C-0047 - Exposed dashboard

Exposed dashboard


MITRE, ArmoBest, NSA, YAML-scanning, AllControls



Description of the the issue

The Kubernetes dashboard is a web-based user interface that enables monitoring and management of the Kubernetes cluster. By default, the dashboard exposes an internal endpoint (ClusterIP service). If the dashboard is exposed externally, it can allow unauthenticated remote management of the cluster.

Related resources

Deployment, Service

What does this control test

Checking if Kubernetes dashboard exists deployment and exposed externally as a service (nodeport/loadbalancer), check if the version of the container image is older than v2.0.1 we raise an alert.


Update dashboard version to v2.0.1 and above.


No example

Did this page help you?