Ensure Kubernetes node group auto-upgrade is enabled.
Description
This policy checks whether Kubernetes node group auto-upgrade is enabled. Auto-upgrade is crucial for ensuring that node groups are updated with the latest security patches and features. If auto-upgrade is not enabled, the node group may be vulnerable to known security issues. Enabling auto-upgrade helps maintain the security and integrity of the Kubernetes cluster.
Code Example
terraform
resource "yandex_kubernetes_node_group" "example" {
maintenance_policy {
auto_upgrade = true
}
}Remediation
Enable the auto-upgrade feature for the Kubernetes node group by setting the maintenance_policy.auto_upgrade attribute to True.
Rule Details
| Field | Value |
|---|---|
| ID | IAC-1341 |
| Severity | MEDIUM |
| IaC Type | Terraform |
| Frameworks | yandex_kubernetes_node_group |
| Checkov ID | CKV_YC_8 |