Kubernetes Cluster Without Terway as CNI Network Plugin

  • Query id: b9b7ada8-3868-4a35-854e-6100a2bb863d
  • Query name: Kubernetes Cluster Without Terway as CNI Network Plugin
  • Platform: Terraform
  • Severity: Medium
  • Category: Networking and Firewall
  • URL: Github

Description

Kubernetes Cluster should have Terway as CNI Network Plugin to configure network policies
Documentation

Code samples

Code samples with security vulnerabilities

Positive test num. 1 - tf file
terraform {
  required_providers {
    alicloud = {
      source = "aliyun/alicloud"
      version = "1.160.0"
    }
  }
}

provider "alicloud" {
  access_key = "xxxxxx"
  secret_key = "xxxxxx"
}

resource "alicloud_cs_kubernetes" "positive1" {
  worker_number = 4
  worker_vswitch_ids = ["vsw-id1", "vsw-id1", "vsw-id3"]
  master_vswitch_ids = ["vsw-id1", "vsw-id1", "vsw-id3"]
  master_instance_types  = ["ecs.n4.small", "ecs.sn1ne.xlarge", "ecs.n4.xlarge"]
  worker_instance_types  = ["ecs.n4.small", "ecs.sn1ne.xlarge", "ecs.n4.xlarge"]
}
Positive test num. 2 - tf file
terraform {
  required_providers {
    alicloud = {
      source = "aliyun/alicloud"
      version = "1.160.0"
    }
  }
}

provider "alicloud" {
  access_key = "xxxxxx"
  secret_key = "xxxxxx"
}

resource "alicloud_cs_kubernetes" "positive2" {
  worker_number = 4
  worker_vswitch_ids = ["vsw-id1", "vsw-id1", "vsw-id3"]
  master_vswitch_ids = ["vsw-id1", "vsw-id1", "vsw-id3"]
  master_instance_types  = ["ecs.n4.small", "ecs.sn1ne.xlarge", "ecs.n4.xlarge"]
  worker_instance_types  = ["ecs.n4.small", "ecs.sn1ne.xlarge", "ecs.n4.xlarge"]

  addons {
    config = ""
    name   = "terway-eniip"
  }
}
Positive test num. 3 - tf file
terraform {
  required_providers {
    alicloud = {
      source = "aliyun/alicloud"
      version = "1.160.0"
    }
  }
}

provider "alicloud" {
  access_key = "xxxxxx"
  secret_key = "xxxxxx"
}

resource "alicloud_cs_kubernetes" "positive3" {
  worker_number = 4
  worker_vswitch_ids = ["vsw-id1", "vsw-id1", "vsw-id3"]
  master_vswitch_ids = ["vsw-id1", "vsw-id1", "vsw-id3"]
  master_instance_types  = ["ecs.n4.small", "ecs.sn1ne.xlarge", "ecs.n4.xlarge"]
  worker_instance_types  = ["ecs.n4.small", "ecs.sn1ne.xlarge", "ecs.n4.xlarge"]

  pod_vswitch_ids = ["id1"]
}

Code samples without security vulnerabilities

Negative test num. 1 - tf file
terraform {
  required_providers {
    alicloud = {
      source = "aliyun/alicloud"
      version = "1.160.0"
    }
  }
}

provider "alicloud" {
  access_key = "xxxxxx"
  secret_key = "xxxxxx"
}

resource "alicloud_cs_kubernetes" "k8s" {
  worker_number = 4
  worker_vswitch_ids = ["vsw-id1", "vsw-id1", "vsw-id3"]
  master_vswitch_ids = ["vsw-id1", "vsw-id1", "vsw-id3"]
  master_instance_types  = ["ecs.n4.small", "ecs.sn1ne.xlarge", "ecs.n4.xlarge"]
  worker_instance_types  = ["ecs.n4.small", "ecs.sn1ne.xlarge", "ecs.n4.xlarge"]

  addons {
    config = ""
    name   = "terway-eniip"
  }

  pod_vswitch_ids = ["id1"]
}