Comment on page
Disable Kubernetes dashboard
org.openrewrite.terraform.azure.DisableKubernetesDashboard
Disabling the dashboard eliminates it as an attack vector. The dashboard add-on is disabled by default for all new clusters created on Kubernetes 1.18 or greater.
- Azure
- terraform
- CKV_AZURE_8
- groupId: org.openrewrite.recipe
- artifactId: rewrite-terraform
- version: 2.0.6
This recipe has no required configuration options. It can be activated by adding a dependency on
org.openrewrite.recipe:rewrite-terraform:2.0.6 in your build file or by running a shell command (in which case no build changes are needed):Gradle
Gradle init script
Maven POM
Maven Command Line
Moderne CLI
- 1.Add the following to your
build.gradlefile:
build.gradle
plugins {
id("org.openrewrite.rewrite") version("6.5.6")
}
rewrite {
activeRecipe("org.openrewrite.terraform.azure.DisableKubernetesDashboard")
}
repositories {
mavenCentral()
}
dependencies {
rewrite("org.openrewrite.recipe:rewrite-terraform:2.0.6")
}
- 2.Run
gradle rewriteRunto run the recipe.
- 1.Create a file named
init.gradlein the root of your project.
init.gradle
initscript {
repositories {
maven { url "https://plugins.gradle.org/m2" }
}
dependencies { classpath("org.openrewrite:plugin:6.5.6") }
}
rootProject {
plugins.apply(org.openrewrite.gradle.RewritePlugin)
dependencies {
rewrite("org.openrewrite.recipe:rewrite-terraform:2.0.6")
}
rewrite {
activeRecipe("org.openrewrite.terraform.azure.DisableKubernetesDashboard")
}
afterEvaluate {
if (repositories.isEmpty()) {
repositories {
mavenCentral()
}
}
}
}
- 2.Run
gradle --init-script init.gradle rewriteRunto run the recipe.
- 1.Add the following to your
pom.xmlfile:
pom.xml
<project>
<build>
<plugins>
<plugin>
<groupId>org.openrewrite.maven</groupId>
<artifactId>rewrite-maven-plugin</artifactId>
<version>5.13.0</version>
<configuration>
<activeRecipes>
<recipe>org.openrewrite.terraform.azure.DisableKubernetesDashboard</recipe>
</activeRecipes>
</configuration>
<dependencies>
<dependency>
<groupId>org.openrewrite.recipe</groupId>
<artifactId>rewrite-terraform</artifactId>
<version>2.0.6</version>
</dependency>
</dependencies>
</plugin>
</plugins>
</build>
</project>
- 2.Run
mvn rewrite:runto run the recipe.
shell
mvn -U org.openrewrite.maven:rewrite-maven-plugin:run \
-Drewrite.recipeArtifactCoordinates=org.openrewrite.recipe:rewrite-terraform:RELEASE \
-Drewrite.activeRecipes=org.openrewrite.terraform.azure.DisableKubernetesDashboard
You will need to have configured the Moderne CLI on your machine before you can run the following command.
shell
mod run . --recipe DisableKubernetesDashboard
Recipe List
Yaml Recipe List
- resourceName:
azurerm_kubernetes_cluster - content:
addon_profile { kube_dashboard { enabled = false } }
---
type: specs.openrewrite.org/v1beta/recipe
name: org.openrewrite.terraform.azure.DisableKubernetesDashboard
displayName: Disable Kubernetes dashboard
description: Disabling the dashboard eliminates it as an attack vector. The dashboard add-on is disabled by default for all new clusters created on Kubernetes 1.18 or greater.
tags:
- Azure
- terraform
- CKV_AZURE_8
recipeList:
- org.openrewrite.terraform.AddConfiguration:
resourceName: azurerm_kubernetes_cluster
content: addon_profile {
kube_dashboard {
enabled = false
}
}
The community edition of the Moderne platform enables you to easily run recipes across thousands of open-source repositories.
Please contact Moderne for more information about safely running the recipes on your own codebase in a private SaaS.