GKE Master Authorized Networks Disabled

  • Query id: d43366c5-80b0-45de-bbe8-2338f4ab0a83
  • Query name: GKE Master Authorized Networks Disabled
  • Platform: Ansible
  • Severity: High
  • Category: Networking and Firewall
  • URL: Github

Description

Master authorized networks must be enabled in GKE clusters
Documentation

Code samples

Code samples with security vulnerabilities

Positive test num. 1 - yaml file
---
- name: create a cluster
  google.cloud.gcp_container_cluster:
    name: my-cluster
    location: us-central1-a
    auth_kind: serviceaccount
    master_authorized_networks_config:
      cidr_blocks:
        - cidr_block: 192.0.2.0/24
      enabled: no
    state: present
- name: create a second cluster
  google.cloud.gcp_container_cluster:
    name: my-second-cluster
    location: us-central1-a
    auth_kind: serviceaccount
    master_authorized_networks_config:
      cidr_blocks:
        - cidr_block: 192.0.2.0/24
    state: present
- name: create a third cluster
  google.cloud.gcp_container_cluster:
    name: my-third-cluster
    location: us-central1-a
    auth_kind: serviceaccount
    state: present

Code samples without security vulnerabilities

Negative test num. 1 - yaml file
- name: create a cluster
  google.cloud.gcp_container_cluster:
    name: my-cluster
    initial_node_count: 2
    location: us-central1-a
    auth_kind: serviceaccount
    master_authorized_networks_config:
      cidr_blocks:
      - cidr_block: 192.0.2.0/24
      enabled: yes
    state: present