Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Defender for Cloud scans the VMs that host Kubernetes nodes for vulnerabilities in the operating system and installed software. When vulnerabilities are detected, Defender for Cloud generates recommendations with detailed findings to help you review and remediate them.
This capability is supported on Azure Kubernetes Service (AKS), Amazon Elastic Kubernetes Service (EKS), and Google Kubernetes Engine (GKE). EKS and GKE support is currently in preview.
Reviewing and remediating these vulnerabilities is part of the shared responsibility for maintaining Kubernetes node security.
Prerequisites
Before you begin, make sure that:
You have an active Azure, AWS, or GCP subscription.
Microsoft Defender for Cloud is enabled on your subscription with one of the following plans enabled:
- Defender for Containers
- Defender for Servers P2
- Defender CSPM
Agentless scanning for machines is enabled.
For EKS or GKE nodes, your AWS or GCP environment must be connected to Defender for Cloud.
Review vulnerability findings for Kubernetes nodes
Sign in to the Azure portal.
Go to Microsoft Defender for Cloud > Recommendations.
Search for and select the relevant recommendation for your environment:
- AKS:
AKS nodes should have vulnerability findings resolved - EKS:
EKS nodes should have vulnerability findings resolved(Preview) - GKE:
GKE nodes should have vulnerability findings resolved(Preview)
- AKS:
Review the recommendation details, including affected node pools and clusters.
Select Findings to view the list of CVEs.
Select a CVE to view detailed vulnerability information, including affected resources.
Remediate Kubernetes node vulnerabilities
Sign in to the Azure portal.
Go to Microsoft Defender for Cloud > Recommendations.
Search for and select the recommendation for your environment (see recommendation names above).
Select Fix.
Select Update image to apply the latest patched node pool VM image, or Upgrade Kubernetes to move the cluster to a newer Kubernetes version.
