☑️ Prevent Service from exposing node port
Exposing a NodePort will open a network port on all nodes to be reached by the cluster's external network. Using this method to expose the application is less secure and forces you to create unnecessary coupling between services in order to expose them all to external traffic.
Targeted objects by this rule (types of kind
): Service
Complexity: easy (What does this mean?)
Policy as code identifier: SERVICE_INCORRECT_TYPE_VALUE_NODEPORT
This rule will fail
If the service type
is configured as NodePort
kind: Service
spec:
type: NodePort
Rule output in the CLI
$ datree test *.yaml
>> File: failExample.yaml
❌ Prevent Service from exposing node port [1 occurrence]
💡 Incorrect value for key `type` - `NodePort` will open a port on all nodes where it can be reached by the network external to the cluster
How to fix this failure
Use a different service type
other than NodePort