lacework-global-780
Ensure that Alpha clusters are not used for production workloads (Automated)
Description
Alpha clusters are not covered by a Service-Level Agreement (SLA) and are not production-ready.
Remediation
Note: Lacework does not support Autopilot mode clusters, so the remediation only considers the standard mode cluster option.
It is not possible to disable alpha features. To remediate, you must create a new cluster.
Using Google Cloud Console:
- Go to Kubernetes Engine by visiting: https://console.cloud.google.com/kubernetes/.
- Click
CREATE CLUSTER, and chooseCONFIGUREfor the Standard mode cluster.
Note: Within Features in the CLUSTER section, under the Other heading, Enable Kubernetes alpha features in this cluster is not available by default. It is only available after creating the cluster with a Static version for the Control plane version, along with both Automatically upgrade nodes to the next available version and Enable auto-repair selected under the Node pool details for each node.
- Configure the other settings as required and click CREATE.
Using Command Line:
Upon creating a new cluster:
gcloud container clusters create <cluster_name> --zone <compute_zone>
Do not use the --enable-kubernetes-alpha argument.
References
https://cloud.google.com/kubernetes-engine/docs/concepts/alpha-clusters