Control: Kubernetes Services should be upgraded to a non-vulnerable Kubernetes version
Description
Upgrade your Kubernetes service cluster to a later Kubernetes version to protect against known vulnerabilities in your current Kubernetes version. Vulnerability CVE-2019-9946 has been patched in Kubernetes versions 1.11.9+, 1.12.7+, 1.13.5+, and 1.14.0+.
Usage
Run the control in your terminal:
powerpipe control run azure_compliance.control.kubernetes_cluster_upgraded_with_non_vulnerable_versionSnapshot and share results via Turbot Pipes:
powerpipe loginpowerpipe control run azure_compliance.control.kubernetes_cluster_upgraded_with_non_vulnerable_version --shareSQL
This control uses a named query:
select a.id as resource, case when a.kubernetes_version ~ '1\.13\.[0-4]' or a.kubernetes_version ~ '1\.12\.[0-6]' or a.kubernetes_version ~ '1\.11\.[0-8]' or a.kubernetes_version ~ '1.([0-9]|10).[0-9]{1,2}' then 'alarm' else 'ok' end as status, case when a.kubernetes_version ~ '1\.13\.[0-4]' or a.kubernetes_version ~ '1\.12\.[0-6]' or a.kubernetes_version ~ '1\.11\.[0-8]' or a.kubernetes_version ~ '1.([0-9]|10).[0-9]{1,2}' then a.name || ' not upgraded to a non-vulnerable Kubernetes version.' else a.name || ' upgraded to a non-vulnerable Kubernetes version.' end as reason , a.resource_group as resource_group , sub.display_name as subscriptionfrom azure_kubernetes_cluster as a left join azure_subscription as sub on sub.subscription_id = a.subscription_id;