PlatformResourcesSign inSign Up

Ensure GCP Kubernetes engine clusters have basic authentication disabled

Error: GCP Kubernetes engine clusters have basic authentication enabled

Bridgecrew Policy ID: BC_GCP_KUBERNETES_11
Checkov Check ID: CKV_GCP_19
Severity: MEDIUM

Suggest Edits

GCP Kubernetes engine clusters have basic authentication enabled

Description

GKE supports multiple secure authentication methods, including service account bearer tokens, OAuth tokens, x509 client certificates. Basic authentication and client certificate issuance are disabled by default for clusters created with GKE 1.12 and later.

We recommend you use Cloud IAM, or an alternative secure authentication mechanism, as the identity provider for GKE clusters.

Fix - Buildtime

Terraform

resource "google_container_cluster" "pass2" {
  name               = "google_cluster"
  monitoring_service = "monitoring.googleapis.com"
  master_authorized_networks_config {}
  master_auth {
    username = ""
    password = ""
    client_certificate_config {
      issue_client_certificate = false
    }
  }

}

Updated about 2 months ago