Skip to main content

lacework-global-775

Disable Basic Authentication using static passwords (Automated)

Description

Disable Basic Authentication (basic auth) for API server authentication as it uses static passwords which you must rotate.

Remediation

Using Google Cloud Console:

  1. Go to Kubernetes Engine by visiting: https://console.cloud.google.com/kubernetes/list.
  2. Select the Kubernetes cluster for which Basic Authentication is currently enabled.
  3. Under Security, click the pencil icon next to Basic authentication.
  4. Uncheck the box to disable basic authentication.
  5. Click Save Changes.

Using Command Line:

To update an existing cluster and disable Basic Authentication by removing the static password:

gcloud container clusters update <cluster_name> --no-enable-basic-auth

References

https://cloud.google.com/kubernetes-engine/docs/how-to/hardening-your-cluster#restrict_authn_methods

Additional Information

Google Kubernetes Engine (GKE) cluster versions >= 1.19 do not have basic authentication.

Last updated on