Master authorized networks should be configured on GKE clusters
| Property | |
|---|---|
| Language |  |
| Severity |  |
| Service | gke |
| Provider | |
| Vulnerability Type | omission |
Description#
The GKE cluster is not configured with master authorized networks, allowing unrestricted network access to the Kubernetes master endpoint. This means any IP address can attempt to connect to the cluster control plane.
Impact#
Without network restrictions, attackers can target the master endpoint from anywhere, increasing the risk of unauthorized access, data breaches, or control over the cluster. This exposes critical infrastructure to potential compromise and service disruption.
Resolution#
Enable master authorized networks