Ensure Azure Kubernetes Service (AKS) Cluster Dashboard Is Disabled

Ensure the dashboard is disabled to reduce the risk of attacks through its access interface and eliminate the need for managing it. Disable the Kubernetes dashboard on an AKS cluster in the Terraform provider for Azure. Dashboards are treated as AKS add-ons that integrate with Azure Monitor for containers integration, AKS virtual nodes, or HTTP application routing. The dashboard add-on is default disabled for all newly created clusters on Kubernetes 1.18 or higher.

Suggest Edits

Risk Level: informational
Cloud Entity: Azure
Spectral Rule ID: AZURE007

REMEDIATION

set properties.addonProfiles.kubeDashboard.enabled to false

"apiVersion": "2020-02-01",
"properties": {
	"addonProfiles": {
		"kubeDashboard": {
			- "enabled": true
			+ "enabled": false
		}
	}

References:

https://learn.microsoft.com/en-us/azure/templates/microsoft.containerservice/managedclusters?tabs=json&pivots=deployment-language-bicep#managedclusteraddonprofile

Azure AKS

AKS is an open-source fully managed container orchestration service that became available in June 2018 and is available on the Microsoft Azure public cloud that can be used to deploy, scale and manage Docker containers and container-based applications in a cluster environment.

Updated 7 months ago