GCP Kubernetes Engine Clusters have Alpha cluster feature enabled
Description
The policy is checking to ensure that the 'alpha cluster' feature is disabled in Google Cloud Platform's (GCP) Kubernetes engine clusters. This is important because enabling the alpha cluster feature can present several potential issues.
First, it reduces stability: Alpha features are not stable and are likely to change in future Kubernetes versions, which can cause disruptions to the functioning of deployed applications. Second, it increases security risks: These features are not subject to the same level of scrutiny as stable API versions, so their usage can inadvertently expose the cluster to potential security vulnerabilities. Lastly, it can lead to poor resource management because some alpha features might consume more resources than stable features — leading to inefficiency and increased costs. For these reasons, it's important to disable the 'alpha cluster' feature in GCP Kubernetes engine clusters.
Code Example
resource "google_container_cluster" "my_cluster" {
name = "my-cluster"
...
enable_kubernetes_alpha = false
}Remediation
Terraform
- Resource: google_container_cluster
- Arguments: enable_kubernetes_alpha
In order to fix the issue, you have to make sure that the 'enable_kubernetes_alpha' option is set to false for all GCP Kubernetes Engine Clusters. This can be done using the following Terraform code:
Rule Details
| Field | Value |
|---|---|
| ID | IAC-1004 |
| Severity | INFO |
| IaC Type | Terraform |
| Frameworks | Terraform, TerraformPlan |
| Checkov ID | CKV2_GCP_19 |