Ensure ABAC authorization on Kubernetes engine clusters is disabled

Error: ABAC authorization on Kubernetes engine clusters is enabled

Bridgecrew Policy ID: BC_GCP_KUBERNETES_2
Checkov Check ID: CKV_GCP_7
Severity: LOW

ABAC authorization on Kubernetes engine clusters is enabled

Description

Kubernetes RBAC (Role-Based Access Control) can be used to grant permissions to resources at the cluster and namespace level. It allows defining roles with rules containing a set of permissions. RBAC has significant security advantages and is now stable in Kubernetes, superseding the benefits of legacy authorization with ABAC (Attribute-Based Access Control).

We recommend you disable ABAC authorization and use RBAC in GKE instead.


Did this page help you?