Ensure Alibaba Cloud Kubernetes installs plugin Terway or Flannel to support standard policies
Error: Alibaba Cloud Kubernetes does not install plugin Terway or Flannel to support standard policies
Bridgecrew Policy ID: BC_ALI_KUBERNETES_1
Checkov Check ID: CKV_ALI_26
Severity: LOW
Alibaba Cloud Kubernetes does not install plugin Terway or Flannel to support standard policies
Description
Installing the Terway or Flannel plugin on an Alibaba Cloud Kubernetes cluster can help to support standard policies for network communication and routing. Both Terway and Flannel are network plugins that can be used to provide network connectivity and communication between pods in a Kubernetes cluster.
Terway is a network plugin developed by Alibaba Cloud that is optimized for use with Alibaba Cloud Container Service for Kubernetes. It provides high-performance and low-latency network connectivity for Kubernetes clusters running on Alibaba Cloud.
Fix - Buildtime
Terraform
resource "alicloud_cs_kubernetes" "pass" {
worker_number = 4
worker_vswitch_ids = ["vsw-id1", "vsw-id1", "vsw-id3"]
master_vswitch_ids = ["vsw-id1", "vsw-id1", "vsw-id3"]
master_instance_types = ["ecs.n4.small", "ecs.sn1ne.xlarge", "ecs.n4.xlarge"]
worker_instance_types = ["ecs.n4.small", "ecs.sn1ne.xlarge", "ecs.n4.xlarge"]
addons {
config = ""
name = "terway-eniip"
}
pod_vswitch_ids = ["vsw-id4"]
}
# array of addons
resource "alicloud_cs_kubernetes" "pass2" {
worker_number = 4
worker_vswitch_ids = ["vsw-id1", "vsw-id1", "vsw-id3"]
master_vswitch_ids = ["vsw-id1", "vsw-id1", "vsw-id3"]
master_instance_types = ["ecs.n4.small", "ecs.sn1ne.xlarge", "ecs.n4.xlarge"]
worker_instance_types = ["ecs.n4.small", "ecs.sn1ne.xlarge", "ecs.n4.xlarge"]
addons {
config = ""
name = "flannel"
}
addons {
name = "csi-plugin"
config = ""
}
pod_cidr = "10.0.1.0/16"
}
Updated 9 months ago