Secure your fleet

Google Cloud provides a range of features to secure your fleet and the applications that run on it. This page provides an overview of fleet security features, with links to find out more.

Manage identity

Google Cloud provides the following options for authenticating to fleet clustersin a simple, consistent, and secured way, wherever the clusters live. After youhave set up authentication, you can configure more fine-grained access controlto your clusters usingKubernetes role-based access control (RBAC).

Authenticate with Google Cloud

All GKE clusters on Google Cloud are configured to accept Google Cloud user and service account identities by default. If your fleet contains clusters in multiple environments, you can configure theConnect gateway so that users and service accounts can also authenticate to any registered cluster using their Google Cloud ID.

Learn more about setting up and using authentication with Google Cloud in the following guides:

Authenticate with third-party providers

If you want to use your existing third-party identity provider to authenticate to your fleet clusters, GKE Identity Service is an authentication service that lets you bring your existing identity solutions to multiple environments. It supports allOpenID Connect (OIDC) providers such as Okta and Microsoft AD FS, as well as preview support for LDAP providers in some environments. You can set up GKE Identity Service on a cluster-by-cluster basis or witha single configuration for your entire fleet, where supported.

Learn more about setting up and using third-party authentication, including supported environments and providers, in the following guides:

Authenticate with a bearer token

If the preceding Google-provided solutions aren't suitable foryour organization, you can set up authentication using a Kubernetes serviceaccount and using its bearer token to log in. For details,seeSet up using a bearer token.

Manage fleet security

Google Cloud provides a range of features and products that improve the securityof your fleets and workloads, such as the following:

  • Binary Authorization to ensure that only trusted images are deployed on your fleetclusters
  • Kubernetes network policies to control connections between Pods
  • Fine-grained service access control for Cloud Service Mesh
  • The GKE security posture dashboard to monitor your clusters' security posture.

Monitor fleet security posture

The GKE security posture dashboard helps you assess andmanage your fleet's GKE clusters for security concerns and get actionablerecommendations to fix them. Capabilities includeconfiguration auditing.

The dashboard displays discovered concerns for all of the clusters in theselected fleet and for any standalone GKE clusters in the selectedproject.

Configure security posture dashboard features at fleet level

You can manage some security dashboard features at fleet level, so that all the clusters in your fleet can use the same default settings for security observability.

Fleet security resources

Learn more about fleet security features in the following guides:

Manage cluster policies

Policy Controller enables the enforcement of fully programmablepolicies for your fleet clusters. These policies act as "guardrails" and prevent anychanges to the configuration of the Kubernetes API from violating security,operational, or compliance controls.

Learn more about what you can do with Policy Controller in thePolicy Controller documentation.

Except as otherwise noted, the content of this page is licensed under theCreative Commons Attribution 4.0 License, and code samples are licensed under theApache 2.0 License. For details, see theGoogle Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.

Last updated 2026-02-19 UTC.