Node Auto Upgrade Disabled

  • Query id: dc5c5fee-6c53-43b0-ab11-4c660e064aaf
  • Query name: Node Auto Upgrade Disabled
  • Platform: GoogleDeploymentManager
  • Severity: Medium
  • Category: Resource Management
  • CWE: 1188
  • URL: Github

Description

Kubernetes nodes must have auto upgrades set to true, which means the attribute 'nodePools' must be defined and the subattribute 'managment' must be defined and have the attribute 'autoUpgrade' set to true
Documentation

Code samples

Code samples with security vulnerabilities

Positive test num. 1 - yaml file
resources:
  - name: cluster
    type: container.v1.cluster
    properties:
      description: my-cluster
Positive test num. 2 - yaml file
resources:
  - name: cluster
    type: container.v1.cluster
    properties:
      description: my-cluster
      nodePools:
        initialNodeCount: 2
Positive test num. 3 - yaml file
resources:
  - name: cluster
    type: container.v1.cluster
    properties:
      description: my-cluster
      nodePools:
        initialNodeCount: 2
        management:
          autoRepair: true

Positive test num. 4 - yaml file 
resources:
  - name: cluster
    type: container.v1.cluster
    properties:
      description: my-cluster
      nodePools:
        initialNodeCount: 2
        management:
          autoUpgrade: false

Code samples without security vulnerabilities

Negative test num. 1 - yaml file
resources:
  - name: cluster
    type: container.v1.cluster
    properties:
      description: my-cluster
      nodePools:
        initialNodeCount: 2
        management:
          autoUpgrade: true