Terraform

Terraform

By DeepSource

Container-Optimized OS (cos) is not used for Kubernetes Engine Clusters Node image TF-S2022

Security

GKE enables users to select the operating system image on each node. It is also possible to upgrade an existing cluster to use a different node image type. GKE supports several OS images using the main container runtime directly integrated with Kubernetes, including "coscontainerd" and "ubuntucontainerd".

We recommend you use "coscontainerd" and "ubuntucontainerd" to enhance node security.

Containerd is an industry-standard container runtime component that regularly updates security fixes and patches, providing better support, security, and stability than other images.

Examples

Recommended

node_config {
    image_type = "COS"
}

Setting the image_type to COS would force the cluster to recreate a node following the new configuration.