Kubernetes clusters should be auto-upgraded to ensure that they always contain the latest security patches.
Impact
Not running the latest security patches on your Kubernetes cluster can make it a target for penetration.
Recommended Actions
Follow the appropriate remediation steps below to resolve the issue.
Set maintenance policy deterministically when auto upgrades are enabled
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
|
resource "digitalocean_kubernetes_cluster" "foo" {
name = "foo"
region = "nyc1"
version = "1.20.2-do.0"
auto_upgrade = true
node_pool {
name = "autoscale-worker-pool"
size = "s-2vcpu-2gb"
auto_scale = true
min_nodes = 1
max_nodes = 5
}
}
|
Links