Ensure 'master_auth' Block Exists For Google Kubernetes Engine (GKE) Cluster

Ensure that the master_auth block exists for Google Kubernetes Engine (GKE) clusters to configure authentication for access to the Kubernetes master endpoint. This helps in securing the cluster by specifying the credentials required for accessing the master, ensuring that only authorized users can manage the cluster.

Suggest Edits

Risk Level: high
Cloud Entity: Google Kubernetes Engine (GKE)
Spectral Rule ID: TFGCP018
Category: Containers

REMEDIATION

set master_auth in google_container_cluster

resource "google_container_cluster" "example" {
name     = "example-cluster"
location = "us-central1"

+  master_auth {
+    client_certificate_config {
+      ...
+    }
+  }
}

Google Kubernetes Engine (GKE)

GKE's Autopilot mode is a hands-off, fully managed Kubernetes platform that manages your cluster’s underlying compute infrastructure (without you needing to configure or monitor)—while still delivering a complete Kubernetes experience. And with per-pod billing, Autopilot ensures you pay only for your running pods, not system components, operating system overhead, or unallocated capacity for up to 85% savings from resource and operational efficiency.

Updated 7 days ago

REMEDIATION

Google Kubernetes Engine (GKE)

Read more: