Ensure Kubernetes Web UI Is Disabled

More Info:

The Kubernetes Web UI (Dashboard) has been a historical source of vulnerability and should only be deployed when necessary.

Risk Level

Medium

Address

Security, Reliability, Operational Excellence, Performance Efficiency

Compliance Standards

CISGKE

Triage and Remediation

Remediation

Using Console

Using CLI

To remediate the misconfiguration of ensuring Kubernetes Web UI is disabled in GCP, you can follow the below steps using GCP CLI:

Open the Cloud Shell in the GCP Console.
Run the following command to get the status of the Kubernetes Web UI:
```
kubectl get deployments -n kube-system
```
This command will list all the deployments in the kube-system namespace.
Check if kubernetes-dashboard deployment is present in the output of the above command. If it is present, then the Kubernetes Web UI is enabled.
Run the following command to delete the kubernetes-dashboard deployment:
```
kubectl delete deployment kubernetes-dashboard -n kube-system
```
This command will delete the kubernetes-dashboard deployment from the kube-system namespace.
Verify that the kubernetes-dashboard deployment is deleted by running the following command:
```
kubectl get deployments -n kube-system
```
This command should not list the kubernetes-dashboard deployment.
Run the following command to delete the Kubernetes Web UI service:
```
kubectl delete service kubernetes-dashboard -n kube-system
```
This command will delete the Kubernetes Web UI service from the kube-system namespace.
Verify that the Kubernetes Web UI service is deleted by running the following command:
```
kubectl get services -n kube-system
```
This command should not list the kubernetes-dashboard service.
Finally, run the following command to verify that the Kubernetes Web UI is disabled:
```
kubectl cluster-info
```
This command should not list the Kubernetes Web UI endpoint.

By following the above steps, you can remediate the misconfiguration of ensuring Kubernetes Web UI is disabled in GCP using GCP CLI.

Using Python

To remediate the misconfiguration “Ensure Kubernetes Web UI Is Disabled” for GCP using python, you can follow these steps:

Open the Cloud Shell in your GCP console.
Install the required Python libraries: google-auth and google-cloud-resource-manager.
Set the project ID where the Kubernetes cluster is running: PROJECT_ID=<your-project-id>
Set the name of the Kubernetes cluster: CLUSTER_NAME=<your-cluster-name>
Run the following Python code to disable Kubernetes Web UI:

from google.cloud import resource_manager
from google.oauth2 import service_account

# Set the path to your service account key file
KEY_PATH = '/path/to/your/key.json'

# Authenticate with your GCP account
credentials = service_account.Credentials.from_service_account_file(KEY_PATH)
client = resource_manager.Client(credentials=credentials)

# Find the Kubernetes cluster
for cluster in client.list_clusters(project=PROJECT_ID):
    if cluster.name == CLUSTER_NAME:
        # Disable Kubernetes Web UI
        cluster.master_auth.disabled = True
        client.update_cluster(cluster)
        print(f"Kubernetes Web UI is now disabled for cluster {CLUSTER_NAME}")
        break
else:
    print(f"Kubernetes cluster {CLUSTER_NAME} not found in project {PROJECT_ID}")

Note: Make sure to replace <your-project-id>, <your-cluster-name>, and KEY_PATH with your own values before running the code.

Verify that Kubernetes Web UI is disabled by accessing the Kubernetes dashboard URL. You should see an error message indicating that the dashboard is not available.

By following these steps, you should be able to remediate the misconfiguration “Ensure Kubernetes Web UI Is Disabled” for GCP using python.

Additional Reading:

https://cloud.google.com/kubernetes-engine/docs/how-to/hardening-your-cluster#disable_kubernetes_dashboard

GCP Introduction

GCP Pricing

GCP Threats

GCP Misconfigurations

Resources

GCP Threats

Ensure Kubernetes Web UI Is Disabled

More Info:

Risk Level

Address

Compliance Standards

Triage and Remediation

Remediation

Additional Reading:

GCP Introduction

GCP Pricing

GCP Threats

GCP Misconfigurations

Resources

GCP Threats

​More Info:

​Risk Level

​Address

​Compliance Standards

​Triage and Remediation

​Remediation

​Additional Reading:

More Info:

Risk Level

Address

Compliance Standards

Triage and Remediation

Remediation

Additional Reading: