lacework-global-765

Enable Node Auto-Repair for Google Kubernetes Engine (GKE) nodes (Automated)

Description

Nodes in a degraded state are an unknown quantity and so may pose a security risk.

Remediation

Using Google Cloud Console:

1. Go to Kubernetes Engine by visiting: https://console.cloud.google.com/kubernetes/list.
2. Select the Kubernetes cluster containing the node pool with auto-repair disabled.
3. Select the Node pool by clicking on the name of the pool.
4. Navigate to the Node pool details pane and click Edit.
5. Under the Management heading, select the Enable auto-repair box.
6. Click Save.
7. Repeat steps 2-6 for every cluster and node pool with auto-upgrade disabled.

Using Command Line:

To enable node auto-repair for an existing cluster's Node pool:

gcloud container node-pools update <node_pool_name> --cluster <cluster_name> --zone <compute_zone> --enable-autorepair

References

https://cloud.google.com/kubernetes-engine/docs/how-to/node-auto-repair