Ensure ABAC authorization on Kubernetes engine clusters is disabled
Error: ABAC authorization on Kubernetes engine clusters is enabled
Bridgecrew Policy ID: BC_GCP_KUBERNETES_2
Checkov Check ID: CKV_GCP_7
Severity: LOW
ABAC authorization on Kubernetes engine clusters is enabled
Description
Kubernetes RBAC (Role-Based Access Control) can be used to grant permissions to resources at the cluster and namespace level. It allows defining roles with rules containing a set of permissions. RBAC has significant security advantages and is now stable in Kubernetes, superseding the benefits of legacy authorization with ABAC (Attribute-Based Access Control).
We recommend you disable ABAC authorization and use RBAC in GKE instead.
Updated 12 months ago
Did this page help you?