Multiple Applications mapped to a single Service

Services connect Kubernetes applications. Label selectors are used to associating Pods with Services. This validator detects a condition when there are more than one applications associated with a Service. It usually indicates that label selector is loosely defined resulting in multiple apps referred by a Service.

Affected Resources: Service

Examples

apiVersion: v1
kind: Service
metadata:
  name: billing-service
spec:
  type: ClusterIP
  selector:
    component: backend          # Is the app: billing missing?

apiVersion: apps/v1
kind: Deployment
metadata:
  name: billing-app
  labels:
    component: backend
    app: billing

apiVersion: apps/v1
kind: Deployment
metadata:
  name: checkout-app
  labels:
    component: backend
    app: checkout

Resolution

Identify which application should the Service refer to.

Add necessary labels to the Service selector.

There is a possible false positive trigger for this validator. Sometimes a single application is launched using multiple Deployments. For example, a redis-master and redis-slave nodes are deployed using individual Deployments, yet a single Service points to all redis nodes, regardless of whether they are masters or slaves.

Learn More

https://kubernetes.io/docs/concepts/services-networking/service/

https://kubernetes.io/docs/concepts/services-networking/connect-applications-service/

Networking

No Application exposed by Ingress

Need other validation rules?

Please let us know if there are other built-in validation rules you would like to see in Kubevious to detect misconfigurations and violations to best practices. Optionally, you can provide your details so we can reach out to you with follow-up questions.

Share this article on: