MEDIUM
Source
Trivy
ID
AVD-DIG-0005

The Kubernetes cluster does not enable surge upgrades

While upgrading your cluster, workloads will temporarily be moved to new nodes. A small cost will follow, but as a bonus, you won’t experience downtime.

Impact

Upgrades may influence availability of your Kubernetes cluster

Follow the appropriate remediation steps below to resolve the issue.

Enable surge upgrades in your Kubernetes cluster

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
resource "digitalocean_kubernetes_cluster" "surge_upgrade_good" {
	name   = "foo"
	region = "nyc1"
	version = "1.20.2-do.0"
	surge_upgrade = true

	node_pool {
		name       = "worker-pool"
		size       = "s-2vcpu-2gb"
		node_count = 3
	
		taint {
			key    = "workloadKind"
			value  = "database"
			effect = "NoSchedule"
		}
	}
}