Ensure GCP Kubernetes engine clusters have basic authentication disabled
Error: GCP Kubernetes engine clusters have basic authentication enabled
Bridgecrew Policy ID: BC_GCP_KUBERNETES_11
Checkov Check ID: CKV_GCP_19
Severity: MEDIUM
GCP Kubernetes engine clusters have basic authentication enabled
Description
GKE supports multiple secure authentication methods, including service account bearer tokens, OAuth tokens, x509 client certificates. Basic authentication and client certificate issuance are disabled by default for clusters created with GKE 1.12 and later.
We recommend you use Cloud IAM, or an alternative secure authentication mechanism, as the identity provider for GKE clusters.
Fix - Buildtime
Terraform
resource "google_container_cluster" "pass2" {
name = "google_cluster"
monitoring_service = "monitoring.googleapis.com"
master_authorized_networks_config {}
master_auth {
username = ""
password = ""
client_certificate_config {
issue_client_certificate = false
}
}
}
Updated 11 months ago