CSOAR-5032 - Documentation of GKE (Google Kubernetes Engine)

[mahendrak-sumo]

Purpose of this pull request

Introduces a new Google Kubernetes Engine (GKE) integration for CSOAR, adding enrichment/containment actions to interact with GKE clusters and Kubernetes resources using either Service Account credentials or WIF-based auth.

Changes:

Added the base GKE integration definition (connection test + configuration fields).
Added enrichment actions to retrieve clusters, deployments, workloads, and cluster role bindings.
Added containment/daemon actions to scale/delete deployments, grant/revoke cluster role bindings, and monitor pods for baseline pod-security violations.

Select the type of change

• Minor Changes - Typos, formatting, slight revisions
• Update Content - Revisions, updating sections
• New Content - New features, sections, pages, tutorials
• Site and Tools - .clabot, version updates, maintenance, dependencies, new packages for the site (Docusaurus, Gatsby, React, etc.)

Ticket (if applicable)

https://sumologic.atlassian.net/browse/CSOAR-5032

[amee-sumo]

Review comments

Content issues

Step 15 cross-reference (line 62)
"select the pool created in step 9" — confirmed accurate. No change needed.

Reused screenshots from other integrations
WIF steps use google-chat/google-chat-*.png and Service Account steps use google-drive/google-drive-*.png. Likely intentional since the GCP setup flow is identical across integrations. The alt text is contextually accurate (e.g., line 54 correctly says "Service Account Token Creator and Kubernetes Engine Admin"). Worth confirming with the author that these are the right screenshots for each step.

Long inline permission lists (lines 54 and 79)
The least-privilege permission lists are long inline sentences that are hard to read. Consider formatting them as a bulleted list, for example:

If your organization prefers least-privilege access, you can create a custom role with only the following permissions instead of Kubernetes Engine Admin:

• container.clusters.get
• container.clusters.list
• container.deployments.get
• container.deployments.list
• container.deployments.delete
• container.deployments.update
• container.clusterRoleBindings.list
• container.clusterRoleBindings.create
• container.clusterRoleBindings.delete
• container.pods.list
• container.events.list

Minor issues

"GCP" used inconsistently
Lines 38 and 47 use "GCP" but the rest of the doc uses "Google Cloud." Recommend using "Google Cloud" throughout, which is also Google's current preferred term.

PR title format
Title is CSOAR-5032: Documentation of GKE (Google Kubernetes Engine) — standard format is CSOAR-5032 - Documentation of GKE (Google Kubernetes Engine) (space-dash-space).

— via Claude Code