Ensure Kubernetes web UI / Dashboard is disabled

You should disable the Kubernetes Web UI (Dashboard) when running on Kubernetes Engine. The Kubernetes Web UI is backed by a highly privileged Kubernetes Service Account. The Google Cloud Console provides all the required functionality of the Kubernetes Web UI and leverages Cloud IAM to restrict user access to sensitive cluster controls and settings.

Risk Level: High
Cloud Entity: Kubernetes Cluster
CloudGuard Rule ID: D9.GCP.OPE.02
Covered by Spectral: No
Category: Compute


GkeCluster should have addonsConfig.kubernetesDashboard.disabled=true


From Portal

  1. Go to Kubernetes GCP Engine by visiting https://console.cloud.google.com/kubernetes/list
  2. Select the Kubernetes cluster for which the web UI is enabled
  3. Click EDIT
  4. Click on the 'Add-ons' heading to expand, and set 'Kubernetes dashboard' to 'Disabled'
  5. Click SAVE.

From Command Line
To Update existing cluster:

gcloud container clusters update CLUSTER_NAME --zone ZONE --update-addons=KubernetesDashboard=DISABLED

Note: The Kubernetes web UI is disabled by default in GKE 1.10 and higher.
In GKE 1.15 and higher, the Kubernetes web UI add-on KubernetesDashboard is no longer supported as a managed add-on.


  1. https://cloud.google.com/kubernetes-engine/docs/how-to/hardening-your-cluster#disable_kubernetes_dashboard

Kubernetes Cluster

Kubernetes Engine is a managed, production-ready environment for deploying containerized applications. It brings our latest innovations in developer productivity, resource efficiency, automated operations, and open source flexibility to accelerate your time to market.

Launched in 2015, Kubernetes Engine builds on Google's experience of running services like Gmail and YouTube in containers for over 12 years. Kubernetes Engine allows you to get up and running with Kubernetes in no time, by completely eliminating the need to install, manage, and operate your own Kubernetes clusters.

Compliance Frameworks

  • CloudGuard GCP All Rules Ruleset
  • GCP CIS Foundations v. 1.0.0
  • GCP CloudGuard Best Practices
  • GCP MITRE ATT&CK Framework v12.1
  • GCP NIST 800-53 Rev 5