Google Container Node Pool Auto Repair Disabled

• Query id: b4f65d13-a609-4dc1-af7c-63d2e08bffe9
• Query name: Google Container Node Pool Auto Repair Disabled
• Platform: Crossplane
• Severity: Medium
• Category: Insecure Configurations
• URL: Github

Description

Google Container Node Pool Auto Repair should be enabled. This service periodically checks for failing nodes and repairs them to ensure a smooth running state.
Documentation

Code samples

Code samples with security vulnerabilities

Postitive test num. 1 - yaml file

apiVersion: container.gcp.crossplane.io/v1beta1
kind: NodePool
metadata:
  name: cluster-np
spec:
  forProvider:
    autoscaling:
      autoprovisioned: false
      enabled: true
      maxNodeCount: 5
      minNodeCount: 3 
    clusterRef:
      name: eutuxia-cluster
    initialNodeCount: 3 
    config:
      machineType: n1-standard-1
    locations:
      - "us-central1-a"    
---
apiVersion: container.gcp.crossplane.io/v1beta1
kind: NodePool
metadata:
  name: cluster-np
spec:
  forProvider:
    management:
      autoRepair: false
    autoscaling:
      autoprovisioned: false
      enabled: true
      maxNodeCount: 5
      minNodeCount: 3 
    clusterRef:
      name: eutuxia-cluster
    initialNodeCount: 3 
    config:
      machineType: n1-standard-1
    locations:
      - "us-central1-a"    

Code samples without security vulnerabilities

Negative test num. 1 - yaml file

apiVersion: container.gcp.crossplane.io/v1beta1
kind: NodePool
metadata:
  name: cluster-np
spec:
  forProvider:
    management:
      autoRepair: true
    autoscaling:
      autoprovisioned: false
      enabled: true
      maxNodeCount: 5
      minNodeCount: 3 
    clusterRef:
      name: eutuxia-cluster
    initialNodeCount: 3 
    config:
      machineType: n1-standard-1
    locations:
      - "us-central1-a"