Detections
Analytics

Ensure that kubernetes dashboard is disabled for Azure Kubernetes Cluster

MEDIUM

Description

Enabling kubernetes dashboard in Azure Kubernetes Cluster may lead to unauthorized access.

Remediation

The AKS add-on for the Kubernetes dashboard has been deprecated and replaced by the standard AKS Portal. To disable it from Terraform, follow the steps below.

In Terraform -
For Azure Provider versions prior to 2.90.x (kube_dashboard has been removed from current versions):

  1. In the azurerm_kubernetes_cluster resource, if there's an addon_profile block that contains a kube_dashboard block, remove the block.
  2. Alternately, set the field kube_dashboard.enabled to false.

References:
https://learn.microsoft.com/en-us/azure/aks/kubernetes-portal
https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/kubernetes_cluster
https://registry.terraform.io/providers/hashicorp/azurerm/2.89.0/docs/resources/kubernetes_cluster

Policy Details

Rule Reference ID: AC_AZURE_0161
CSP: Azure
Remediation Available: Yes
Domain: Infrastructure Security
Resource: azurerm_kubernetes_cluster
Resource Category: Compute
Resource Type: Azure Kubernetes Service (AKS)

Frameworks