Ensure Azure Kubernetes Service (AKS) Cluster Dashboard Is Disabled
Ensure the dashboard is disabled to reduce the risk of attacks through its access interface and eliminate the need for managing it. Disable the Kubernetes dashboard on an AKS cluster in the Terraform provider for Azure. Dashboards are treated as AKS add-ons that integrate with Azure Monitor for containers integration, AKS virtual nodes, or HTTP application routing. The dashboard add-on is default disabled for all newly created clusters on Kubernetes 1.18 or higher.
Risk Level: informational
Cloud Entity: Azure
Spectral Rule ID: AZURE007
REMEDIATION
set properties.addonProfiles.kubeDashboard.enabled
to false
"apiVersion": "2020-02-01",
"properties": {
"addonProfiles": {
"kubeDashboard": {
- "enabled": true
+ "enabled": false
}
}
References:
Azure AKS
AKS is an open-source fully managed container orchestration service that became available in June 2018 and is available on the Microsoft Azure public cloud that can be used to deploy, scale and manage Docker containers and container-based applications in a cluster environment.
Updated over 1 year ago