Client Certificate Disabled
- Query id: dd690686-2bf9-4012-a821-f61912dd77be
- Query name: Client Certificate Disabled
- Platform: GoogleDeploymentManager
- Severity: High
- Category: Insecure Configurations
- URL: Github
Description¶
Kubernetes Clusters must be created with Client Certificate enabled, which means 'masterAuth' must have 'clientCertificateConfig' with the attribute 'issueClientCertificate' equal to true
Documentation
Code samples¶
Code samples with security vulnerabilities¶
Positive test num. 1 - yaml file
resources:
- name: cluster
type: container.v1.cluster
properties:
name: my-cluster
Positive test num. 2 - yaml file
resources:
- name: cluster
type: container.v1.cluster
properties:
name: my-cluster
masterAuth:
clientKey: key
Positive test num. 3 - yaml file
resources:
- name: cluster
type: container.v1.cluster
properties:
name: my-cluster
masterAuth:
clientCertificateConfig:
issueClientCertificate: false