Service type is NodePort

Docs > Datadog Security > Code Security > Infrastructure as Code (IaC) Security > IaC Security Rules > Service type is NodePort

このページは日本語には対応しておりません。随時翻訳に取り組んでいます。
翻訳に関してご質問やご意見ございましたら、お気軽にご連絡ください。

Metadata

Id: 845acfbe-3e10-4b8e-b656-3b404d36dfb2

Cloud Provider: Kubernetes

Platform: Kubernetes

Severity: Low

Category: Networking and Firewall

Learn More

Provider Reference

Description

Service resources should not have spec.type set to NodePort. A NodePort service exposes pods on each node and can create security and accessibility concerns; prefer ClusterIP or LoadBalancer where appropriate.

Compliant Code Examples

apiVersion: v1
kind: Service
metadata:
  name: my-service
spec:
  selector:
    app: MyApp
  ports:
    - protocol: TCP
      port: 80
      targetPort: 9376
  clusterIP: 10.0.171.239
  type: LoadBalancer
status:
  loadBalancer:
    ingress:
    - ip: 192.0.2.127

Non-Compliant Code Examples

apiVersion: v1
kind: Service
metadata:
  name: my-service
spec:
  type: NodePort
  selector:
    app: MyApp
  ports:
    - port: 80
      targetPort: 80
      nodePort: 30007