In my openshift cluster, I noticed that all my pods have a port that's open without me specifying it. Its the pott 443 which is apperantly used for the k8s api as mentiond in this post.
Even after reading, i still don't understand something.
I understand that the service exists and forwards to all pods. But for the pods to receive and send requests using this service. The port must be open in the containers. But somehow even without specifying a port on my pods container. That default 443 port is open. Which allows me to do something like this:
Is this safe?, What opens the container port without me specifying it? Is there a way to prevent this from happening?
I noticed that all my pods have a port that's open without me specifying it.
Yes, the contanerPort: is just metadata, the container might listen to other ports as well.
Is this safe?, What opens the container port without me specifying it? Is there a way to prevent this from happening?
Yes, this is what Kubernetes Network Policies are for.