GCP Kubernetes Engine Clusters have Alias IP disabled
Description
In GKE, clusters can be set apart based on how they route traffic from one pod to another. A cluster that uses alias IP ranges is called a VPC-native cluster. A cluster that uses Google Cloud Routes is called a routes-based cluster. We recommend you create Kubernetes clusters with alias IP ranges enabled. Alias IP ranges allow Pods to directly access hosted services without using a NAT gateway.
Code Example
go
resource "google_container_cluster" "primary" {
name = "my-gke-cluster"
location = "us-central1"
remove_default_node_pool = true
initial_node_count = 1
ip_allocation_policy
{
}
}Remediation
Terraform
Rule Details
| Field | Value |
|---|---|
| ID | IAC-0882 |
| Severity | LOW |
| IaC Type | Terraform |
| Frameworks | Terraform, TerraformPlan |
| Checkov ID | CKV_GCP_23 |