Kubernetes Services

Outdated Kubernetes Version

Risk Level: Medium

Description

This plugin ensures the latest version of Kubernetes is installed on AKS clusters. AKS supports provisioning clusters from several versions of Kubernetes. Clusters should be kept up to date to ensure Kubernetes security patches are applied.

About the Service

Kubernetes services: Azure provides a fully managed container management service called azure Kubernetes services. It enables continuous integration and deployment of software. The service offers scalability, end to end deployment and availability. Kubernetes helps in facilitating communication between the containers, its management and auto-scaling.

Impact

The latest version comes with patches, security fixes and additional features. Using older versions may have some bugs which later can be used to exploit the user’s system, thus, it is advised to use the latest versions.

Steps to Reproduce

  1. Log in to the Azure portal.
  2. Click on Kubernetes services under Services or type “Kubernetes services” in the search box.
  3. Select any one of the provided accounts to check for the issue.
  4. From the navigation bar, select Cluster configuration from Settings
  5. Under Upgrade, check the kubernetes version and verify if it is set to the latest available version. (As of December 2021, the latest version is 1.21.7). If not, go to the Steps for remediation section.
  6. Repeat for other accounts as well.

Steps for Remediation

  1. Log in to the Azure portal.
  2. Click on Kubernetes services under Services or type “Kubernetes services” in the search box.
  3. Select any one of the provided accounts to check for the issue.
  4. From the navigation bar, select Cluster configuration from Settings
  5. To set the version to the latest click on “Upgrade version” provided under the labelled version. From the drop-down menu select the latest version available. Select Save.
  6. Repeat for other accounts as well.

Please feel free to reach out to support@pingsafe.ai with any questions that you may have.

Thanks

PingSafe Support