Action Item: Host Port Kubernetes Configuration

Learn how to to check your host port configurations with Fairwinds Insights.


Hello everyone. My name is Munib Ali, I'm the engineering manager here at Fairwinds. Today I'm going to be talking about how to resolve the Insights Action Item, Host port should not be configured.

Insights scans containers to see if host port is configured. Configuring a host port allows the container to ensure that, that port is accessible on each node that it is deployed to. Unfortunately, when that is specified, it limits where a pod can actually be scheduled in a cluster. Therefore, Insights recommends that this is not configured.

What we're going to do is find this action item and locate exactly where this is in the cluster, and remediate it.

If you look at the bottom of my screen, you will see the Fairwinds Insights user interface. And I have this filtered on my cluster, and the specific action item for the host port not being configured. And I have three action items.

I'm going to just pull one of them, the first one. To the right I'm going to get some information to determine where exactly this action item is.

We see, this is in the namespace, Kube2iam, it's a DaemonSet, and the resource name is Kube2iam. We also get a little bit of description about this action item, as well as the remediation to not configure the host port attribute.

What we're going to do now is go into the cluster and find that configuration. I found that configuration. I'm just going to pull the YAML file, and I'm going to look at where host port is configured. There you go. Right here, we see host port is configured for port 8181.

To remediate this action item, we should remove this so it can be allowed to be scheduled in a cluster, and that will resolve that action item.

Thank you everyone for watching.