diff --git a/cluster/gce/gci/master-helper.sh b/cluster/gce/gci/master-helper.sh
index def861d20bb..b93bd86ab8c 100755
--- a/cluster/gce/gci/master-helper.sh
+++ b/cluster/gce/gci/master-helper.sh
@@ -94,9 +94,16 @@ function create-master-instance-internal() {
     preemptible_master="--preemptible --maintenance-policy TERMINATE"
   fi
 
+  local enable_ip_aliases
+  if [[ "${NODE_IPAM_MODE:-}" == "CloudAllocator" ]]; then
+    enable_ip_aliases=true
+  else
+    enable_ip_aliases=false
+  fi
+
   local network=$(make-gcloud-network-argument \
     "${NETWORK_PROJECT}" "${REGION}" "${NETWORK}" "${SUBNETWORK:-}" \
-    "${address:-}" "${ENABLE_IP_ALIASES:-}" "${IP_ALIAS_SIZE:-}")
+    "${address:-}" "${enable_ip_aliases:-}" "${IP_ALIAS_SIZE:-}")
 
   local metadata="kube-env=${KUBE_TEMP}/master-kube-env.yaml"
   metadata="${metadata},user-data=${KUBE_ROOT}/cluster/gce/gci/master.yaml"
diff --git a/pkg/controller/node/ipam/sync/sync.go b/pkg/controller/node/ipam/sync/sync.go
index eeff4a6d5fc..4995f425543 100644
--- a/pkg/controller/node/ipam/sync/sync.go
+++ b/pkg/controller/node/ipam/sync/sync.go
@@ -244,7 +244,9 @@ func (op *updateOp) validateRange(ctx context.Context, sync *NodeSync, node *v1.
 // alias.
 func (op *updateOp) updateNodeFromAlias(ctx context.Context, sync *NodeSync, node *v1.Node, aliasRange *net.IPNet) error {
 	if sync.mode != SyncFromCloud {
-		glog.Warningf("Detect mode %q while expect to sync from cloud", sync.mode)
+		sync.kubeAPI.EmitNodeWarningEvent(node.Name, InvalidModeEvent,
+			"Cannot sync from cloud in mode %q", sync.mode)
+		return fmt.Errorf("cannot sync from cloud in mode %q", sync.mode)
 	}
 
 	glog.V(2).Infof("Updating node spec with alias range, node.PodCIDR = %v", aliasRange)
@@ -274,7 +276,9 @@ func (op *updateOp) updateNodeFromAlias(ctx context.Context, sync *NodeSync, nod
 // updateAliasFromNode updates the cloud alias given the node allocation.
 func (op *updateOp) updateAliasFromNode(ctx context.Context, sync *NodeSync, node *v1.Node) error {
 	if sync.mode != SyncFromCluster {
-		glog.Warningf("Detect mode %q while expect to sync from cluster", sync.mode)
+		sync.kubeAPI.EmitNodeWarningEvent(
+			node.Name, InvalidModeEvent, "Cannot sync to cloud in mode %q", sync.mode)
+		return fmt.Errorf("cannot sync to cloud in mode %q", sync.mode)
 	}
 
 	_, aliasRange, err := net.ParseCIDR(node.Spec.PodCIDR)
diff --git a/pkg/controller/node/ipam/sync/sync_test.go b/pkg/controller/node/ipam/sync/sync_test.go
index 94b9775ccbd..d3268480439 100644
--- a/pkg/controller/node/ipam/sync/sync_test.go
+++ b/pkg/controller/node/ipam/sync/sync_test.go
@@ -145,10 +145,11 @@ func TestNodeSyncUpdate(t *testing.T) {
 			events: []fakeEvent{{"node1", "CloudCIDRAllocatorMismatch"}},
 		},
 		{
-			desc:   "update alias from node",
-			mode:   SyncFromCloud,
-			node:   nodeWithCIDRRange,
-			events: nil,
+			desc:      "update alias from node",
+			mode:      SyncFromCloud,
+			node:      nodeWithCIDRRange,
+			events:    []fakeEvent{{"node1", "CloudCIDRAllocatorInvalidMode"}},
+			wantError: true,
 		},
 		{
 			desc: "update alias from node",
@@ -164,11 +165,12 @@ func TestNodeSyncUpdate(t *testing.T) {
 			// XXX/bowei -- validation
 		},
 		{
-			desc:   "update node from alias",
-			mode:   SyncFromCluster,
-			node:   nodeWithoutCIDRRange,
-			fake:   fakeAPIs{aliasRange: test.MustParseCIDR("10.1.2.3/16")},
-			events: nil,
+			desc:      "update node from alias",
+			mode:      SyncFromCluster,
+			node:      nodeWithoutCIDRRange,
+			fake:      fakeAPIs{aliasRange: test.MustParseCIDR("10.1.2.3/16")},
+			events:    []fakeEvent{{"node1", "CloudCIDRAllocatorInvalidMode"}},
+			wantError: true,
 		},
 		{
 			desc:      "allocate range",