COS Node Image Not Used

• Query id: be41f891-96b1-4b9d-b74f-b922a918c778
• Query name: COS Node Image Not Used
• Platform: Ansible
• Severity: Medium
• Category: Insecure Configurations
• URL: Github

Description

The node image should be Container-Optimized OS(COS)
Documentation

Code samples

Code samples with security vulnerabilities

Postitive test num. 1 - yaml file

---
- name: create a node pool
  google.cloud.gcp_container_node_pool:
    name: my-pool
    initial_node_count: 4
    cluster: "{{ cluster }}"
    location: us-central1-a
    project: test_project
    auth_kind: serviceaccount
    service_account_file: "/tmp/auth.pem"
    state: present
    config:
      image_type: WINDOWS_LTSC

Code samples without security vulnerabilities

Negative test num. 1 - yaml file

- name: create a node pool
  google.cloud.gcp_container_node_pool:
    name: my-pool
    initial_node_count: 4
    cluster: '{{ cluster }}'
    location: us-central1-a
    project: test_project
    auth_kind: serviceaccount
    service_account_file: /tmp/auth.pem
    state: present
    config:
      image_type: COS