Craig Bowers

icon location Chicago, IL

Results 6 comments of Craig Bowers

Installing the ARC on multiple orgs using GH App authentication

> > We've got customers in some cases with hundreds of orgs, and a controller per org will be too much overhead for them > > Implementation-wise, one would need...

CKV_GCP_69 doesn't function properly for default node pool

We are using the public module https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/tree/master/modules/beta-private-cluster-update-variant which is setting the optional parameter [node_pool](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/container_cluster#node_pool) for the default node pool. The module explicitly sets that [here](https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/blob/master/modules/beta-private-cluster-update-variant/cluster.tf#L347) Although it's not recommended to...

CKV_GCP_69 doesn't function properly for default node pool

I agree. That's why it's not recommended, but still a valid config that used in that public module provided by Google

CKV_GCP_69 doesn't function properly for default node pool

Ok, I see what you meant now. I thought you meant "check" for node_pool in the CKV_GCP_69 check. While the new check is great, I'd still have to exclude CKV_GCP_69...

CKV_GCP_69 doesn't function properly for default node pool

I think they have the default pool there in case no user supplied pools and they chose to use the optional `node_pools` config.

CKV_GCP_69 doesn't function properly for default node pool

I still think there should be a check for `node_pools` in CKV_GCP_69. Right now I'm having to exclude both CKV_GCP_69 and CKV_GCP_123 when using this public GKE module.