The Kubernetes cluster does not enable surge upgrades
| Property | |
|---|---|
| Language |  |
| Severity |  |
| Service | compute |
| Provider | DigitalOcean |
| Vulnerability Type | omission |
Description#
The Kubernetes cluster is configured without surge upgrades enabled, meaning that during upgrades, workloads are not temporarily rescheduled onto new nodes. This can result in service interruptions or downtime while nodes are updated.
Impact#
Without surge upgrades, cluster upgrades may cause application downtime or degraded availability, disrupting user access and potentially violating uptime requirements or SLAs. Attackers or disruptions exploiting upgrade windows could further impact reliability.
Resolution#
Enable surge upgrades in your Kubernetes cluster