kube-bench/cfg/gke-1.0/controlplane.yaml

---
controls:
version: "gke-1.0"
id: 3
text: "Control Plane Configuration"
type: "controlplane"
groups:
  - id: 3.1
    text: "Authentication and Authorization"
    checks:
      - id: 3.1.1
        text: "Client certificate authentication should not be used for users (Not Scored)"
        type: "manual"
        remediation: |
          Alternative mechanisms provided by Kubernetes such as the use of OIDC should be
          implemented in place of client certificates.
          You can remediate the availability of client certificates in your GKE cluster. See
          Recommendation 6.8.2.
        scored: false

  - id: 3.2
    text: "Logging"
    type: skip
    checks:
      - id: 3.2.1
        text: "Ensure that a minimal audit policy is created (Not Scored)"
        remediation: "This control cannot be modified in GKE."
        scored: false

      - id: 3.2.2
        text: "Ensure that the audit policy covers key security concerns (Not Scored) "
        remediation: "This control cannot be modified in GKE."
        scored: false
CIS GKE 1.0.0 benchmark (#570) * Add initial commit for CIS GKE 1.0 benchmark * Update README with GKE instructions * Fix YAML linter issues * Set GKE benchmark k8s version to gke-1.0 * Add tests for gke-1.0 Co-authored-by: Roberto Rojas <robertojrojas@gmail.com> 2020-03-03 14:51:48 +00:00			`---`
			`controls:`
			`version: "gke-1.0"`
			`id: 3`
			`text: "Control Plane Configuration"`
			`type: "controlplane"`
			`groups:`
			`- id: 3.1`
			`text: "Authentication and Authorization"`
			`checks:`
			`- id: 3.1.1`
			`text: "Client certificate authentication should not be used for users (Not Scored)"`
			`type: "manual"`
			`remediation: \|`
			`Alternative mechanisms provided by Kubernetes such as the use of OIDC should be`
			`implemented in place of client certificates.`
			`You can remediate the availability of client certificates in your GKE cluster. See`
			`Recommendation 6.8.2.`
			`scored: false`

			`- id: 3.2`
			`text: "Logging"`
Update gke-1.0 (#873) * Create controlplane.yaml * Update and tidy yaml * Update and tidy yaml * Update and tidy yaml 2021-05-18 13:37:55 +00:00			`type: skip`
CIS GKE 1.0.0 benchmark (#570) * Add initial commit for CIS GKE 1.0 benchmark * Update README with GKE instructions * Fix YAML linter issues * Set GKE benchmark k8s version to gke-1.0 * Add tests for gke-1.0 Co-authored-by: Roberto Rojas <robertojrojas@gmail.com> 2020-03-03 14:51:48 +00:00			`checks:`
			`- id: 3.2.1`
			`text: "Ensure that a minimal audit policy is created (Not Scored)"`
			`remediation: "This control cannot be modified in GKE."`
			`scored: false`

			`- id: 3.2.2`
			`text: "Ensure that the audit policy covers key security concerns (Not Scored) "`
			`remediation: "This control cannot be modified in GKE."`
			`scored: false`