Google Container Node Pool Auto Repair Disabled
- Query id: b4f65d13-a609-4dc1-af7c-63d2e08bffe9
- Query name: Google Container Node Pool Auto Repair Disabled
- Platform: Crossplane
- Severity: Medium
- Category: Insecure Configurations
- CWE: 703
- URL: Github
Description¶
Google Container Node Pool Auto Repair should be enabled. This service periodically checks for failing nodes and repairs them to ensure a smooth running state.
Documentation
Code samples¶
Code samples with security vulnerabilities¶
Positive test num. 1 - yaml file
apiVersion: container.gcp.crossplane.io/v1beta1
kind: NodePool
metadata:
name: cluster-np
spec:
forProvider:
autoscaling:
autoprovisioned: false
enabled: true
maxNodeCount: 5
minNodeCount: 3
clusterRef:
name: eutuxia-cluster
initialNodeCount: 3
config:
machineType: n1-standard-1
locations:
- "us-central1-a"
---
apiVersion: container.gcp.crossplane.io/v1beta1
kind: NodePool
metadata:
name: cluster-np
spec:
forProvider:
management:
autoRepair: false
autoscaling:
autoprovisioned: false
enabled: true
maxNodeCount: 5
minNodeCount: 3
clusterRef:
name: eutuxia-cluster
initialNodeCount: 3
config:
machineType: n1-standard-1
locations:
- "us-central1-a"
Code samples without security vulnerabilities¶
Negative test num. 1 - yaml file
apiVersion: container.gcp.crossplane.io/v1beta1
kind: NodePool
metadata:
name: cluster-np
spec:
forProvider:
management:
autoRepair: true
autoscaling:
autoprovisioned: false
enabled: true
maxNodeCount: 5
minNodeCount: 3
clusterRef:
name: eutuxia-cluster
initialNodeCount: 3
config:
machineType: n1-standard-1
locations:
- "us-central1-a"