Private Cluster Disabled

• Query id: 48c61fbd-09c9-46cc-a521-012e0c325412
• Query name: Private Cluster Disabled
• Platform: GoogleDeploymentManager
• Severity: Medium
• Category: Insecure Configurations
• URL: Github

Description

Kubernetes Clusters must be created with Private Clusters enabled, meaning the 'privateClusterConfig' must be defined and the attributes 'enablePrivateEndpoint' and 'enablePrivateNodes' must be true.
Documentation

Code samples

Code samples with security vulnerabilities

Positive test num. 1 - yaml file

resources:
- name: mycluster
  type: container.v1.cluster
  properties:
    zone: us-east1-b

Positive test num. 2 - yaml file

resources:
- name: mycluster2
  type: container.v1.cluster
  properties:
    zone: us-east1-b
    privateClusterConfig:
      enablePrivateEndpoint: false

Code samples without security vulnerabilities

Negative test num. 1 - yaml file

resources:
- name: mycluster3
  type: container.v1.cluster
  properties:
    zone: us-east1-b
    privateClusterConfig:
      enablePrivateEndpoint: true
      enablePrivateNodes: true