Alibaba Cloud Kubernetes node pools are not set to auto repair
Description
This policy ensures that Kubernetes node pools in Alibaba Cloud have the auto-repair feature enabled. Auto-repair automatically replaces unhealthy nodes, ensuring high availability and stability of the cluster. This feature helps reduce manual intervention, minimizes downtime, and ensures that workloads are not disrupted by failed nodes.
Failing to enable auto-repair can result in degraded cluster performance or availability if node failures are not promptly addressed.
Code Example
go
resource "alicloud_cs_kubernetes_node_pool" "example" {
...
management {
+ auto_repair = true
}
}Remediation
Terraform
Terraform
- Resource: alicloud_cs_kubernetes_node_pool
- Arguments: management.auto_repair
To mitigate this issue, ensure the `management.auto_repair` attribute in the `alicloud_cs_kubernetes_node_pool` resource is set to `true`.
Example:
Rule Details
| Field | Value |
|---|---|
| ID | IAC-0031 |
| Severity | LOW |
| IaC Type | Terraform |
| Frameworks | Terraform |
| Checkov ID | CKV_ALI_31 |