Service with external load balancer

This product is not supported for your selected Datadog site. ().
이 페이지는 아직 영어로 제공되지 않습니다. 번역 작업 중입니다.
현재 번역 프로젝트에 대한 질문이나 피드백이 있으신 경우 언제든지 연락주시기 바랍니다.

Metadata

Id: 26763a1c-5dda-4772-b507-5fca7fb5f165

Cloud Provider: Kubernetes

Platform: Kubernetes

Severity: Medium

Category: Networking and Firewall

Learn More

Description

This Service uses a LoadBalancer and therefore creates an external load balancer, which may allow access from other networks and the internet. Annotations must be set to indicate an internal load balancer for supported cloud providers (for example, networking.gke.io/load-balancer-type=Internal, cloud.google.com/load-balancer-type=Internal, service.beta.kubernetes.io/aws-load-balancer-internal=true, service.beta.kubernetes.io/azure-load-balancer-internal=true) to avoid external exposure.

Compliant Code Examples

apiVersion: v1
kind: Service
metadata:
  name: sample-service 01
  annotations:
    cloud.google.com/load-balancer-type: 'Internal'
spec:
  ports:
    - port: 80
      targetPort: 80
      protocol: TCP
  type: LoadBalancer
  selector:
    app: nginx
---
apiVersion: v1
kind: Service
metadata:
  name: sample-service 02
  annotations:
    service.beta.kubernetes.io/aws-load-balancer-internal: 'true'
spec:
  ports:
    - port: 80
      targetPort: 80
      protocol: TCP
  type: LoadBalancer
  selector:
    app: nginx
---
apiVersion: v1
kind: Service
metadata:
  name: sample-service 03
  annotations:
    service.beta.kubernetes.io/azure-load-balancer-internal: 'true'
spec:
  ports:
    - port: 80
      targetPort: 80
      protocol: TCP
  type: LoadBalancer
  selector:
    app: nginx
---
apiVersion: v1
kind: Service
metadata:
  name: sample-service 04
  annotations:
    networking.gke.io/load-balancer-type: 'Internal'
spec:
  ports:
    - port: 80
      targetPort: 80
      protocol: TCP
  type: LoadBalancer
  selector:
    app: nginx

Non-Compliant Code Examples

apiVersion: v1
kind: Service
metadata:
  name: sample-service 05
spec:
  ports:
    - port: 80
      targetPort: 80
      protocol: TCP
  type: LoadBalancer
  selector:
    app: nginx
---
apiVersion: v1
kind: Service
metadata:
  name: sample-service 05334443
  annotations:
    service.beta.kubernetes.io/aws-load-balancer-internal: 'false'
spec:
  ports:
    - port: 80
      targetPort: 80
      protocol: TCP
  type: LoadBalancer
  selector:
    app: nginx
---
apiVersion: v1
kind: Service
metadata:
  name: sample-service 07
  annotations:
    service.beta.kubernetes.io/azure-load-balancer-internal: 'false'
spec:
  ports:
    - port: 80
      targetPort: 80
      protocol: TCP
  type: LoadBalancer
  selector:
    app: nginx
---
apiVersion: v1
kind: Service
metadata:
  name: sample-service 08
  annotations:
    networking.gke.io/load-balancer-type: 'External'
spec:
  ports:
    - port: 80
      targetPort: 80
      protocol: TCP
  type: LoadBalancer
  selector:
    app: nginx
---
apiVersion: v1
kind: Service
metadata:
  name: sample-service 09
  annotations:
    cloud.google.com/load-balancer-type: 'External'
spec:
  ports:
    - port: 80
      targetPort: 80
      protocol: TCP
  type: LoadBalancer
  selector:
    app: nginx