Control: Containers should not be exposed through a forbidden service type
Description
Containers should not be exposed through a forbidden service type such as `NodePort` or `LoadBalancer`.
Usage
Run the control in your terminal:
powerpipe control run kubernetes_compliance.control.service_type_forbidden
Snapshot and share results via Turbot Pipes:
powerpipe loginpowerpipe control run kubernetes_compliance.control.service_type_forbidden --share
SQL
This control uses a named query:
select coalesce(uid, concat(path, ':', start_line)) as resource, case when type in ('NodePort','LoadBalancer') then 'alarm' else 'ok' end as status, case when type in ('NodePort','LoadBalancer') then 'Containers using ' || name || ' service exposed through ' || type || ' service type.' else 'Containers using ' || name || ' service not exposed through a forbidden service type.' end as reason , coalesce(context_name, '') as context_name, namespace, source_type, coalesce(path || ':' || start_line || '-' || end_line, '') as pathfrom kubernetes_service;