Digital Ocean > Compute >

Kubernetes Auto Upgrades Not Enabled

CRITICAL

Source

Trivy

ID

AVD-DIG-0008

terraform

Kubernetes clusters should be auto-upgraded to ensure that they always contain the latest security patches.

Impact

Recommended Actions

Follow the appropriate remediation steps below to resolve the issue.

Set maintenance policy deterministically when auto upgrades are enabled

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14


resource "digitalocean_kubernetes_cluster" "foo" {
  name         = "foo"
  region       = "nyc1"
  version      = "1.20.2-do.0"
  auto_upgrade = true

  node_pool {
    name       = "autoscale-worker-pool"
    size       = "s-2vcpu-2gb"
    auto_scale = true
    min_nodes  = 1
    max_nodes  = 5
  }
}

Remediation Links

https://registry.terraform.io/providers/digitalocean/digitalocean/latest/docs/resources/kubernetes_cluster#auto-upgrade-example

Links

https://docs.digitalocean.com/products/kubernetes/resources/best-practices/

Aqua Container Security

Aqua Security is the largest pure-play cloud native security company, providing customers the freedom to innovate and run their businesses with minimal friction. The Aqua Cloud Native Security Platform provides prevention, detection, and response automation across the entire application lifecycle to secure the build, secure cloud infrastructure and secure running workloads wherever they are deployed.

Copyright © 2024 Aqua Security Software Ltd. Privacy Policy | Terms of Use