Ensure 'master_auth' Block Exists For Google Kubernetes Engine (GKE) Cluster

Ensure that the master_auth block exists for Google Kubernetes Engine (GKE) clusters to configure authentication for access to the Kubernetes master endpoint. This helps in securing the cluster by specifying the credentials required for accessing the master, ensuring that only authorized users can manage the cluster.

Suggest Edits

Risk Level: high
Cloud Entity: Cloud Identity
Spectral Rule ID: TFGCP013
Category: Security and Identity

REMEDIATION

in google_container_cluster set master_auth

resource "google_container_cluster" "example" {
name     = "example-cluster"
location = "us-central1"

+  master_auth {
+    client_certificate_config {
+      ...
+    }
+  }
}

Cloud Identity

A unified identity, access, app, and endpoint management (IAM/EMM) platform.

https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/container_cluster
https://cloud.google.com/kubernetes-engine/docs/reference/rest/v1beta1/projects.locations.clusters
https://cloud.google.com/kubernetes-engine/docs/about

Updated 7 days ago

REMEDIATION

Cloud Identity

Read more: