Control: GCP > CIS v1 > 7 Kubernetes Engine > 7.03 Ensure Legacy Authorization is set to Disabled on Kubernetes Engine Clusters (Scored)

Configures auditing against a CIS Benchmark item.

Level: 1 (Scored)

In Kubernetes, authorizers interact by granting a permission if any authorizer grants the permission. The legacy authorizer in Kubernetes Engine grants broad, statically defined permissions. To ensure that RBAC limits permissions correctly, you must disable the legacy authorizer. RBAC has significant security advantages, can help you ensure that users only have access to cluster resources within their own namespace and is now stable in Kubernetes.

Resource Types

This control targets the following resource types:

Primary Policies

The following policies can be used to configure this control:

7.03 Ensure Legacy Authorization is set to Disabled on Kubernetes Engine Clusters (Scored)

In Your Workspace

Developers

Control Type URI

tmod:@turbot/gcp-cisv1#/control/types/r0703

Category URI

tmod:@turbot/cis#/control/categories/v0716

GraphQL

query controlType(id: "tmod:@turbot/gcp-cisv1#/control/types/r0703") { … }

query controls(filter: "controlTypeId:'tmod:@turbot/gcp-cisv1#/control/types/r0703'") { … }

CLI

Get Controls

turbot graphql controls --filter "controlTypeId:tmod:@turbot/gcp-cisv1#/control/types/r0703"