Prevent External IPs 1.1.3

By specifying an existing IP address, an attacker could steal this traffic. This policy prevents any Service object from specifying external IPs.

  • Network
  • Security

Applies to

  • Service

Example

apiVersion: v1
kind: Service
metadata:
  name: service
spec:
  selector:
    app: server
- externalIPs:
- - 1.1.1.1

Risk acceptance

Use the annotation securitytower.io/policy.exclusion.preventexternalips as on the example below.
apiVersion: v1
kind: Service
metadata:
  name: your-service
  annotations:
    securitytower.io/policy.exclusion.preventexternalips: |-
      Describe why the service needs to specify external IPs.
...