☑️ Prevent Service from exposing node port

Exposing a NodePort will open a network port on all nodes to be reached by the cluster's external network. Using this method to expose the application is less secure and forces you to create unnecessary coupling between services in order to expose them all to external traffic.

Targeted resources by this rule (types of kind): Service

Enabled by default? True

Policy as code identifier: SERVICE_INCORRECT_TYPE_VALUE_NODEPORT

This rule will fail

If the service type is configured as NodePort

YAML

Rule output in the CLI

Terminal

How to fix this failure

Use a different service type other than NodePort

Read more