Ensure the GKE Release Channel is set

Error: Kubernetes Engine cluster not using Release Channel for version management

Bridgecrew Policy ID: BC_GCP_KUBERNETES_26
Checkov Check ID: CKV_GCP_70
Severity: MEDIUM

Kubernetes Engine cluster not using Release Channel for version management

Description

The release channels allow organizations to better set their expectation of what is stable. GKE’s release channel options include “rapid,” “regular,” and “stable.” This allows you to opt for the alpha releases as part of the “rapid” option, “regular” for standard release needs and “stable” when the tried-and-tested version becomes available.

Fix - Buildtime

Terraform

resource "google_container_cluster" "success" {
  name               = var.name
  location           = var.location
  initial_node_count = 1
  project            = data.google_project.project.name

  network    = var.network
  subnetwork = var.subnetwork

  ip_allocation_policy {
    cluster_ipv4_cidr_block       = var.ip_allocation_policy["cluster_ipv4_cidr_block"]
    cluster_secondary_range_name  = var.ip_allocation_policy["cluster_secondary_range_name"]
    services_ipv4_cidr_block      = var.ip_allocation_policy["services_ipv4_cidr_block"]
    services_secondary_range_name = var.ip_allocation_policy["services_secondary_range_name"]
  }

  node_config {
    workload_metadata_config {
      node_metadata = "GKE_METADATA_SERVER"
    }
  }

  release_channel {
    channel = var.release_channel
  }

}

Updated 12 months ago