Detections
Analytics

Ensure container-optimized OS (COS) is used for Google Container Node Pool

LOW

Description

Container-optimized OS (COS) is Google's linux distribution specifically designed for Google Kubernetes Engine container nodes. It is considered best practice to use this operating system in GKE over others such as Ubuntu.

Remediation

In GCP Console -

  1. Open the GCP Portal and Go to the Google Kubernetes Engine (GKE).
  2. Select the cluster you want to edit.
  3. Click Nodes, Select the node pool.
  4. Click Edit, Under Nodes Click on change and choose the COS image.
  5. Click Change.

In Terraform -

  1. In the google_container_node_pool resource, set the attribute image_type in node_config block to COS.

References:
https://cloud.google.com/sdk/gcloud/reference/container/clusters/upgrade
https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/container_cluster#image_type

Policy Details

Rule Reference ID: AC_GCP_0016
CSP: GCP
Remediation Available: Yes
Domain: Compliance Validation
Resource: google_container_node_pool
Resource Category: Compute
Resource Type: Google Kubernetes Engine (GKE)

Frameworks