Beta - Ensure GKE Version Management Is Automated Using Release Channels

Query id: c1701dcf-24df-4675-b863-340233c4e34f
Query name: Beta - Ensure GKE Version Management Is Automated Using Release Channels
Platform: Terraform
Severity: Low
Category: Best Practices
CWE: 1188
Risk score: 1.0
URL: Github

Description¶

Release Channel should be subscribed to Regular or Stable to automate version upgrades to the GKE cluster and to reduce version management complexity to the number of features and level of stability required.
Documentation

Code samples¶

Code samples with security vulnerabilities¶

Positive test num. 1 - tf file

resource "google_container_cluster" "positive1" {
  name     = "my-gke-cluster"
  location = "us-central1"
  initial_node_count       = 1
}

Positive test num. 2 - tf file

resource "google_container_cluster" "positive2" {
  name     = "my-gke-cluster"
  location = "us-central1"
  initial_node_count       = 1
  release_channel {
    channel = "UNSPECIFIED"
  }
}

Positive test num. 3 - tf file

resource "google_container_cluster" "positive3" {
  name     = "my-gke-cluster"
  location = "us-central1"
  initial_node_count       = 1
  release_channel {
    channel = "RAPID"
  }
}

Positive test num. 4 - tf file

resource "google_container_cluster" "positive4" {
  name     = "my-gke-cluster"
  location = "us-central1"
  initial_node_count       = 1
  release_channel {
    channel = "EXTENDED"
  }
}

Code samples without security vulnerabilities¶

Negative test num. 1 - tf file

resource "google_container_cluster" "negative1" {
  name     = "my-gke-cluster"
  location = "us-central1"
  initial_node_count       = 1
  release_channel {
    channel = "REGULAR"
  }
}

Negative test num. 2 - tf file

resource "google_container_cluster" "negative2" {
  name     = "my-gke-cluster"
  location = "us-central1"
  initial_node_count       = 1
  release_channel {
    channel = "STABLE"
  }
}