Back to all scenarios
Scenario #221
Security
K8s v1.21, GKE

Unsecured Kubernetes Dashboard

The Kubernetes Dashboard was exposed to the public internet without proper authentication or access controls, allowing unauthorized users to access sensitive cluster information.

Find this helpful?
What Happened

The Kubernetes Dashboard was deployed without proper access control or authentication mechanisms, leaving it open to the internet and allowing unauthorized users to access sensitive cluster data.

Diagnosis Steps
  • 1Checked the Dashboard configuration and found that the kubectl proxy option was used without authentication enabled.
  • 2Verified that the Dashboard was accessible via the internet without any IP restrictions.
Root Cause

The Kubernetes Dashboard was exposed without proper authentication or network restrictions.

Fix/Workaround
• Enabled authentication and RBAC rules for the Kubernetes Dashboard.
• Restricted access to the Dashboard by allowing connections only from trusted IP addresses.
Lessons Learned

Always secure the Kubernetes Dashboard with authentication and limit access using network policies.

How to Avoid
  • 1Configure proper authentication for the Kubernetes Dashboard.
  • 2Use network policies to restrict access to sensitive resources like the Dashboard.
Previous ScenarioNext Scenario