C-0047 - Exposed dashboard

Exposed dashboard

Framework

NSA, MITRE, ArmoBest

Description of the the issue

The Kubernetes dashboard is a web-based user interface that enables monitoring and managment of the Kubernetes cluster. By default, the dashboard exposes an internal endpoint (ClusterIP service). If the dashboard is exposed externally, it can allow unauthenticated remote management of the cluster.

Related resources

Deployment, Service

What does this control test

Checking if Kubernetes dashboard exists deployment and exposed externally as a service (nodeport/loadbalancer), check if the version of the container image is older than v2.0.1 we raise an alert.

Remediation

Update dashboard version to v2.0.1 and above.

Example

No example


Did this page help you?