Pattern: Use of legacy authentication for GKE
Issue: -
It is recommended to use Service Accounts and OAuth as authentication methods for accessing the master in the container cluster.
Basic authentication should be disabled by explicitly unsetting the username and password on the master_auth block.
Resolution: Use service account or OAuth for authentication.
Example of incorrect code:
resource "google_container_cluster" "bad_example" {
}
resource "google_container_cluster" "gke" {
master_auth {
username = ""
password = ""
client_certificate_config {
issue_client_certificate = true
}
}
}Example of correct code:
resource "google_container_cluster" "good_example" {
master_auth {
username = ""
password = ""
}
}