Kubernetes Alpha Enabled

Ensure the GKE Cluster alpha cluster feature is disabled.

Risk Level: Medium

Description

This plugin ensures that the Google Kubernetes Engine’s Kubernetes alpha feature is disabled for all clusters. Alpha clusters are temporary clusters that support all Kubernetes APIs and features. They are typically used by advanced users and early adopters to test new features before they are production-ready.

About the Service

Google Cloud Kubernetes Engine:

The Google Cloud Kubernetes Engine is a Kubernetes-based service that includes a control plane, nodes that house pods, and Google Cloud services. It aids in the modernization of your programs by offering a platform for deploying, managing, and scaling containerized applications. The Google Cloud Console or kubectl can be used to interact with this Google Cloud Kubernetes Engine. To know more, read here. 

Impact

Since alpha clusters are designed for advanced users to mainly experiment with workloads and features before they are production-ready, they are not meant for general usage. Alpha clusters are not covered by the GKE Service Level Agreement, cannot be upgraded, and will automatically get deleted after 30 days. They're also not compatible with Windows server node pools, and they don't get security upgrades.

Steps to Reproduce

Using GCP Console-

1. Log In to your GCP Console.
2. From the top navigation bar, select the GCP project you want to investigate.
   
3. From the navigation panel on the left side of the console, go to Kubernetes Engine and select Clusters. You can use this link here to navigate directly if you’re already logged in.
4. Select the cluster you want to investigate from the list of clusters displayed and go to the Details tab of the selected cluster.
5. Under the Features section, check the status of Kubernetes alpha features. If it is enabled, then the selected cluster is using the alpha cluster feature.
   
   
   
6. Repeat steps 4 to 7 for all the clusters you want to investigate in the selected project.
7. If you have multiple projects that you want to investigate, repeat steps 2-8 for each project in your GCP console.

Steps for Remediation

Determine whether or not you truly require the Kubernetes alpha feature to be enabled. If not, make the necessary changes to disable it using the steps given below.

NOTE: This feature cannot be changed once the cluster is made. Hence, to disable it, we must re-create the cluster.

Using GCP Console-

1. Log In to your GCP Console.
2. From the top navigation bar, select the GCP project you want to investigate.
   
3. From the navigation panel on the left side of the console, go to Kubernetes Engine and select Clusters. You can use this link here to navigate directly if you’re already logged in.
4. Select the cluster you want to reconfigure from the list of clusters displayed and  and note down all the configuration details of the selected cluster. (In case you aren’t sure which cluster needs to be configured, follow the steps to reproduce listed above to determine which to choose.)
5. Go back to the Clusters page and click on the CREATE button.
   
6. Enter and configure the desired details according to the configuration settings of the cluster you are re-creating.
7. In the Features section, ensure that Ensure Kubernetes alpha features in this cluster checkbox is not checked.
   
8. Click CREATE to create the new cluster.
9. You can now delete the original cluster to avoid unwanted expenses. Click on the cluster and select the DELETE button from the top navigation bar and press DELETE in the pop up box to confirm the deletion.
   
10. Repeat steps 4 to 11 for all the clusters you want to reconfigure in the selected project.
11. If you have multiple projects, repeat steps 2-12 for each project in your GCP console.