Skip to main content

How to Import from Google Cloud Kubernetes Engine

The Cado platform allows you to collect key logs and forensic artifacts from Google Cloud Kubernetes Engine (GKE) containers.

info

For distroless containers, please use Cado Host to perform the acquisition.

Import Steps

  1. Go to Import > Cloud
    Navigate to the cloud import screen.

    Cado Import Screen showing the Kubernetes Engine options

  2. Select Cluster, Pod, and Container
    Follow the prompts to choose your Cluster, Pod, and Container.

    Cado Import Screen showing the available Kubernetes Engine Clusters

  3. Confirm and Start Import
    Review the details, then click Start Import.

Cado will automatically collect all relevant logs and forensic artifacts from the container to support your investigation. For most acquisitions, the import and processing will complete within a few minutes.

Cado showing the confirmation screen of a successful Kubernetes Engine container capture

info

To import GKE containers, ensure the iam.serviceAccounts.implicitDelegation IAM permission is added to the Service Account.
Currently, GKE imports are supported only for GCP accounts configured with Workload Identity Federation. See more details on the GCP Import Settings page.

Data Flow Diagram

Data Flow Diagram for GKE Acquisition