Kubernetes Clusters must be created with Alias IP ranges enabled

ID

gcp_container_node_pool_auto_repair_disabled

Severity

low

Vendor

GCP

Resource

Application Security

Tags

reachable

Description

auto_repair service periodically checks for failing nodes and repairs them to ensure a smooth running state. When enabled, Google Kubernetes Engine (GKE) makes periodic checks on the health state of each node in the cluster. If a node fails consecutive health checks over an extended time period, GKE initiates a repair process for that node.

To fix it, you must configure the management.auto_repair property to yes.

Learn more about this topic at Auto-repair nodes.

Examples

---
- name: create a node pool
  google.cloud.gcp_container_node_pool:
    name: my-pool
    initial_node_count: 4
    cluster: "{{ cluster }}"
    location: us-central1-a
    project: test_project
    auth_kind: serviceaccount
    service_account_file: "/tmp/auth.pem"
    state: present
    management:
      auto_repair: no

Mitigation / Fix

---
- name: create a node pool
  google.cloud.gcp_container_node_pool:
    name: my-pool
    initial_node_count: 4
    cluster: '{{ cluster }}'
    location: us-central1-a
    project: test_project
    auth_kind: serviceaccount
    service_account_file: /tmp/auth.pem
    state: present
    management:
      auto_repair: true