IP Aliasing Disabled

  • Query id: 28727987-e398-49b8-aef1-8a3e7789d111
  • Query name: IP Aliasing Disabled
  • Platform: GoogleDeploymentManager
  • Severity: Medium
  • Category: Insecure Configurations
  • CWE: 1188
  • URL: Github

Description

Kubernetes Clusters must be created with Alias IP ranges enabled, which means the attribute 'ipAllocationPolicy' must be defined and the subattribute 'useIpAliases' must be set to 'true'.
Documentation

Code samples

Code samples with security vulnerabilities

Positive test num. 1 - yaml file
resources:
  - name: cluster
    type: container.v1.cluster
    properties:
      description: my-cluster
Positive test num. 2 - yaml file
resources:
  - name: cluster
    type: container.v1.cluster
    properties:
      description: my-cluster
      ipAllocationPolicy:
        subnetworkName: my-network
Positive test num. 3 - yaml file
resources:
  - name: cluster
    type: container.v1.cluster
    properties:
      description: my-cluster
      ipAllocationPolicy:
        subnetworkName: my-network
        useIpAliases: false

Code samples without security vulnerabilities

Negative test num. 1 - yaml file
resources:
  - name: cluster
    type: container.v1.cluster
    properties:
      description: my-cluster
      ipAllocationPolicy:
        subnetworkName: my-network
        useIpAliases: true