Service type is NodePort

Docs > Plateforme de sécurité Datadog > Code Security > Infrastructure as Code (IaC) Security > IaC Security Rules > Service type is NodePort

Cette page n'est pas encore disponible en français, sa traduction est en cours.
Si vous avez des questions ou des retours sur notre projet de traduction actuel, n'hésitez pas à nous contacter.

Metadata

Id: 845acfbe-3e10-4b8e-b656-3b404d36dfb2

Cloud Provider: Kubernetes

Platform: Kubernetes

Severity: Low

Category: Networking and Firewall

Learn More

Provider Reference

Description

Service resources should not have spec.type set to NodePort. A NodePort service exposes pods on each node and can create security and accessibility concerns; prefer ClusterIP or LoadBalancer where appropriate.

Compliant Code Examples

apiVersion: v1
kind: Service
metadata:
  name: my-service
spec:
  selector:
    app: MyApp
  ports:
    - protocol: TCP
      port: 80
      targetPort: 9376
  clusterIP: 10.0.171.239
  type: LoadBalancer
status:
  loadBalancer:
    ingress:
    - ip: 192.0.2.127

Non-Compliant Code Examples

apiVersion: v1
kind: Service
metadata:
  name: my-service
spec:
  type: NodePort
  selector:
    app: MyApp
  ports:
    - port: 80
      targetPort: 80
      nodePort: 30007