blockuseofnodeportservices

package

v0.0.0-...-44dad58 Latest Latest Go to latest Published: Dec 20, 2021 License: Apache-2.0 Imports: 10 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/kubernetes-sigs/multi-tenancy

Links

Open Source Insights

README ¶

Block use of NodePort services [MTB-PL1-BC-HI-1]

Profile Applicability:

1

Type:

Behavioral Check

Category:

Host Isolation

Description:

Tenants should not be able to create services of type NodePort.

Rationale:

NodePorts configure host ports that cannot be secured using Kubernetes network policies and require upstream firewalls. Also, multiple tenants cannot use the same host port numbers.

Audit:

Create a deployment and an associated service exposing a NodePort. The service creation must fail.

Remediation:

Use a policy engine such as OPA/Gatekeeper or Kyverno to block NodePort Services. You can use the policies present here.

namespaceRequired:

1

Documentation ¶

There is no documentation for this package.

Source Files ¶

View all Source files

block_use_of_nodeport_services.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL