CVE-2020-8554: Services should not use 'externalIPs'
Services should not be configured with externalIPs.
Risk Level: High
Cloud Entity: Service
CloudGuard Rule ID: D9.K8S.AC.15
Covered by Spectral: No
Category: Networking & Content Delivery
GSL LOGIC
KubernetesService should not have (spec.type isEmpty() or spec.type like 'ClusterIP') and spec.externalIPs
REMEDIATION
Service
In Kubernetes, a Service is an abstraction which defines a logical set of Pods and a policy by which to access them (sometimes this pattern is called a micro-service). The set of Pods targeted by a Service is usually determined by a selector.
Compliance Frameworks
- Container Admission Control
- Container Admission Control 1.0
Updated over 1 year ago