gcp-k8s-basic-auth-on

Ensure GKE basic auth is disabled

Older versions of Kubernetes (before 1.19) allowed an insecure method of authentication using simple username / password (through so-called Basic authentication). This has been deprecated in favor of GKE's integration with OAuth, which generates short-lived tokens instead.

Examples

Insecure Example

resource "google_container_cluster" "k8s-cluster" {
  name     = "my-gke"
  location = "us-central1"

  initial_node_count = 1

  network    = google_compute_network.vpc.name
  subnetwork = google_compute_subnetwork.subnet.name

  master_auth {
    username = "admin"
    password = "admin"
  }
}

Secure Example

resource "google_container_cluster" "k8s-cluster" {
  name     = "my-gke"
  location = "us-central1"

  initial_node_count = 1

  network    = google_compute_network.vpc.name
  subnetwork = google_compute_subnetwork.subnet.name

  # Simply omit this deprecated insecure configuration
}

More information

• GCP Docs
• Terraform Docs