GCP Kubernetes Engine Clusters Have Alias IP Disabled
This policy identifies Kubernetes Engine Clusters which have disabled Alias IP. Alias IP allows the networking layer to perform anti-spoofing checks to ensure that egress traffic is not sent with arbitrary source IPs. By enabling Alias IPs, Kubernetes Engine clusters can allocate IP addresses from a CIDR block known to Google Cloud Platform. This makes your cluster more scalable and allows your cluster to better interact with other GCP products and entities.
GCP Kubernetes Clusters Alias IP can be enabled only at the time of creation of clusters. So to fix this alert, create a new cluster with Alias IP enabled and then migrate all required cluster data or containers from the reported cluster to this new cluster.
To create the cluster with Alias IP enabled, perform following steps:.
Login to GCP Portal.
Go to Kubernetes Engine (Left Panel).
Select Kubernetes clusters.
Click on 'CREATE CLUSTER' button.
Configure your cluster and click on 'More'.
From the 'VPC-native (using alias IP)' drop-down menu, select 'Enabled'. New menu items appear.
From 'Automatically create secondary ranges' drop-down menu, select 'Enabled'.
Configure the 'Network', 'Node subnet', 'Node address range', 'Container address range', and 'Service address range' as needed.
Click on Create.
There are 11 standards that are applicable to this policy: