CVE-2020-8554: Services should not use 'externalIPs'

Services should not be configured with externalIPs.

Risk Level: High
Cloud Entity: Service
CloudGuard Rule ID: D9.K8S.AC.15
Covered by Spectral: No
Category: Networking & Content Delivery


KubernetesService should not have (spec.type isEmpty() or spec.type like 'ClusterIP') and spec.externalIPs



In Kubernetes, a Service is an abstraction which defines a logical set of Pods and a policy by which to access them (sometimes this pattern is called a micro-service). The set of Pods targeted by a Service is usually determined by a selector.

Compliance Frameworks

  • Container Admission Control
  • Container Admission Control 1.0