Clusters should have IP aliasing enabled
| Property | |
|---|---|
| Language |  |
| Severity |  |
| Service | gke |
| Provider |
Description#
The GKE cluster is configured without IP aliasing, requiring nodes to use a NAT gateway for internal communication. This setup does not leverage GCP’s internal IP allocation features, leading to less efficient network configuration.
Impact#
Without IP aliasing, nodes rely on NAT gateways to access internal and external resources, increasing network complexity, cost, and potential exposure. This can also hinder scalability and make network management more difficult, potentially increasing the attack surface.
Resolution#
Enable IP aliasing