Control: GCP > CIS v1 > 7 Kubernetes Engine > 7.03 Ensure Legacy Authorization is set to Disabled on Kubernetes Engine Clusters (Scored)
Configures auditing against a CIS Benchmark item.
Level: 1 (Scored)
In Kubernetes, authorizers interact by granting a permission if any authorizer grants the permission. The legacy authorizer in Kubernetes Engine grants broad, statically defined permissions. To ensure that RBAC limits permissions correctly, you must disable the legacy authorizer. RBAC has significant security advantages, can help you ensure that users only have access to cluster resources within their own namespace and is now stable in Kubernetes.
Resource Types
This control targets the following resource types:
Primary Policies
The following policies can be used to configure this control:
Category
In Your Workspace
Developers
- tmod:@turbot/gcp-cisv1#/control/types/r0703
- tmod:@turbot/cis#/control/categories/v0716
- turbot graphql controls --filter "controlTypeId:tmod:@turbot/gcp-cisv1#/control/types/r0703"
Get Controls
Control Type URI
Category URI
GraphQL
CLI