Ensure GCP Kubernetes engine clusters have client certificate enabled

Error: GCP Kubernetes engine clusters have client certificate disabled

Bridgecrew Policy ID: BC_GCP_KUBERNETES_8
Checkov Check ID: CKV_GCP_13
Severity: LOW

GCP Kubernetes engine clusters have client certificate disabled

Description

Kubernetes uses client certificates, bearer tokens, an authenticating proxy, or HTTP basic auth to authenticate API requests through authentication plugins. As HTTP requests are made to the API server, plugins attempt to associate the following attributes with the request.

If a client certificate is presented and verified, the common name of the subject is used as the user name for the request. It can also indicate a user’s group memberships using the certificate’s organization fields.

We recommend you ensure Kubernetes engine clusters are authenticated using client certificates.


Did this page help you?