GKE cluster is not VPC-native - Complete Cloud Security in Minutes - Orca Security

Network misconfigurations

GKE cluster is not VPC-native

Risk Level

Informational (4)

Platform(s)

Compliance Frameworks

GKE CIS

Description

A cluster that uses Alias IPs is called a 'VPC-native' cluster. Using Alias IPs has several benefits: - The networking layer can perform anti-spoofing checks to ensure that egress traffic is not sent with arbitrary source IPs. -Firewall controls for Pods can be applied separately from their nodes. -Alias IPs allow Pods to directly access hosted services without using a NAT gateway. it was detected that

Recommended Mitigation

Create Alias IPs for the node network CIDR range in order to subsequently configure IP-based policies and firewalling for pods on {GcpGkeCluster}. For further information, visit: https://cloud.google.com/kubernetes-engine/docs/how-to/alias-ips

See Orca in action

See Orca in action-> View a 10 minute recorded demo or sign up for a personalized one-on-one walk-through.