Skip to main content

lacework-global-766

Enable Node Auto-Upgrade for Google Kubernetes Engine (GKE) nodes (Automated)

Description

Node auto-upgrade keeps nodes at the current Kubernetes and OS security patch level to mitigate known vulnerabilities.

Remediation

Using Google Cloud Console:

  1. Go to Kubernetes Engine by visiting: https://console.cloud.google.com/kubernetes/list.
  2. Select the Kubernetes cluster containing the node pool for which auto-upgrade disabled.
  3. Select the Node pool by clicking on the name of the pool.
  4. Navigate to the Node pool details pane and click Edit.
  5. Under the Management heading, select the Enable auto-repair box.
  6. Click Save.
  7. Repeat steps 2-6 for every cluster and node pool with auto-upgrade disabled.

Using Command Line:

To enable node auto-upgrade for an existing cluster's Node pool:

gcloud container node-pools update <node_pool_name> --cluster <cluster_name> --zone <cluster_zone> --enable-autoupgrade

References

https://cloud.google.com/kubernetes-engine/docs/how-to/node-auto-upgrades
https://cloud.google.com/kubernetes-engine/docs/how-to/maintenance-windows-and-exclusions

Additional Information

Node auto-upgrades is not available for Alpha Clusters.

Last updated on