GKE Node Pool auto repair is disabled Affecting Kubernetes (Container) Engine service in Google

Snyk CCSS

Containers / APIs

Is your enviroment affected by this misconfiguration?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Frameworks

Snyk ID SNYK-CC-00426
credit Snyk Research Team

Report a new misconfiguration Found a mistake?

Description

Increases the security management overhead.

How to fix?

Set management.auto_repair attribute to true to enable auto-repair for a GKE node pool.

Example Configuration

resource "google_container_node_pool" "allowed" {
  name       = "node-pool426"
  cluster    = google_container_cluster.primary.id
  node_count = 1

  node_config {
    preemptible     = true
    machine_type    = "e2-medium"
    service_account = google_service_account.default.email
    oauth_scopes = [
      "https://www.googleapis.com/auth/cloud-platform"
    ]
  }

  management {
    auto_repair  = true
    auto_upgrade = true
  }
}

Terraform

google_container_node_pool

GKE Node Pool auto repair is disabled Affecting Kubernetes (Container) Engine service in Google

Severity

Description

How to fix?

Example Configuration

Terraform