AKS nodes should have vulnerability findings resolved

What does this mean?

AKS node images may contain OS-level vulnerabilities. This recommendation ensures that identified vulnerabilities in node images are resolved by updating to patched images or applying security updates.

Benefits of implementation

• Reduces the attack surface of the underlying compute infrastructure
• Protects against OS-level exploits on cluster nodes
• Essential for maintaining security compliance

Drawbacks and considerations

• Node image updates may require node pool recreation
• Patching cadence needs to be balanced with stability requirements
• Some vulnerabilities may not have immediate fixes available

Implementation

Implementation guidance coming soon.

Related recommendations

Related recommendations will be linked here.