lacework-global-775
Disable Basic Authentication using static passwords (Automated)
Description
Disable Basic Authentication (basic auth) for API server authentication as it uses static passwords which you must rotate.
Remediation
Using Google Cloud Console:
- Go to Kubernetes Engine by visiting: https://console.cloud.google.com/kubernetes/list.
- Select the Kubernetes cluster for which Basic Authentication is currently enabled.
- Under
Security
, click the pencil icon next toBasic authentication
. - Uncheck the box to
disable basic authentication
. - Click
Save Changes
.
Using Command Line:
To update an existing cluster and disable Basic Authentication by removing the static password:
gcloud container clusters update <cluster_name> --no-enable-basic-auth
References
https://cloud.google.com/kubernetes-engine/docs/how-to/hardening-your-cluster#restrict_authn_methods
Additional Information
Google Kubernetes Engine (GKE) cluster versions >= 1.19 do not have basic authentication.