Digital Ocean > Compute >

Kubernetes Auto Upgrades Not Enabled

CRITICAL

Source

Trivy

ID

AVD-DIG-0008

terraform

Kubernetes clusters should be auto-upgraded to ensure that they always contain the latest security patches.

Impact

Not running the latest security patches on your Kubernetes cluster can make it a target for penetration.

Recommended Actions

Follow the appropriate remediation steps below to resolve the issue.

Set maintenance policy deterministically when auto upgrades are enabled

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15


resource "digitalocean_kubernetes_cluster" "foo" {
	name    	 = "foo"
	region  	 = "nyc1"
	version 	 = "1.20.2-do.0"
	auto_upgrade = true

	node_pool {
		name       = "autoscale-worker-pool"
		size       = "s-2vcpu-2gb"
		auto_scale = true
		min_nodes  = 1
		max_nodes  = 5
	}
}

Remediation Links

https://registry.terraform.io/providers/digitalocean/digitalocean/latest/docs/resources/kubernetes_cluster#auto-upgrade-example

Links

https://docs.digitalocean.com/products/kubernetes/resources/best-practices/

Aqua Container Security

Aqua Security is the largest pure-play cloud native security company, providing customers the freedom to innovate and run their businesses with minimal friction. The Aqua Cloud Native Security Platform provides prevention, detection, and response automation across the entire application lifecycle to secure the build, secure cloud infrastructure and secure running workloads wherever they are deployed.

Copyright © 2023 Aqua Security Software Ltd. Privacy Policy | Terms of Use