For AI agents: A markdown version of this page is available at https://docs.datadoghq.com/security/default_rules/def-000-47j.md. A documentation index is available at /llms.txt.

Auto-Upgrade for nodes should be enabled in GKE clusters

Description

Auto-upgrade should be enabled for nodes. Auto-upgrade keeps nodes at the current version of Kubernetes and applies security related patches. To prevent outages, a maintenance window should be set up as well.

Remediation

Follow the steps in Google Cloud’s Auto-upgrade nodes guide to enable auto-upgrade nodes.