Upgrades And Updates Should Be Enabled

More Info:

GKE cluster should be proactively receive updates about GKE upgrades and GKE versions

Risk Level

Low

Address

Security, Reliability, Operational Excellence, Performance Efficiency

Compliance Standards

CBP

Triage and Remediation

Remediation

Using Console

Using CLI

To remediate the misconfiguration “Upgrades and Updates Should Be Enabled” for GCP using GCP CLI, you can follow the below steps:

Open the Cloud Shell by clicking on the icon in the top right corner of the GCP console.
Run the following command to enable automatic updates for all the VM instances in your project:

gcloud compute project-info add-metadata \
    --metadata=enable-osconfig=true

Verify that the metadata is added to the project by running the following command:

gcloud compute project-info describe --format="value(commonInstanceMetadata.items.filter(key:enable-osconfig))"

This command should return true, indicating that automatic updates are enabled.

If you have existing instances that were created before enabling automatic updates, you can manually enable automatic updates on those instances by following these steps:

Stop the instance
Edit the instance settings
Add the following metadata key-value pair: enable-osconfig : true
Start the instance

Verify that automatic updates are enabled on the instance by running the following command:

gcloud compute instances describe INSTANCE_NAME --format="value(metadata.items.filter(key:enable-osconfig))"

This command should return true, indicating that automatic updates are enabled on the instance.By following these steps, you can remediate the misconfiguration “Upgrades and Updates Should Be Enabled” for GCP using GCP CLI.

Using Python

To remediate the misconfiguration “Upgrades and Updates Should Be Enabled” in GCP using Python, follow the below steps:

Import the required libraries:

from google.cloud import compute_v1

Set up the client:

client = compute_v1.InstancesClient()
project = 'your-project-id'
zone = 'your-zone'

Retrieve the instance(s) for which you want to enable upgrades and updates:

instances = client.list(project=project, zone=zone).items

Iterate through the instances and update the instance(s) to enable upgrades and updates:

for instance in instances:
    instance_name = instance.name
    instance_resource = client.get(instance_name, project, zone)
    instance_resource.scheduling.automatic_restart = True
    instance_resource.scheduling.on_host_maintenance = "MIGRATE"
    instance_resource.metadata.items.append(
        {"key": "google-compute-enable-virtio-rng", "value": "true"}
    )
    response = client.update(instance_name, instance_resource, project, zone)

This code will enable automatic restarts, migrate instances on host maintenance, and enable virtio-rng for all the instances in the specified project and zone.Note: Make sure you have the required permissions to update instances in the specified project and zone.

GCP Introduction

GCP Pricing

GCP Threats

GCP Misconfigurations

Resources

GCP Threats

Upgrades And Updates Should Be Enabled

More Info:

Risk Level

Address

Compliance Standards

Triage and Remediation

Remediation

GCP Introduction

GCP Pricing

GCP Threats

GCP Misconfigurations

Resources

GCP Threats

​More Info:

​Risk Level

​Address

​Compliance Standards

​Triage and Remediation

​Remediation

More Info:

Risk Level

Address

Compliance Standards

Triage and Remediation

Remediation