C-0256 - External facing

Framework

ClusterScan, security

Severity

High

Description of the the issue

This control detect workloads that are exposed on Internet through a Service (NodePort or LoadBalancer) or Ingress. It fails in case it find workloads connected with these resources.

Related resources

CronJob, DaemonSet, Deployment, Ingress, Job, Pod, ReplicaSet, Service, StatefulSet

What does this control test

Checks if workloads are exposed through the use of NodePort, LoadBalancer or Ingress

Remediation

The user can evaluate its exposed resources and apply relevant changes wherever needed.

Example

No example