CNTR-K8-000420 - Kubernetes dashboard must not be enabled.

Warning! Audit Deprecated

This audit has been deprecated and will be removed in a future update.

View Next Audit Version

Information

While the Kubernetes dashboard is not inherently insecure on its own, it is often coupled with a misconfiguration of Role-Based Access control (RBAC) permissions that can unintentionally over-grant access. It is not commonly protected with 'NetworkPolicies', preventing all pods from being able to reach it. In increasingly rare circumstances, the Kubernetes dashboard is exposed publicly to the internet.

Solution

Delete the Kubernetes dashboard deployment with the following command:

kubectl delete deployment kubernetes-dashboard --namespace=kube-system

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_Kubernetes_V2R1_STIG.zip

Item Details

References: CAT|II, CCI|CCI-000213, Rule-ID|SV-242395r960792_rule, STIG-ID|CNTR-K8-000420, Vuln-ID|V-242395

Plugin: Unix

Control ID: bcdcceccba31867e3936b544bd8303949c376fd0df1b751d058ddbdf30babf9d