE private cluster private endpoint should be enabled - deliberate for remote access

[cpanato]

should we add a version?

[k4leung4]

version is typical needed at call sight,
so no need here.

[cpanato]

will be good to add the description and type for all missing ones

[k4leung4]

thank you for reviewing the wiz warnings