Ensure Kubernetes dashboard is not deployed

Error: Kubernetes dashboard is deployed

Bridgecrew Policy ID: BC_K8S_31
Checkov Check ID: CKV_K8S_33
Severity: LOW

Kubernetes dashboard is deployed

Description

The Terraform provider for Azure enables the capability to disable the Kubernetes dashboard on an AKS cluster. This is achieved by providing the Kubernetes dashboard as an AKS add-on, similar to the Azure Monitor, for containers integration, AKS virtual nodes, and the HTTP application routing.

In mid-2019 Tesla was hacked where their kube-dashboard was exposed to the internet. Hackers browsed around, found credentials, and deployed pods running bitcoin mining software. We recommend you disable the kube-dashboard if it's not needed, to prevent the need to manage its individual access interface and limit it as an attack vector.

Fix - Buildtime

Kubernetes

  • Resource: Container
  • Arguments:
    labels:app / k8s-app - specifies the app label for the pod
    image - defines the image used by the container
apiVersion: v1
kind: Pod
metadata:
  name: <name>
  labels:
-   app: kubernetes-dashboard
-   k8s-app: kubernetes-dashboard
spec:
  containers:
  - name: <container name>
-   image: kubernetes-dashboard
-   image: kubernetesui