GKE Node Pool auto upgrade disabled Affecting Kubernetes (Container) Engine service in Google

Snyk CCSS

Containers / APIs

Is your enviroment affected by this misconfiguration?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Frameworks

Snyk ID SNYK-CC-00427
credit Snyk Research Team

Report a new misconfiguration Found a mistake?

Description

GKE node pool automatic upgrades are disabled. This Increases the security management overhead.

How to fix?

Set management.auto_upgrade attribute to true.

Example Configuration

resource "google_container_node_pool" "allowed1" {
  name       = "node-pool427-1"
  cluster    = google_container_cluster.cluster1.id
  node_count = 1
  location   = "us-east1-d"
  management {
    auto_upgrade = true
  }
}

Terraform

google_container_node_pool

References