gke/BP/2023_001
Product: Google Kubernetes Engine
Rule class: BP - Best practice, opinionated recommendation
Description
The recommended minimum cluster size to run network policy enforcement is three e2-medium instances to ensure redundancy, high availability and to avoid down time due to maintenance activities.
Network policy is not supported for clusters whose nodes are f1-micro or g1-small instances, as the resource requirements are too high. Enabling this feature on such machines might lead to user workloads not getting scheduled or having very little resources available as kube-system workloads will be consuming all or most resources.
Remediation
It is recommended to have at least three nodes the cluster, increase nodes in the cluster to meet the requirements.
For nodes with f1-micro or g1-small instances it might be possible to run very light weight user workloads but it is recommended to have at least e2-medium instances.