Master authorized networks must be enabled in GKE clusters

ID

gcp_gke_master_authorized_networks_disabled

Severity

high

Vendor

GCP

Resource

AIM

Tags

reachable

Description

master_authorized_networks_config should be enabled on google cloud container clusters to restrict access from unknown networks.

To fix it, you must configure the master_authorized_networks_config.enabled property to true.

Learn more about this topic at Creating a private cluster.

Examples

---
- name: create a cluster
  google.cloud.gcp_container_cluster:
    name: my-cluster
    initial_node_count: 2
    location: us-central1-a
    auth_kind: serviceaccount
    master_authorized_networks_config:
      cidr_blocks:
      - cidr_block: 192.0.2.0/24
      enabled: no
    state: present

Mitigation / Fix

---
- name: create a cluster
  google.cloud.gcp_container_cluster:
    name: my-cluster
    initial_node_count: 2
    location: us-central1-a
    auth_kind: serviceaccount
    master_authorized_networks_config:
      cidr_blocks:
      - cidr_block: 192.0.2.0/24
      enabled: yes
    state: present