Back to all scenarios
Scenario #204
Security
K8s v1.20, GKE

Exposed Kubernetes Dashboard Due to Misconfigured Ingress

The Kubernetes dashboard was exposed to the public internet due to a misconfigured Ingress resource.

Find this helpful?
What Happened

The Ingress resource for the Kubernetes dashboard was incorrectly set up to allow external traffic from all IPs, making the dashboard accessible without authentication.

Diagnosis Steps
  • 1Used kubectl describe ingress to inspect the Ingress resource configuration.
  • 2Found that the Ingress had no restrictions on IP addresses, allowing anyone with the URL to access the dashboard.
Root Cause

Misconfigured Ingress resource with open access to the Kubernetes dashboard.

Fix/Workaround
• Updated the Ingress resource to restrict access to specific IP addresses or require authentication for access.
• Re-applied the updated configuration and tested access controls.
Lessons Learned

Always secure the Kubernetes dashboard by restricting access to trusted IPs or requiring strong authentication.

How to Avoid
  • 1Apply strict network policies or use ingress controllers with authentication for access to the Kubernetes dashboard.
  • 2Regularly review Ingress resources for security misconfigurations.
Previous ScenarioNext Scenario