๐ก๏ธ Google GKE Cluster Node Pool Auto-Repair is disabled๐ข
- Contextual name: ๐ก๏ธ Cluster Node Pool Auto-Repair is disabled๐ข
- ID:
/ce/ca/google/gke/node-pool-auto-repair - Tags:
- ๐ข Policy with categories
- ๐ข Policy with type
- ๐ข Production policy
- Policy Type:
COMPLIANCE_POLICY - Policy Categories:
RELIABILITY
Logicโ
- ๐ง prod.logic.yaml๐ข
Descriptionโ
Descriptionโ
This policy verifies that the Auto-Repair feature is enabled for GKE Cluster Node Pools.
Rationaleโ
The node auto-repair feature ensures that cluster nodes remain in a healthy, operational state. When enabled, GKE continuously monitors the health of each node. If a node fails consecutive health checks over a defined period, GKE automatically initiates a repair process for that node, reducing downtime and improving workload reliability.
Impactโ
If multiple nodes require repair simultaneously, GKE may perform repairs in parallel. The number of concurrent repairs is limited based on cluster size and the total number of failed nodes. Larger clusters allow for more concurrent repairs, while limits are reduced when many nodes are in a failed state.
Node auto-repair is not supported on alpha clusters.
Auditโ
This policy marks a Google GKE Cluster Node Pool as
INCOMPLIANTifNode Management: Auto-Repairis not set to Enabled.Default Valueโ
Node auto-repair is enabled by default.
Referencesโ
... see more
Remediationโ
Remediationโ
To maintain the health and availability of GKE cluster nodes, automatic node repair should be enabled for node pools.
Enable Auto-Repair on an Existing Node Poolโ
From gcloud CLIโ
```sh
gcloud container node-pools update {{node-pool-name}} \
--cluster {{cluster-name}} \
--location {{location}} \
--enable-autorepair
```
policy.yamlโ
Linked Framework Sectionsโ
| Section | Sub Sections | Internal Rules | Policies | Flags | Compliance |
|---|---|---|---|---|---|
| ๐ผ CIS GKE v1.8.0 โ ๐ผ 5.5.2 Ensure Node Auto-Repair is Enabled for GKE Nodes (Automated) | 1 | no data | |||
| ๐ผ Cloudaware Framework โ ๐ผ System Configuration | 45 | no data | |||
| ๐ผ PCI DSS v3.2.1 โ ๐ผ 2.2 Develop configuration standards for all system components. Assure that these standards address all known security vulnerabilities and are consistent with industry-accepted system hardening standards. | 5 | 3 | 32 | no data | |
| ๐ผ PCI DSS v4.0.1 โ ๐ผ 2.2.1 Configuration standards are developed, implemented, and maintained. | 13 | no data | |||
| ๐ผ PCI DSS v4.0 โ ๐ผ 2.2.1 Configuration standards are developed, implemented, and maintained. | 13 | no data |