github/polaris
1
0
Fork 0
mirror of https://github.com/FairwindsOps/polaris.git synced 2026-05-10 11:16:57 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
bd2da76c565b05ab67bc2bc4f51eca83ab76ffbc
polaris/docs/networking.md
Rob Scott 7662068c45 adding a lot of documentation
2019-04-18 15:24:13 -04:00

22 lines
1.3 KiB
Markdown
Raw Blame History

# Networking
Fairwinds supports a number of checks related to pod networking.
key | default | description
----|---------|------------
`networking.hostNetworkSet` | `warning` | Fails when `hostNetwork` attribute is configured.
`networking.hostPortSet` | `warning` | Fails when `hostPort` attribute is configured.
## Background
Although Kubernetes allows you to deploy a pod with access to the host network namespace, it's rarely a good idea. A pod running with the `hostNetwork` attribute enabled will have access to the loopback device, services listening on localhost, and could be used to snoop on network activity of other pods on the same node. There are certain examples where setting `hostNetwork` to true is required, such as deploying a networking plugin like Flannel.
Setting the `hostPort` attribute on a container will ensure that it is accessible on that specific port on each node it is deployed to. Unfortunately when this is specified, it limits where a pod can actually be scheduled in a cluster.
## Further Reading
- [Kubernetes Docs: Configuration Best Practices](https://kubernetes.io/docs/concepts/configuration/overview/#services)
- [Accessing Kubernetes Pods from Outside of the Cluster](http://alesnosek.com/blog/2017/02/14/accessing-kubernetes-pods-from-outside-of-the-cluster/)
Reference in New Issue View Git Blame Copy Permalink