☑️ Prevent Service from exposing node port

Exposing a NodePort will open a network port on all nodes to be reached by the cluster's external network. Using this method to expose the application is less secure and forces you to create unnecessary coupling between services in order to expose them all to external traffic.

Targeted objects by this rule (types of kind): Service

Complexity: easy (What does this mean?)

Policy as code identifier: SERVICE_INCORRECT_TYPE_VALUE_NODEPORT

This rule will fail

If the service type is configured as NodePort

kind: Service
spec:
  type: NodePort

Rule output in the CLI

$ datree test *.yaml

>> File: failExample.yaml
❌ Prevent Service from exposing node port [1 occurrence]
💡 Incorrect value for key `type` - `NodePort` will open a port on all nodes where it can be reached by the network external to the cluster

How to fix this failure

Use a different service type other than NodePort

NodePort vs LoadBalancer vs Ingress - When should I use what?
Kubernetes configurations best practices - NodePort

This rule will fail​

Rule output in the CLI​

How to fix this failure​

Read more​

This rule will fail

Rule output in the CLI

How to fix this failure

Read more