K8s Security Bit by Bit #9: Securing K8s Dashboard

Why securing the K8s dashboard is significant to minimize the attack surface?

Topics discussed in this post

• Some facts about the K8s dashboard
• Authentication and Authorization to K8s dashboard

Some facts about the K8s dashboard

• K8s dashboard not only provides an overview of the cluster but also operations like creating, updating, and deleting the K8s objects can be performed.
• K8s dashboard is not enabled by default. The below command creates the K8s objects required for running the dashboard:

Download and deploys K8s dashbard
# kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v2.7.0/aio/deploy/recommended.yaml

• The above command will create a namespace “kubernetes-dashbaord”. Within this namespace, other components like deployment, service, secretes, etc. that are required for the K8s dashboard are created.

service = kubernetes-dashboard, type = ClusterIP

• The default type of service of “kubernetes-dashbaord” is “ClusterIP”. This implies dashboard service is inaccessible from outside the…