Information
There are a variety of CNI plugins available for Kubernetes. If the CNI in use does not support Network Policies it may not be possible to effectively restrict traffic in the cluster.
Rationale:
Kubernetes network policies are enforced by the CNI plugin in use. As such it is important to ensure that the CNI plugin supports both Ingress and Egress network policies.
See also Recommendation 6.6.7 for GKE specifically.
NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.
Solution
To use a CNI plugin with Network Policy, enable Network Policy in GKE, and the CNI plugin will be updated. See Recommendation 6.6.7.
Impact:
None.
Default Value:
This will depend on the CNI plugin in use.