Service Type is NodePort

• Query id: 845acfbe-3e10-4b8e-b656-3b404d36dfb2
• Query name: Service Type is NodePort
• Platform: Kubernetes
• Severity: Low
• Category: Networking and Firewall
• CWE: 665
• URL: Github

Description

Service type should not be NodePort
Documentation

Code samples

Code samples with security vulnerabilities

Positive test num. 1 - yaml file

apiVersion: v1
kind: Service
metadata:
  name: my-service
spec:
  type: NodePort
  selector:
    app: MyApp
  ports:
    - port: 80
      targetPort: 80
      nodePort: 30007

Code samples without security vulnerabilities

Negative test num. 1 - yaml file

apiVersion: v1
kind: Service
metadata:
  name: my-service
spec:
  selector:
    app: MyApp
  ports:
    - protocol: TCP
      port: 80
      targetPort: 9376
  clusterIP: 10.0.171.239
  type: LoadBalancer
status:
  loadBalancer:
    ingress:
    - ip: 192.0.2.127