This document describes a threat finding type in Security Command Center. Threat findings are generated by threat detectors when they detect a potential threat in your cloud resources. For a full list of available threat findings, see Threat findings index.
Finding description
Someone created a NodePort service. NodePort services expose Pods directly on a node's IP address and static port, which makes the Pods accessible from outside the cluster. This can introduce a significant security risk because it could allow an attacker to exploit vulnerabilities in the exposed service to gain access to the cluster or sensitive data.
- Review the service's configuration to determine its purpose.
- Consider restricting network policies to secure the service.
What's next
- Learn how to work with threat findings in Security Command Center.
- Refer to the Threat findings index.
- Learn how to review a finding through the Google Cloud console.
- Learn about the services that generate threat findings.