Service Type is NodePort

• Query id: 5c281bf8-d9bb-47f2-b909-3f6bb11874ad
• Query name: Service Type is NodePort
• Platform: Terraform
• Severity: Low
• Category: Networking and Firewall
• CWE: 665
• URL: Github

Description

Service type should not be NodePort
Documentation

Code samples

Code samples with security vulnerabilities

Positive test num. 1 - tf file

resource "kubernetes_service" "example" {
  metadata {
    name = "terraform-example"
  }
  spec {
    selector = {
      app = kubernetes_pod.example.metadata.0.labels.app
    }
    session_affinity = "ClientIP"
    port {
      port        = 8080
      target_port = 80
    }

    type = "NodePort"
  }
}

Code samples without security vulnerabilities

Negative test num. 1 - tf file

resource "kubernetes_service" "example2" {
  metadata {
    name = "terraform-example"
  }
  spec {
    selector = {
      app = kubernetes_pod.example.metadata.0.labels.app
    }
    session_affinity = "ClientIP"
    port {
      port        = 8080
      target_port = 80
    }

    type = "LoadBalancer"
  }
}