Kubernetes Cluster Without Terway as CNI Network Plugin
- Query id: b9b7ada8-3868-4a35-854e-6100a2bb863d
- Query name: Kubernetes Cluster Without Terway as CNI Network Plugin
- Platform: Terraform
- Severity: Medium
- Category: Networking and Firewall
- URL: Github
Description¶
Kubernetes Cluster should have Terway as CNI Network Plugin to configure network policies
Documentation
Code samples¶
Code samples with security vulnerabilities¶
Positive test num. 1 - tf file
terraform {
required_providers {
alicloud = {
source = "aliyun/alicloud"
version = "1.160.0"
}
}
}
provider "alicloud" {
access_key = "xxxxxx"
secret_key = "xxxxxx"
}
resource "alicloud_cs_kubernetes" "positive1" {
worker_number = 4
worker_vswitch_ids = ["vsw-id1", "vsw-id1", "vsw-id3"]
master_vswitch_ids = ["vsw-id1", "vsw-id1", "vsw-id3"]
master_instance_types = ["ecs.n4.small", "ecs.sn1ne.xlarge", "ecs.n4.xlarge"]
worker_instance_types = ["ecs.n4.small", "ecs.sn1ne.xlarge", "ecs.n4.xlarge"]
}
Positive test num. 2 - tf file
terraform {
required_providers {
alicloud = {
source = "aliyun/alicloud"
version = "1.160.0"
}
}
}
provider "alicloud" {
access_key = "xxxxxx"
secret_key = "xxxxxx"
}
resource "alicloud_cs_kubernetes" "positive2" {
worker_number = 4
worker_vswitch_ids = ["vsw-id1", "vsw-id1", "vsw-id3"]
master_vswitch_ids = ["vsw-id1", "vsw-id1", "vsw-id3"]
master_instance_types = ["ecs.n4.small", "ecs.sn1ne.xlarge", "ecs.n4.xlarge"]
worker_instance_types = ["ecs.n4.small", "ecs.sn1ne.xlarge", "ecs.n4.xlarge"]
addons {
config = ""
name = "terway-eniip"
}
}
Positive test num. 3 - tf file
terraform {
required_providers {
alicloud = {
source = "aliyun/alicloud"
version = "1.160.0"
}
}
}
provider "alicloud" {
access_key = "xxxxxx"
secret_key = "xxxxxx"
}
resource "alicloud_cs_kubernetes" "positive3" {
worker_number = 4
worker_vswitch_ids = ["vsw-id1", "vsw-id1", "vsw-id3"]
master_vswitch_ids = ["vsw-id1", "vsw-id1", "vsw-id3"]
master_instance_types = ["ecs.n4.small", "ecs.sn1ne.xlarge", "ecs.n4.xlarge"]
worker_instance_types = ["ecs.n4.small", "ecs.sn1ne.xlarge", "ecs.n4.xlarge"]
pod_vswitch_ids = ["id1"]
}
Code samples without security vulnerabilities¶
Negative test num. 1 - tf file
terraform {
required_providers {
alicloud = {
source = "aliyun/alicloud"
version = "1.160.0"
}
}
}
provider "alicloud" {
access_key = "xxxxxx"
secret_key = "xxxxxx"
}
resource "alicloud_cs_kubernetes" "k8s" {
worker_number = 4
worker_vswitch_ids = ["vsw-id1", "vsw-id1", "vsw-id3"]
master_vswitch_ids = ["vsw-id1", "vsw-id1", "vsw-id3"]
master_instance_types = ["ecs.n4.small", "ecs.sn1ne.xlarge", "ecs.n4.xlarge"]
worker_instance_types = ["ecs.n4.small", "ecs.sn1ne.xlarge", "ecs.n4.xlarge"]
addons {
config = ""
name = "terway-eniip"
}
pod_vswitch_ids = ["id1"]
}