Ensure Container-Optimized OS (cos) is used for Kubernetes Engine Clusters Node image
| Property | |
|---|---|
| Language |  |
| Severity |  |
| Service | gke |
| Provider |
Description#
Kubernetes Engine cluster nodes are not configured to use Container-Optimized OS (COS), which is the recommended image for enhanced security. Using alternative images like Ubuntu increases the attack surface and may lack key security features provided by COS.
Impact#
Not using COS can expose cluster nodes to additional vulnerabilities and reduce protection against threats. This increases the risk of node compromise, privilege escalation, or persistence by attackers, potentially leading to broader cluster or data breaches.
Resolution#
Use the COS image type