PlatformResourcesSign inSign Up

Ensure GCP Kubernetes cluster node auto-upgrade configuration is enabled

Error: GCP Kubernetes cluster node auto-upgrade configuration is disabled

Bridgecrew Policy ID: BC_GCP_KUBERNETES_5
Checkov Check ID: CKV_GCP_10
Severity: MEDIUM

Suggest Edits

GCP Kubernetes cluster node auto-upgrade configuration is disabled

Description

Node auto-upgrade keeps nodes up-to-date with the latest cluster master version when your master is updated on your behalf. When a new cluster or node pool is created, node auto-upgrade is enabled as default.

We recommend you ensure auto-upgrade is enabled. Automatic node upgrade ensures that when new binaries are released you instantly get a fix with the latest security issues resolved. GKE will automatically ensure that security updates are applied and kept up to date.

Fix - Buildtime

Terraform

resource "google_container_node_pool" "primary_preemptible_nodes" {
  name       = "my-node-pool"
  cluster    = google_container_cluster.primary.id
  node_count = 1
  management {
    auto_upgrade = true
  }
    ]
  }
}

Updated 8 months ago