Ensure Kubernetes cluster auto-upgrade is enabled.
Description
This policy checks whether Kubernetes cluster auto-upgrade is enabled. Auto-upgrade is an important security feature that ensures the cluster is updated with the latest security patches and updates. If auto-upgrade is not enabled, the cluster may be vulnerable to known security issues. Enabling auto-upgrade helps to reduce the risk of security breaches and ensures the cluster remains up-to-date with the latest security fixes.
Code Example
terraform
resource "yandex_kubernetes_cluster" "example" {
master {
maintenance_policy {
auto_upgrade = true
}
}
}Remediation
Enable the auto-upgrade feature for the Kubernetes cluster by setting the auto_upgrade field to True in the maintenance policy.
Rule Details
| Field | Value |
|---|---|
| ID | IAC-1340 |
| Severity | MEDIUM |
| IaC Type | Terraform |
| Frameworks | yandex_kubernetes_cluster |
| Checkov ID | CKV_YC_7 |