Network Policy Disabled
- Query id: c47f90e8-4a19-43f0-8413-cc434d286c4e
- Query name: Network Policy Disabled
- Platform: GoogleDeploymentManager
- Severity: High
- Category: Insecure Configurations
- URL: Github
Description¶
Kubernetes Engine Clusters must have Network Policy enabled, meaning that the attribute 'networkPolicy.enabled' must be true and the attribute 'addonsConfig.networkPolicyConfig.disabled' must be false
Documentation
Code samples¶
Code samples with security vulnerabilities¶
Positive test num. 1 - yaml file
resources:
- name: cluster
type: container.v1.cluster
properties:
description: my-cluster
Positive test num. 2 - yaml file
resources:
- name: cluster
type: container.v1.cluster
properties:
description: my-cluster
networkPolicy:
enabled: false
Positive test num. 3 - yaml file
resources:
- name: cluster
type: container.v1.cluster
properties:
description: my-cluster
addonsConfig:
networkPolicyConfig:
disabled: true