Ensure Kubernetes cluster does not have public IP address.
Description
This policy checks whether a Kubernetes cluster has a public IP address assigned to it. Having a public IP address can expose the cluster to unnecessary security risks, as it can be accessed from outside the network. It is recommended to keep the cluster private and only allow access through a controlled ingress point. By ensuring the cluster does not have a public IP address, the risk of unauthorized access is reduced.
Code Example
terraform
resource "yandex_kubernetes_cluster" "example" {
network_id = yandex_vpc_network.example.id
master {
public_ip = false
}
}Remediation
Ensure the Kubernetes cluster does not have a public IP address by setting the public_ip attribute to False.
Rule Details
| Field | Value |
|---|---|
| ID | IAC-1338 |
| Severity | MEDIUM |
| IaC Type | Terraform |
| Frameworks | yandex_kubernetes_cluster |
| Checkov ID | CKV_YC_5 |