Client Certificate Disabled
- Query id: dd690686-2bf9-4012-a821-f61912dd77be
- Query name: Client Certificate Disabled
- Platform: GoogleDeploymentManager
- Severity: High
- Category: Insecure Configurations
- URL: Github
Description¶
Kubernetes Clusters must be created with Client Certificate enabled, which means 'masterAuth' must have 'clientCertificateConfig' with the attribute 'issueClientCertificate' equal to true
Documentation
Code samples¶
Code samples with security vulnerabilities¶
Postitive test num. 1 - yaml file
resources:
- name: cluster
type: container.v1.cluster
properties:
name: my-cluster
Postitive test num. 2 - yaml file
resources:
- name: cluster
type: container.v1.cluster
properties:
name: my-cluster
masterAuth:
clientKey: key
Postitive test num. 3 - yaml file
resources:
- name: cluster
type: container.v1.cluster
properties:
name: my-cluster
masterAuth:
clientCertificateConfig:
issueClientCertificate: false