UCF STIG Viewer Logo

Kubernetes dashboard must not be enabled.


Overview

Finding ID Version Rule ID IA Controls Severity
V-242395 CNTR-K8-000420 SV-242395r712541_rule Medium
Description
While the Kubernetes dashboard is not inherently insecure on its own, it is often coupled with a misconfiguration of Role-Based Access control (RBAC) permissions that can unintentionally over-grant access. It is not commonly protected with "NetworkPolicies", preventing all pods from being able to reach it. In increasingly rare circumstances, the Kubernetes dashboard is exposed publicly to the internet.
STIG Date
Kubernetes Security Technical Implementation Guide 2021-04-14

Details

Check Text ( C-45670r712539_chk )
From the master node, run the command:

kubectl get pods --all-namespaces -l k8s-app=kubernetes-dashboard

If any resources are returned, this is a finding.
Fix Text (F-45628r712540_fix)
Delete the Kubernetes dashboard deployment with the following command:

kubectl delete deployment kubernetes-dashboard --namespace=kube-system