Discovering Google Cloud applications

Edit online

Using Concert, you can run auto-discovery to ingest Google Cloud applications deployed on Google Kubernetes Engine (GKE) and to return common vulnerabilities and exposures (CVEs).

Automating resilience assessments proactively finds hidden vulnerabilities to prevent breaches, reduce risk, and maintain system integrity.

Before you begin

You need:

  • A Google Cloud account
  • A project with clusters on Google Kubernetes Engine (GKE)

Step 1: Create a service account key or token

You can use a service account key, or use a project ID and token to set up auto-discovery for Google Cloud.

To create a service account key:
  1. In your Google Cloud instance, go to IAM & Admin > Service Accounts , and click + Create a service account. Or if you have an existing service account, go to the next step.
  2. Next to the service account you want to use, click the three-dot menu under Actions, and click Manage keys.
  3. Click Add key and select Create new key from the dropdown and the key type JSON. Or if you have an existing key, open in JSON and have it ready for Step 2.
For the project ID and token:
  1. In your Google Cloud instance, copy the number next to My Project for the Project ID box in Step 2.
  2. Create the token using the command : 
    
gcloud auth print-access-token

Step 2: Discover your data

You can automate discovery for your Google Cloud applications on GKE and continuously assess cluster resources. Concert automatically computes your resilience score and reports CVEs.

To auto-discover your data.

  1. From Home > Discover your data > Google Cloud.
  2. Select the Google Cloud GKE integration from the dropdown menu .
  3. Copy the Google Cloud Service Account Key in JSON format you created in Step 1 and paste into the Service account JSON box. Or copy and paste your information into the Project ID and Token boxes.
  4. Click Validate connection to check status of the connection.
  5. Click Next.
  6. Choose a Discovery job name or edit the auto-generated name.
    Note: A name is auto-populated, which is built in Kubernetes.
  7. Choose one or more clusters and namespaces.
  8. Click Next.

Concert will run the scan, create topology graphs, and generate CVEs on applications found in your Google Cloud GKE clusters.

Step 3: Review the ingested application and CVE details

After running the workflow, you can review the ingested application details and corresponding resilience metrics.
  1. In your Concert instance, go to Inventory > Application inventory from the main navigation.
  2. In the Applications tab, find and click the name of the ingested application.
  3. Click the CVEs tab to view metrics and open findings for each incident.