GCP Kubernetes Engine Clusters Web UI/Dashboard Is Set To Enabled

This policy identifies Kubernetes Engine Clusters which have enabled Kubernetes web UI/Dashboard. Since all the data is being transmitted over HTTP protocol, disabling Kubernetes web UI/Dashboard will protect the data from sniffers on the same network.

Policy Details

Policy Subtype
Run, Build
Severity
Medium
Template Type
Terraform

Build Rules

GCP Kubernetes Engine Clusters web UI/Dashboard is set to Enabled.
JSON Query:
$.resource[*].google_container_cluster exists and $.resource[*].google_container_cluster.*[*].*.addons_config[*].kubernetes_dashboard[*].disabled anyFalse
Recommendation:
Recommended solution to disable web UI/Dashboard for Kubernetes Engine Clusters.
Ensure that GCP Kubernetes Engine Clusters have web UI/Dashboard disabled. Please make sure that the template has "kubernetes_dashboard" enabled.
For example:
"google_container_cluster": [ { "<container_cluster_name>": [ { "addons_config": [ { "kubernetes_dashboard": [ { "disabled": true } ] } ] } ] } ]

Run Rule Recommendation

  1. Login to GCP Portal.
  2. Go to Kubernetes Engine (Left Panel).
  3. Select Kubernetes clusters.
  4. From the list of clusters, choose the reported cluster.
  5. Click on EDIT.
  6. Click on Add-ons.
  7. Set 'Kubernetes dashboard' to Disabled.
  8. Click Save.

Compliance

There are 8 standards that are applicable to this policy:
  • HITRUST CSF v9.3
  • MITRE ATT&CK [Beta]
  • PCI DSS v3.2
  • CIS v1.0.0 (GCP)
  • PIPEDA
  • CSA CCM v3.0.1
  • CCPA 2018
  • NIST 800-53 Rev4

Recommended For You