hostPort is specified
Description
The hostPort setting applies to the Kubernetes containers. The container port will be exposed to the external network at `:`, where the hostIP is the IP address of the Kubernetes node where the container is running, and the hostPort is the port requested by the user.
We recommend that you do not specify a hostPort for a pod unless it is absolutely necessary. When you bind a pod to a hostPort, it limits the number of places the pod can be scheduled, because each `<hostIP, hostPort, protocol>` combination must be unique.
NOTE: If you do not specify the hostIP and protocol explicitly, Kubernetes will use 0.0.0.0 as the default hostIP and TCP as the default protocol. This will expose your host to the internet.
Code Example
apiVersion: v1
kind: Pod
metadata:
name: <Pod name>
spec:
containers:
- name: <container name>
image: <image>
ports:
- hostPort: <port>Remediation
Kubernetes
- Resource: Container
- Arguments: hostPort (Optional)
Defines the number of port to expose on the host.
Rule Details
| Field | Value |
|---|---|
| ID | IAC-1104 |
| Severity | LOW |
| IaC Type | Kubernetes |
| Frameworks | Kubernetes, |
| Checkov ID | CKV_K8S_26 |