gcp-k8s-basic-auth-on¶
Ensure GKE basic auth is disabled
Older versions of Kubernetes (before 1.19) allowed an insecure method of authentication using simple username / password (through so-called Basic authentication). This has been deprecated in favor of GKE's integration with OAuth, which generates short-lived tokens instead.
Examples¶
Insecure Example
resource "google_container_cluster" "k8s-cluster" {
name = "my-gke"
location = "us-central1"
initial_node_count = 1
network = google_compute_network.vpc.name
subnetwork = google_compute_subnetwork.subnet.name
master_auth {
username = "admin"
password = "admin"
}
}
Secure Example
resource "google_container_cluster" "k8s-cluster" {
name = "my-gke"
location = "us-central1"
initial_node_count = 1
network = google_compute_network.vpc.name
subnetwork = google_compute_subnetwork.subnet.name
# Simply omit this deprecated insecure configuration
}