kube-bench/cfg/gke-1.6.0/controlplane.yaml

---
controls:
version: "gke-1.6.0"
id: 2
text: "Control Plane Configuration"
type: "controlplane"
groups:
  - id: 2.1
    text: "Authentication and Authorization"
    checks:
      - id: 2.1.1
        text: "Client certificate authentication should not be used for users (Manual)"
        type: "manual"
        remediation: |
          Alternative mechanisms provided by Kubernetes such as the use of OIDC should be
          implemented in place of client certificates.

          You can remediate the availability of client certificates in your GKE cluster. See
          Recommendation 5.8.1.
        scored: false
Add GKE 1.6 CIS benchmark for GCP environment (#1672) * Add config entries for GKE 1.6 controls * Add gke1.6 control plane recommendations * Add gke-1.6.0 worker node recommendations * Add gke-1.6.0 policy recommendations * Add managed services and policy recommendation * Add master recommendations * Fix formatting across gke-1.6.0 files * Add gke-1.6.0 benchmark selection based on k8s version * Workaround: hardcode kubelet config path for gke-1.6.0 * Fix tests for makeIPTablesUtilChaings * Change scored field for all node tests to true * Fix kubelet file permission to check for --------- Co-authored-by: afdesk <work@afdesk.com> 2024-10-11 04:49:35 +00:00			`---`
			`controls:`
			`version: "gke-1.6.0"`
			`id: 2`
			`text: "Control Plane Configuration"`
			`type: "controlplane"`
			`groups:`
			`- id: 2.1`
			`text: "Authentication and Authorization"`
			`checks:`
			`- id: 2.1.1`
			`text: "Client certificate authentication should not be used for users (Manual)"`
			`type: "manual"`
			`remediation: \|`
			`Alternative mechanisms provided by Kubernetes such as the use of OIDC should be`
			`implemented in place of client certificates.`

			`You can remediate the availability of client certificates in your GKE cluster. See`
			`Recommendation 5.8.1.`
			`scored: false`