github/polaris
1
0
Fork 0
mirror of https://github.com/FairwindsOps/polaris.git synced 2026-05-08 02:06:53 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
240c223c2ddb586194abb4f8fa080c2db25fb8bc
polaris/docs/networking.md
Rob Scott 7662068c45 adding a lot of documentation
2019-04-18 15:24:13 -04:00

1.3 KiB
Raw Blame History

Networking

Fairwinds supports a number of checks related to pod networking.

key default description
networking.hostNetworkSet warning Fails when hostNetwork attribute is configured.
networking.hostPortSet warning Fails when hostPort attribute is configured.

Background

Although Kubernetes allows you to deploy a pod with access to the host network namespace, it's rarely a good idea. A pod running with the hostNetwork attribute enabled will have access to the loopback device, services listening on localhost, and could be used to snoop on network activity of other pods on the same node. There are certain examples where setting hostNetwork to true is required, such as deploying a networking plugin like Flannel.

Setting the hostPort attribute on a container will ensure that it is accessible on that specific port on each node it is deployed to. Unfortunately when this is specified, it limits where a pod can actually be scheduled in a cluster.

Further Reading

Reference in New Issue View Git Blame Copy Permalink