fix: updated policy-v2 README file (#212)

google · May 22, 2024 · 2abf5ba · 2abf5ba
1 parent 0eb97e4
commit 2abf5ba
Showing 1 changed file with 2 additions and 2 deletions.
diff --git a/gke-policies-v2/README.md b/gke-policies-v2/README.md
@@ -11,8 +11,8 @@ of our policy files.
 |Name|Group|Description|CIS Benchmark|
 |-|-|-|-|
 |[Enable node auto-repair](../gke-policies-v2/policy/node_pool_autorepair.rego)|Availability|GKE node pools should have Node Auto-Repair enabled to configure Kubernetes Engine|[CIS GKE](https://cloud.google.com/kubernetes-engine/docs/concepts/cis-benchmarks#accessing-gke-benchmark) 1.4: 5.5.2|
-|[Ensure redudndancy of the node pools](../gke-policies-v2/policy/node_pool_multi_zone.rego)|Availability|GKE node pools should be regional (multiple zones) for maximum nodes availability during zonal outages||
 |[Ensure redundancy of the Control Plane](../gke-policies-v2/policy/control_plane_redundancy.rego)|Availability|GKE cluster should be regional for maximum availability of control plane during upgrades and zonal outages||
+|[Ensure redundancy of the node pools](../gke-policies-v2/policy/node_pool_multi_zone.rego)|Availability|GKE node pools should be regional (multiple zones) for maximum nodes availability during zonal outages||
 |[Enable Cloud Monitoring and Logging](../gke-policies-v2/policy/monitoring_and_logging.rego)|Maintenance|GKE cluster should use Cloud Logging and Monitoring|[CIS GKE](https://cloud.google.com/kubernetes-engine/docs/concepts/cis-benchmarks#accessing-gke-benchmark) 1.4: 5.7.1|
 |[Enable Compute Engine persistent disk CSI driver](../gke-policies-v2/policy/cluster_gce_csi_driver.rego)|Management|Automatic deployment and management of the Compute Engine persistent disk CSI driver. The driver provides support for features like customer managed encryption keys or volume snapshots.||
 |[Enable GKE upgrade notifications](../gke-policies-v2/policy/cluster_receive_updates.rego)|Management|GKE cluster should be proactively receive updates about GKE upgrades and GKE versions||
@@ -38,9 +38,9 @@ of our policy files.
 |[Change default Service Accounts in node pools](../gke-policies-v2/policy/node_pool_forbid_default_sa.rego)|Security|GKE node pools should have a dedicated sa with a restricted set of permissions|[CIS GKE](https://cloud.google.com/kubernetes-engine/docs/concepts/cis-benchmarks#accessing-gke-benchmark) 1.4: 5.2.1|
 |[Configure Container-Optimized OS for Node Auto-Provisioning node pools](../gke-policies-v2/policy/nap_use_cos.rego)|Security|Nodes in Node Auto-Provisioning should use Container-Optimized OS|[CIS GKE](https://cloud.google.com/kubernetes-engine/docs/concepts/cis-benchmarks#accessing-gke-benchmark) 1.4: 5.5.1|
 |[Configure Container-Optimized OS for node pools](../gke-policies-v2/policy/node_pool_use_cos.rego)|Security|GKE node pools should use Container-Optimized OS which is maintained by Google and optimized for running Docker containers with security and efficiency.|[CIS GKE](https://cloud.google.com/kubernetes-engine/docs/concepts/cis-benchmarks#accessing-gke-benchmark) 1.4: 5.5.1|
+|[Disable control plane basic authentication](../gke-policies-v2/policy/control_plane_disable_password_authentication.rego)|Security|Disable Basic Authentication (basic auth) for API server authentication as it uses static passwords which need to be rotated.|[CIS GKE](https://cloud.google.com/kubernetes-engine/docs/concepts/cis-benchmarks#accessing-gke-benchmark) 1.4: 5.8.1|
 |[Disable control plane certificate authentication](../gke-policies-v2/policy/control_plane_disable_cert_authentication.rego)|Security|Disable Client Certificates, which require certificate rotation, for authentication. Instead, use another authentication method like OpenID Connect.|[CIS GKE](https://cloud.google.com/kubernetes-engine/docs/concepts/cis-benchmarks#accessing-gke-benchmark) 1.4: 5.8.2|
 |[Disable legacy ABAC authorization](../gke-policies-v2/policy/control_plane_disable_legacy_authorization.rego)|Security|GKE cluster should use RBAC instead of legacy ABAC authorization|[CIS GKE](https://cloud.google.com/kubernetes-engine/docs/concepts/cis-benchmarks#accessing-gke-benchmark) 1.4: 5.8.4|
-|[Disalbe control plane basic authentication](../gke-policies-v2/policy/control_plane_disable_password_authentication.rego)|Security|Disable Basic Authentication (basic auth) for API server authentication as it uses static passwords which need to be rotated.|[CIS GKE](https://cloud.google.com/kubernetes-engine/docs/concepts/cis-benchmarks#accessing-gke-benchmark) 1.4: 5.8.1|
 |[Enable Customer-Managed Encryption Keys for persistent disks](../gke-policies-v2/policy/node_pool_disk_encryption.rego)|Security|Use Customer-Managed Encryption Keys (CMEK) to encrypt node boot and dynamically-provisioned attached Google Compute Engine Persistent Disks (PDs) using keys managed within Cloud Key Management Service (Cloud KMS).|[CIS GKE](https://cloud.google.com/kubernetes-engine/docs/concepts/cis-benchmarks#accessing-gke-benchmark) 1.4: 5.9.1|
 |[Enable GKE intranode visibility](../gke-policies-v2/policy/intranode_visibility.rego)|Security|GKE cluster should have intranode visibility enabled|[CIS GKE](https://cloud.google.com/kubernetes-engine/docs/concepts/cis-benchmarks#accessing-gke-benchmark) 1.4: 5.6.1|
 |[Enable Google Groups for RBAC](../gke-policies-v2/policy/node_rbac_security_group.rego)|Security|GKE cluster should have RBAC security Google group enabled|[CIS GKE](https://cloud.google.com/kubernetes-engine/docs/concepts/cis-benchmarks#accessing-gke-benchmark) 1.4: 5.8.3|