Service does not target a Pod

This product is not supported for your selected Datadog site. ().

Metadata

Id: 3ca03a61-3249-4c16-8427-6f8e47dda729

Cloud Provider: k8s

Framework: Kubernetes

Severity: Low

Category: Insecure Configurations

Learn More

Description

The Service should target at least one Pod.

Compliant Code Examples


apiVersion: v1
kind: Service
metadata:
  name: helloworld
spec:
  type: NodePort
  selector:
    app: helloworld
  ports:
    - name: http
      nodePort: 30475
      port: 8089
      protocol: TCP
      targetPort: 8089

---

apiVersion: v1
kind: Pod
metadata:
  name: nginx
  labels:
    app: helloworld
spec:
  containers:
  - name: nginx
    image: nginx
    ports:
      - containerPort: 8089

apiVersion: v1
kind: Service
metadata:
  name: helloworld
spec:
  type: NodePort
  selector:
    app: helloworld
  ports:
    - name: http
      nodePort: 30475
      port: 8089
      protocol: TCP
      targetPort: 8089
---
apiVersion: v1
kind: Pod
metadata:
  name: nginx3
  labels:
    app: helloworld
spec:
  containers:
  - name: nginx
    image: nginx
    ports:
      - containerPort: 808
---
apiVersion: v1
kind: Pod
metadata:
  name: nginx
  labels:
    app: helloworld
spec:
  containers:
  - name: nginx
    image: nginx
    ports:
      - containerPort: 8089

apiVersion: v1
kind: Service
metadata:
  name: negative4
spec:
  selector:
    app: negative4
    tier: backend
  ports:
  - protocol: TCP
    port: 80
    targetPort: http
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: backend
spec:
  selector:
    matchLabels:
      app: negative4
      tier: backend
      track: stable
  replicas: 3
  template:
    metadata:
      labels:
        app: negative4
        tier: backend
        track: stable
    spec:
      containers:
        - name: negative4
          image: "gcr.io/google-samples/hello-go-gke:1.0"
          ports:
            - name: http
              containerPort: 80

Non-Compliant Code Examples

apiVersion: v1
kind: Service
metadata:
  name: helloworld3
spec:
  type: NodePort
  selector:
    app: helloworld3
  ports:
    - name: http
      nodePort: 30475
      port: 9377
      protocol: TCP
      targetPort: 9377
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: nginx-deployment
  labels:
    app: helloworld3
spec:
  replicas: 3
  selector:
    matchLabels:
      app: helloworld3
  template:
    metadata:
      labels:
        app: helloworld3
    spec:
      containers:
        - name: nginx
          image: nginx:1.14.2
          ports:
            - containerPort: 80

apiVersion: v1
kind: Service
metadata:
  name: helloworld2
spec:
  type: NodePort
  selector:
    app: helloworld2
  ports:
    - name: http
      nodePort: 30475
      port: 9377
      protocol: TCP
      targetPort: 9377
---
apiVersion: v1
kind: Pod
metadata:
  name: nginx2
  labels:
    app: hellowwwworld
spec:
  containers:
    - name: nginx
      image: nginx
      ports:
        - containerPort: 9377