Beta - Kubernetes Web UI Is Not Disabled
- Query id: ced11de2-e701-4e63-83ab-4fdb1ab8c5dd
- Query name: Beta - Kubernetes Web UI Is Not Disabled
- Platform: Terraform
- Severity: Low
- Category: Insecure Configurations
- CWE: 1188
- Risk score: 1.0
- URL: Github
Description¶
Kubernetes Web UI (Dashboard) should be disabled when running on Kubernetes Engine
Documentation
Code samples¶
Code samples with security vulnerabilities¶
Positive test num. 1 - tf file
resource "google_container_cluster" "positive1" {
name = "marcellus-wallace"
location = "us-central1-a"
initial_node_count = 3
addons_config {
kubernetes_dashboard {
disabled = false
}
}
}
Positive test num. 2 - tf file
resource "google_container_cluster" "positive2" {
name = "marcellus-wallace"
location = "us-central1-a"
initial_node_count = 3
min_master_version = "1.8.12-gke.2" # gke version lower than 1.10
}
Positive test num. 3 - tf file
resource "google_container_cluster" "positive3" {
name = "marcellus-wallace"
location = "us-central1-a"
initial_node_count = 3
min_master_version = "1.8.12-gke.2" # gke version lower than 1.10
addons_config {}
}
Positive test num. 4 - tf file
Positive test num. 5 - tf file
Code samples without security vulnerabilities¶
Negative test num. 1 - tf file
resource "google_container_cluster" "negative1" {
name = "marcellus-wallace"
location = "us-central1-a"
initial_node_count = 3
}
Negative test num. 2 - tf file
resource "google_container_cluster" "negative2" {
name = "marcellus-wallace"
location = "us-central1-a"
initial_node_count = 3
addons_config {}
}
Negative test num. 3 - tf file
resource "google_container_cluster" "negative3" {
name = "marcellus-wallace"
location = "us-central1-a"
initial_node_count = 3
addons_config {
kubernetes_dashboard {
disabled = true
}
}
}