Network Policy Disabled

  • Query id: c47f90e8-4a19-43f0-8413-cc434d286c4e
  • Query name: Network Policy Disabled
  • Platform: GoogleDeploymentManager
  • Severity: High
  • Category: Insecure Configurations
  • URL: Github

Description

Kubernetes Engine Clusters must have Network Policy enabled, meaning that the attribute 'networkPolicy.enabled' must be true and the attribute 'addonsConfig.networkPolicyConfig.disabled' must be false
Documentation

Code samples

Code samples with security vulnerabilities

Positive test num. 1 - yaml file
resources:
  - name: cluster
    type: container.v1.cluster
    properties:
      description: my-cluster
Positive test num. 2 - yaml file
resources:
  - name: cluster
    type: container.v1.cluster
    properties:
      description: my-cluster
      networkPolicy:
        enabled: false
Positive test num. 3 - yaml file
resources:
  - name: cluster
    type: container.v1.cluster
    properties:
      description: my-cluster
      addonsConfig:
        networkPolicyConfig:
          disabled: true

Positive test num. 4 - yaml file
resources:
  - name: cluster
    type: container.v1.cluster
    properties:
      description: my-cluster
      networkPolicy:
        enabled: false
      addonsConfig:
        networkPolicyConfig:
          disabled: true

Code samples without security vulnerabilities

Negative test num. 1 - yaml file
resources:
  - name: cluster
    type: container.v1.cluster
    properties:
      description: my-cluster
      networkPolicy:
        enabled: true
      addonsConfig:
        networkPolicyConfig:
          disabled: false