Ingress controller exposes workload
This product is not supported for your selected
Datadog site. (
).
このページは日本語には対応しておりません。随時翻訳に取り組んでいます。
翻訳に関してご質問やご意見ございましたら、
お気軽にご連絡ください。
Id: 69bbc5e3-0818-4150-89cc-1e989b48f23b
Cloud Provider: k8s
Framework: Kubernetes
Severity: Medium
Category: Insecure Configurations
Learn More
Description
Ingress controllers should not expose workloads to avoid vulnerabilities and DoS attacks.
Compliant Code Examples
apiVersion: v1
kind: Service
metadata:
name: app
labels:
app: app
spec:
type: ClusterIP
ports:
- port: 3000
targetPort: 3000
selector:
app: app
---
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: app-ingress
annotations:
kubernetes.io/ingress.class: "nginx"
labels:
app: app
spec:
rules:
- host: app.acme.org
http:
paths:
- backend:
serviceName: app2
servicePort: 3000
Non-Compliant Code Examples
apiVersion: v1
kind: Service
metadata:
name: app
labels:
app: app
spec:
type: ClusterIP
ports:
- port: 3000
targetPort: 3000
selector:
app: app
---
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: app-ingress
annotations:
kubernetes.io/ingress.class: "nginx"
labels:
app: app
spec:
rules:
- host: app.acme.org
http:
paths:
- backend:
serviceName: app
servicePort: 3000
