Ensure Kubernetes dashboard is not deployed
Error: Kubernetes dashboard is deployed
Bridgecrew Policy ID: BC_K8S_31
Checkov Check ID: CKV_K8S_33
Severity: LOW
Kubernetes dashboard is deployed
Description
The Terraform provider for Azure enables the capability to disable the Kubernetes dashboard on an AKS cluster. This is achieved by providing the Kubernetes dashboard as an AKS add-on, similar to the Azure Monitor, for containers integration, AKS virtual nodes, and the HTTP application routing.
In mid-2019 Tesla was hacked where their kube-dashboard was exposed to the internet. Hackers browsed around, found credentials, and deployed pods running bitcoin mining software. We recommend you disable the kube-dashboard if it's not needed, to prevent the need to manage its individual access interface and limit it as an attack vector.
Fix - Buildtime
Kubernetes
- Resource: Container
- Arguments:
labels:app / k8s-app - specifies the app label for the pod
image - defines the image used by the container
apiVersion: v1
kind: Pod
metadata:
name: <name>
labels:
- app: kubernetes-dashboard
- k8s-app: kubernetes-dashboard
spec:
containers:
- name: <container name>
- image: kubernetes-dashboard
- image: kubernetesui
Updated 6 months ago