I’m trying to understand the (security) implications of these various bindings.
To my understanding
127.0.0.1Would effectively prevent traffic to the pod
0.0.0.0Would allow traffic to the pod (on all interfaces)
$POD_IPWould allow “normal” traffic to the pod but would prevent
kubectl port-forwardto work (see also
It seems to me that
0.0.0.0 is the most convenient option to open a server as it allows for easy (network) debugging via
$POD_IP seems to me the “correct” way but I don’t have any strong arguments. It feels that it would help reduce the attack surface but I’m far from being a Kubernetes/Networking expert.
Does anyone have some insights into this topic? Any “opinion” pieces that go beyond the usual "
0.0.0.0" discussion? Any material I can read? Any other forum/website more appropriate for this discussion?