Use hostPort on nginx ingress controller is insecure?

8/10/2020

I'm using nginx-ingress controller (https://docs.nginx.com/nginx-ingress-controller) and I would like to know if expose ingress using hostPort is insecure. I am currently using nodePort with a balancer layer 3 / 4 on the front.

-- Clarencio
kubernetes
nginx
nginx-ingress

2 Answers

4/21/2021

Depends on the application requirements. For very small, one node clusters, it seems like hostPort is exactly what you want. ingress-nginx suggests you configure it to use DaemonSet instead of Deployment to make sure "there can be only one" per node.

-- Charlie Reitzel
Source: StackOverflow

8/10/2020

It is not insecure on it's own it's just REALLY not recommended, it all depend on the security of the deployment that is exposed , and the security of your host.

Also , exposing hostPort is not recommended outside of a test stage , because , you can deploy only on pod per host/node (as only one port is available).

If you achieve what you wanted to do using nodeport , stick to it , as it's the best choice if you are using a Loadbalancer in front of your cluster

-- Popopame
Source: StackOverflow