Node Auto Upgrade Disabled
- Query id: b139213e-7d24-49c2-8025-c18faa21ecaa
- Query name: Node Auto Upgrade Disabled
- Platform: Terraform
- Severity: High
- Category: Resource Management
- URL: Github
Description¶
Kubernetes nodes must have auto upgrades set to true, which means Node 'auto_upgrade' should be enabled for Kubernetes Clusters
Documentation
Code samples¶
Code samples with security vulnerabilities¶
Positive test num. 1 - tf file
resource "google_container_node_pool" "positive1" {
name = "my-node-pool"
location = "us-central1-a"
cluster = google_container_cluster.primary.name
node_count = 3
timeouts {
create = "30m"
update = "20m"
}
}
resource "google_container_node_pool" "positive2" {
name = "my-node-pool"
location = "us-central1-a"
cluster = google_container_cluster.primary.name
node_count = 3
management {
auto_repair = true
}
timeouts {
create = "30m"
update = "20m"
}
}
resource "google_container_node_pool" "positive3" {
name = "my-node-pool"
location = "us-central1-a"
cluster = google_container_cluster.primary.name
node_count = 3
management {
auto_upgrade = false
}
timeouts {
create = "30m"
update = "20m"
}
}