More Info:
Ensure worker pool teardown policy is setRisk Level
LowAddress
Operational Maturity, ReliabilityCompliance Standards
CBPTriage and Remediation
Remediation
Using Console
Using Console
To remediate the “Worker Pool Teardown Policy Should Be Set” misconfiguration in GCP using GCP console, please follow the below steps:
- Open the GCP Console and navigate to the Cloud Build page.
- Click on the “Worker pools” tab from the left-hand menu.
- Select the worker pool for which you want to set the teardown policy.
- Click on the “Edit” button at the top of the page.
- Scroll down to the “Teardown policy” section.
- Select the “Delete instances when the pool is idle” option.
- Click on the “Save” button at the bottom of the page.
- Verify that the teardown policy has been set correctly by checking the “Teardown policy” section for the worker pool.
Using CLI
Using CLI
To remediate the “Worker Pool Teardown Policy Should Be Set” misconfiguration for GCP using GCP CLI, you can follow the below steps:Note: Replace [POOL_NAME] with the name of the node pool that you want to update and [CLUSTER_NAME] with the name of the cluster that the node pool belongs to.Note: Make sure to replace [POOL_NAME] and [CLUSTER_NAME] with the actual names.
- Open the Google Cloud SDK Shell or any other terminal of your choice.
- Run the following command to set the worker pool teardown policy to “delete”:
- Once the command is executed successfully, the worker pool teardown policy will be set to “delete”.
- Verify the changes by running the following command:
- If the output of the above command is “true”, then the worker pool teardown policy has been successfully set to “delete”.
Using Python
Using Python
To remediate the “Worker Pool Teardown Policy Should Be Set” misconfiguration in GCP using Python, you can follow the below steps:
-
Install the required libraries:
-
Set up authentication to access the GCP project:
-
Create a Logging client to access the logs:
-
Define the filter to search for the relevant log entries:
Replace
<project_id>
with your GCP project ID. -
Retrieve the log entries using the filter:
-
For each log entry, retrieve the relevant metadata:
-
For each relevant metadata, remediate the misconfiguration by setting the Worker Pool Teardown Policy:
Replace
<project_id>
,<zone>
and<cluster_id>
with your specific details. - Verify that the misconfiguration has been remediated by checking the logs again.