Service does not restrict ingress sources Affecting Service service in Kubernetes


Severity

0.0
medium
0
10
    Severity Framework
    Snyk CCSS
    Rule category
    Containers / Best Practices

Is your enviroment affected by this misconfiguration?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
    Frameworks
    CIS-Controls
  • Snyk ID SNYK-CC-00648
  • credit Snyk Research Team

Description

Defining a Load balancer Service without setting the loadBalancerSourceRanges property will use the default value of 0.0.0.0/0.

How to fix?

Set loadBalancerSourceRanges attribute value to specific IP addresses".

Example Configuration

---
apiVersion: v1
kind: Service
metadata:
  name: valid
spec:
  type: LoadBalancer
  ports:
    - port: 8080
      targetPort: http
      protocol: TCP
      name: http
  selector:
    app.kubernetes.io/name: demo-app
    app.kubernetes.io/instance: demo-app-instance
  loadBalancerSourceRanges:
   - "143.231.0.0/16"

Terraform

References