Skip to main content

☑️ Prevent Service from exposing node port

Exposing a NodePort will open a network port on all nodes to be reached by the cluster's external network. Using this method to expose the application is less secure and forces you to create unnecessary coupling between services in order to expose them all to external traffic.

Targeted objects by this rule (types of kind): Service

Complexity: easy (What does this mean?)


This rule will fail​

If the service type is configured as NodePort

kind: Service
type: NodePort

Rule output in the CLI​

$ datree test *.yaml

>> File: failExample.yaml
❌ Prevent Service from exposing node port [1 occurrence]
💡 Incorrect value for key `type` - `NodePort` will open a port on all nodes where it can be reached by the network external to the cluster

How to fix this failure​

Use a different service type other than NodePort

Read more​