Ensure that the –DenyServiceExternalIPs is not set
| Property | |
|---|---|
| Language |  |
| Severity |  |
Description#
Enabling the DenyServiceExternalIPs admission controller blocks all new usage of the ’externalIPs’ field in Kubernetes Services, preventing workloads from being assigned external IP addresses via this method.
Impact#
If this restriction is enforced, legitimate use cases requiring external IP assignment for services will fail, potentially disrupting network connectivity and limiting cluster functionality for applications that depend on external access.
Resolution#
Edit the API server pod specification file $apiserverconf on the control plane node and remove the DenyServiceExternalIPs from enabled admission plugins.