All Policies

Restrict Service Port Range

Services which are allowed to expose any port number may be able to impact other applications running on the Node which require them, or may make specifying security policy externally more challenging. This policy enforces that only the port range 32000 to 33000 may be used for Service resources.

Policy Definition

/other/restrict_service_port_range/restrict-service-port-range.yaml

 1apiVersion: kyverno.io/v1
 2kind: ClusterPolicy
 3metadata:
 4  name: restrict-service-port-range
 5  annotations:
 6    policies.kyverno.io/title: Restrict Service Port Range
 7    policies.kyverno.io/category: Other
 8    policies.kyverno.io/severity: medium
 9    kyverno.io/kyverno-version: 1.6.0
10    policies.kyverno.io/minversion: 1.6.0
11    kyverno.io/kubernetes-version: "1.23"
12    policies.kyverno.io/subject: Service
13    policies.kyverno.io/description: >-
14      Services which are allowed to expose any port number may be able
15      to impact other applications running on the Node which require them,
16      or may make specifying security policy externally more challenging.
17      This policy enforces that only the port range 32000 to 33000 may
18      be used for Service resources.      
19spec:
20  validationFailureAction: audit
21  rules:
22  - name: restrict-port-range
23    match:
24      any:
25      - resources:
26          kinds:
27          - Service
28    validate:
29      message: Ports must be between 32000-33000
30      pattern:
31        spec:
32          ports:
33          - port: 32000-33000
Create policy issue