C-0266 - Exposure to internet via Gateway API or Istio Ingress

Framework

security

Severity

High

Description of the the issue

This control detect workloads that are exposed on Internet through a Gateway API (HTTPRoute,TCPRoute, UDPRoute) or Istio Gateway. It fails in case it find workloads connected with these resources.

Related resources

CronJob, DaemonSet, Deployment, Gateways, HTTPRoute, Job, Pod, ReplicaSet, Service, StatefulSet, TCPRoute, UDPRoute, VirtualService

What does this control test

Checks if workloads are exposed through the use of Gateway API (HTTPRoute,TCPRoute, UDPRoute) or Istio Gateway.

Remediation

The user can evaluate its exposed resources and apply relevant changes wherever needed.

Example

No example