Cyscale
Back to controls

Ensure Kubernetes web UI / Dashboard is disabled

Dashboard is a web-based Kubernetes user interface. You can use Dashboard to deploy containerized applications to a Kubernetes cluster, troubleshoot your containerized application, and manage the cluster itself along with its attendant resources. You can use Dashboard to get an overview of applications running on your cluster, as well as for creating or modifying individual Kubernetes resources (such as Deployments, Jobs, DaemonSets, etc). For example, you can scale a Deployment, initiate a rolling update, restart a pod or deploy new applications using a deploy wizard.

Category

Controls

High

Applies to

Google Cloud

Coverage

1 queries

Asset types

1 covered

Overview

Dashboard is a web-based Kubernetes user interface. You can use Dashboard to deploy containerized applications to a Kubernetes cluster, troubleshoot your containerized application, and manage the cluster itself along with its attendant resources. You can use Dashboard to get an overview of applications running on your cluster, as well as for creating or modifying individual Kubernetes resources (such as Deployments, Jobs, DaemonSets, etc). For example, you can scale a Deployment, initiate a rolling update, restart a pod or deploy new applications using a deploy wizard.

Rationale

You should disable the Kubernetes Web UI (Dashboard) when running on Kubernetes Engine. The Kubernetes Web UI (Dashboard) is backed by a highly privileged Kubernetes Service Account.

Remediation guidance

From Console

  1. Go to Kubernetes Engine.
  2. Go to Kubernetes clusters.
  3. For every Kubernetes cluster click on edit.
  4. Click on Add-ons.
  5. Select Disabled from dropdown of Kubernetes dashboard.

Using Command line

To disable the Kubernetes Web UI:

gcloud container clusters update \[CLUSTER_NAME\] --update-addons=KubernetesDashboard=DISABLED --zone \[ZONE\]

Default Value

The Kubernetes web UI (Dashboard) does not have admin access by default in Kubernetes Engine 1.7 and higher. The Kubernetes web UI is disabled by default in Kubernetes Engine 1.10 and higher.

References

  1. https://cloud.google.com/kubernetes-engine/docs/how-to/hardening-your-cluster

Service-wide remediation

Recommended when many resources are affected: fix the platform baseline first so new resources inherit the secure setting, then remediate the existing flagged resources in batches.

Google Cloud

Use organization or folder policies where available, shared project templates, logs and alerting baselines, and IaC modules so new resources inherit the secure setting.

Operational rollout

  1. Fix the baseline first at the account, subscription, project, cluster, or tenant scope that owns this control.
  2. Remediate the currently affected resources in batches, starting with internet-exposed and production assets.
  3. Re-scan and track approved exceptions with an owner and expiry date.

Query logic

These are the stored checks tied to this control.

Kubernetes web UI / Dashboard is disabled

Connectors

Google Cloud

Covered asset types

Cluster

Expected check: eq []

gkeClusters(where:{kubernetesDashboardDisabled:false}){...AssetFragment}
Cyscale Logo
Cyscale is an agentless cloud-native application protection platform (CNAPP) that automates the contextual analysis of cloud misconfigurations, vulnerabilities, access, and data, to provide an accurate and actionable assessment of risk.

Stay connected

Receive new blog posts and product updates from Cyscale

By clicking Subscribe, I agree to Cyscale’s Privacy Policy

© 2026 Cyscale Limited

© 2026 Cyscale Limited

Terms of useSecurity PolicyPrivacy PolicyStatusSitemap
Terms of useSecurity PolicyPrivacy Policy
StatusSitemap
LinkedIn icon
Twitter icon
Facebook icon
crunch base icon
angel icon