Ensure that your Cluster Pool contains at least 3 Nodes

For High-Availability reasons, ensure that you have at least 3 worker nodes running in your Cluster pool.

Risk Level: Low
Cloud Entity: Azure AKS
CloudGuard Rule ID: D9.AZU.AKS.07
Covered by Spectral: Yes
Category: Compute

GSL LOGIC

AksCluster should have properties.agentPoolProfiles contain [ count>=3 ]

REMEDIATION

From Portal

  1. Go to 'Kubernetes services'.
  2. Select the Kubernetes cluster you want to add node pool to.
  3. Under the 'setting' tab select 'Node Pools'.
  4. Add 'Node Pool' and click 'Save'.

From TF
NOTE : Repeat name , size and node_count till node_count is 3:

resource "azurerm_kubernetes_cluster" "example" {
	...
	default_node_pool {
		...
		name                  = "NAME"
		kubernetes_cluster_id = azurerm_kubernetes_cluster.example.id
		vm_size               = "SIZE"
		node_count            = 1
		...
	}
	...
}

From Command Line
To add additional worker nodes to your cluster pool, run:

az aks nodepool add --resource-group RESOURCEGROUP --cluster-name CLUSTERNAME --name NODEPOOL --node-count COUNT

References

  1. https://learn.microsoft.com/en-us/azure/aks/learn/quick-kubernetes-deploy-portal?tabs=azure-cli
  2. https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/kubernetes_cluster_node_pool
  3. https://learn.microsoft.com/en-us/cli/azure/aks/nodepool?view=azure-cli-latest#az_aks_nodepool_add

Azure AKS

AKS is an open-source fully managed container orchestration service that became available in June 2018 and is available on the Microsoft Azure public cloud that can be used to deploy, scale and manage Docker containers and container-based applications in a cluster environment.

Compliance Frameworks

  • Azure CloudGuard Best Practices
  • CloudGuard Azure All Rules Ruleset