Skip to main content

☑️ Prevent Service from exposing node port

Exposing a NodePort will open a network port on all nodes to be reached by the cluster's external network. Using this method to expose the application is less secure and forces you to create unnecessary coupling between services in order to expose them all to external traffic.

Targeted resources by this rule (types of kind): Service

Enabled by default? True

Policy as code identifier: SERVICE_INCORRECT_TYPE_VALUE_NODEPORT


This rule will fail

If the service type is configured as NodePort

kind: Service
spec:
type: NodePort

Rule output in the CLI

$ datree test *.yaml

>> File: failExample.yaml
❌ Prevent Service from exposing node port [1 occurrence]
💡 Incorrect value for key `type` - `NodePort` will open a port on all nodes where it can be reached by the network external to the cluster

How to fix this failure

Use a different service type other than NodePort


Read more