COS Node Image Not Used
- Query id: be41f891-96b1-4b9d-b74f-b922a918c778
- Query name: COS Node Image Not Used
- Platform: Ansible
- Severity: Medium
- Category: Insecure Configurations
- URL: Github
Description¶
The node image should be Container-Optimized OS(COS)
Documentation
Code samples¶
Code samples with security vulnerabilities¶
Postitive test num. 1 - yaml file
---
- name: create a node pool
google.cloud.gcp_container_node_pool:
name: my-pool
initial_node_count: 4
cluster: "{{ cluster }}"
location: us-central1-a
project: test_project
auth_kind: serviceaccount
service_account_file: "/tmp/auth.pem"
state: present
config:
image_type: WINDOWS_LTSC
Code samples without security vulnerabilities¶
Negative test num. 1 - yaml file
- name: create a node pool
google.cloud.gcp_container_node_pool:
name: my-pool
initial_node_count: 4
cluster: '{{ cluster }}'
location: us-central1-a
project: test_project
auth_kind: serviceaccount
service_account_file: /tmp/auth.pem
state: present
config:
image_type: COS