I'm using nginx-ingress controller (https://docs.nginx.com/nginx-ingress-controller) and I would like to know if expose ingress using hostPort is insecure. I am currently using nodePort with a balancer layer 3 / 4 on the front.
Depends on the application requirements. For very small, one node clusters, it seems like hostPort
is exactly what you want. ingress-nginx
suggests you configure it to use DaemonSet
instead of Deployment
to make sure "there can be only one" per node.
It is not insecure on it's own it's just REALLY not recommended, it all depend on the security of the deployment that is exposed , and the security of your host.
Also , exposing hostPort is not recommended outside of a test stage , because , you can deploy only on pod per host/node (as only one port is available).
If you achieve what you wanted to do using nodeport , stick to it , as it's the best choice if you are using a Loadbalancer in front of your cluster