ArmoBest, NSA, DevOpsBest, YAML-scanning, AllControls
Workloads (like pod, deployment, etc) that contain a container with hostport. The problem that arises is that if the scale of your workload is larger than the number of nodes in your Kubernetes cluster, the deployment fails. And any two workloads that specify the same HostPort cannot be deployed to the same node. In addition, if the host where your pods are running becomes unavailable, Kubernetes reschedules the pods to different nodes. Thus, if the IP address for your workload changes, external clients of your application will lose access to the pod. The same thing happens when you restart your pods — Kubernetes reschedules them to a different node if available.
CronJob, DaemonSet, Deployment, Job, Pod, ReplicaSet, StatefulSet
Check for each workload (with container) if it exists inside the container hostPort.
Avoid usage of hostPort unless it is absolutely necessary, in which case define appropriate exception. Use NodePort / ClusterIP instead.
apiVersion: v1 kind: Pod metadata: name: firstpod spec: containers: - name: container image: nginx ports: - containerPort: 80 hostIP: 10.0.0.1 hostPort: 8080 #we look for this attribute
Updated about 2 months ago