Network Policy Disabled

Query id: c47f90e8-4a19-43f0-8413-cc434d286c4e
Query name: Network Policy Disabled
Platform: GoogleDeploymentManager
Severity: High
Category: Insecure Configurations
URL: Github

Description¶

Kubernetes Engine Clusters must have Network Policy enabled, meaning that the attribute 'networkPolicy.enabled' must be true and the attribute 'addonsConfig.networkPolicyConfig.disabled' must be false
Documentation

Code samples¶

Code samples with security vulnerabilities¶

Postitive test num. 1 - yaml file

resources:
  - name: cluster
    type: container.v1.cluster
    properties:
      description: my-cluster

Postitive test num. 2 - yaml file

resources:
  - name: cluster
    type: container.v1.cluster
    properties:
      description: my-cluster
      networkPolicy:
        enabled: false

Postitive test num. 3 - yaml file

resources:
  - name: cluster
    type: container.v1.cluster
    properties:
      description: my-cluster
      addonsConfig:
        networkPolicyConfig:
          disabled: true

Postitive test num. 4 - yaml file

resources:
  - name: cluster
    type: container.v1.cluster
    properties:
      description: my-cluster
      networkPolicy:
        enabled: false
      addonsConfig:
        networkPolicyConfig:
          disabled: true

Code samples without security vulnerabilities¶

Negative test num. 1 - yaml file

resources:
  - name: cluster
    type: container.v1.cluster
    properties:
      description: my-cluster
      networkPolicy:
        enabled: true
      addonsConfig:
        networkPolicyConfig:
          disabled: false