Services should not expose SSH port

Ensure that services are not configured to expose port 22.

Risk Level: Low
Cloud Entity: Service
CloudGuard Rule ID: D9.K8S.AC.22
Covered by Spectral: No
Category: Networking & Content Delivery


KubernetesService should not have (spec.type isEmpty() or spec.type='ClusterIP') and spec.ports contain-any [ port=22 ]



In Kubernetes, a Service is an abstraction which defines a logical set of Pods and a policy by which to access them (sometimes this pattern is called a micro-service). The set of Pods targeted by a Service is usually determined by a selector.

Compliance Frameworks

  • Container Admission Control
  • Container Admission Control 1.0