github.com/khulnasoft-lab/kube-bench@v0.2.1-0.20240330183753-9df52345ae58/cfg/gke-1.2.0/controlplane.yaml

github.com/khulnasoft-lab/kube-bench@v0.2.1-0.20240330183753-9df52345ae58/cfg/gke-1.2.0/controlplane.yaml (about)

     1  ---
     2  controls:
     3  version: "gke-1.2.0"
     4  id: 2
     5  text: "Control Plane Configuration"
     6  type: "controlplane"
     7  groups:
     8    - id: 2.1
     9      text: "Authentication and Authorization"
    10      checks:
    11        - id: 2.1.1
    12          text: "Client certificate authentication should not be used for users (Manual)"
    13          type: "manual"
    14          remediation: |
    15            Alternative mechanisms provided by Kubernetes such as the use of OIDC should be
    16            implemented in place of client certificates.
    17            You can remediate the availability of client certificates in your GKE cluster. See
    18            Recommendation 6.8.2.
    19          scored: false
    20  
    21    - id: 2.2
    22      text: "Logging"
    23      type: skip
    24      checks:
    25        - id: 2.2.1
    26          text: "Ensure that a minimal audit policy is created (Manual)"
    27          type: "manual"
    28          remediation: "This control cannot be modified in GKE."
    29          scored: false
    30  
    31        - id: 2.2.2
    32          text: "Ensure that the audit policy covers key security concerns (Manual)"
    33          type: "manual"
    34          remediation: "This control cannot be modified in GKE."
    35          scored: false