lacework-global-766
Enable Node Auto-Upgrade for Google Kubernetes Engine (GKE) nodes (Automated)
Description
Node auto-upgrade keeps nodes at the current Kubernetes and OS security patch level to mitigate known vulnerabilities.
Remediation
Using Google Cloud Console:
- Go to Kubernetes Engine by visiting: https://console.cloud.google.com/kubernetes/list.
- Select the Kubernetes cluster containing the node pool for which
auto-upgrade
disabled. - Select the Node pool by clicking on the name of the pool.
- Navigate to the Node pool details pane and click
Edit
. - Under the Management heading, select the
Enable auto-repair
box. - Click
Save
. - Repeat steps 2-6 for every cluster and node pool with auto-upgrade disabled.
Using Command Line:
To enable node auto-upgrade for an existing cluster's Node pool:
gcloud container node-pools update <node_pool_name> --cluster <cluster_name> --zone <cluster_zone> --enable-autoupgrade
References
https://cloud.google.com/kubernetes-engine/docs/how-to/node-auto-upgrades
https://cloud.google.com/kubernetes-engine/docs/how-to/maintenance-windows-and-exclusions
Additional Information
Node auto-upgrades is not available for Alpha Clusters.