GKE using certificate based authentication

Authentication

GKE using certificate based authentication

Risk Level

Informational (4)

Platform(s)

Compliance Frameworks

Brazilian General Data Protection (LGPD)
CCPA
CPRA
Data Security Posture Management (DSPM) Best Practices
GKE CIS
ISO/IEC 27001
K8s OWASP Top 10
NIST 800-171
NIST 800-190
NIST 800-53
PDPA
UK Cyber Essentials

Description

A client certificate is a base64-encoded public certificate used by clients to authenticate to the cluster endpoint. Client certificates can authenticate and perform any action on the API server in some scenarios. Orca has detected that {GcpGkeCluster} uses certificate based authentication.

Recommended Mitigation

Consider not using certificate based authentication. For further information, visit: <a href="https://cloud.google.com/kubernetes-engine/docs/how-to/api-server-authentication#disabling_authentication_with_a_client_certificate" target="_blank" rel="noopener noreferrer">https://cloud.google.com/kubernetes-engine/docs/how-to/api-server-authentication#disabling_authentication_with_a_client_certificate</a>

GKE using certificate based authentication

Description

Need help?

CLOUD SECURITY PLATFORM

TECHNOLOGY ECOSYSTEM

By Solution

By Industry

COMPARISONS