For AI agents: A markdown version of this page is available at https://docs.datadoghq.com/security/code_security/iac_security/iac_rules/k8s/service_type_is_nodeport.md. A documentation index is available at /llms.txt.

Service type is NodePort

This product is not supported for your selected Datadog site. ().

Metadata

Id: 845acfbe-3e10-4b8e-b656-3b404d36dfb2

Cloud Provider: Kubernetes

Platform: Kubernetes

Severity: Low

Category: Networking and Firewall

Learn More

Description

Service resources should not have spec.type set to NodePort. A NodePort service exposes pods on each node and can create security and accessibility concerns; prefer ClusterIP or LoadBalancer where appropriate.

Compliant Code Examples

apiVersion: v1
kind: Service
metadata:
  name: my-service
spec:
  selector:
    app: MyApp
  ports:
    - protocol: TCP
      port: 80
      targetPort: 9376
  clusterIP: 10.0.171.239
  type: LoadBalancer
status:
  loadBalancer:
    ingress:
    - ip: 192.0.2.127

Non-Compliant Code Examples

apiVersion: v1
kind: Service
metadata:
  name: my-service
spec:
  type: NodePort
  selector:
    app: MyApp
  ports:
    - port: 80
      targetPort: 80
      nodePort: 30007