GCP Kubernetes cluster node auto-upgrade configuration disabled
Description
Node auto-upgrade keeps nodes up-to-date with the latest cluster master version when your master is updated on your behalf. When a new cluster or node pool is created, node auto-upgrade is enabled as default. We recommend you ensure auto-upgrade is enabled. Automatic node upgrade ensures that when new binaries are released you instantly get a fix with the latest security issues resolved. GKE will automatically ensure that security updates are applied and kept up to date.
Code Example
go
resource "google_container_node_pool" "primary_preemptible_nodes" {
name = "my-node-pool"
cluster = google_container_cluster.primary.id
node_count = 1
management {
auto_upgrade = true
}
]
}
}Remediation
Terraform
Rule Details
| Field | Value |
|---|---|
| ID | IAC-0870 |
| Severity | INFO |
| IaC Type | Terraform |
| Frameworks | Terraform, TerraformPlan |
| Checkov ID | CKV_GCP_10 |