COS Node Image Not Used

  • Query id: dbe058d7-b82e-430b-8426-992b2e4677e7
  • Query name: COS Node Image Not Used
  • Platform: GoogleDeploymentManager
  • Severity: Medium
  • Category: Insecure Configurations
  • URL: Github

Description

The node image should be Container-Optimized OS(COS)
Documentation

Code samples

Code samples with security vulnerabilities

Positive test num. 1 - yaml file
resources:
  - name: nodePool
    type: container.v1.nodePool
    properties:
      name: my-node
      config:
        imageType: ubuntu

Code samples without security vulnerabilities

Negative test num. 1 - yaml file
resources:
  - name: nodePool
    type: container.v1.nodePool
    properties:
      name: my-node
      config:
        imageType: cos
Negative test num. 2 - yaml file
resources:
  - name: nodePool
    type: container.v1.nodePool
    properties:
      name: my-node
      config:
        imageType: cos_containerd
Negative test num. 3 - yaml file
resources:
  - name: nodePool
    type: container.v1.nodePool
    properties:
      name: my-node