Spectro Kubernetes Dashboard

Spectro Kubernetes Dashboard is a web-based UI for Kubernetes clusters that auto-enables the Kubernetes Dashboard using secure ports and conveniently includes Spectro Proxy. When used with the default settings for access control and Identity Provider (IDP), there is nothing to configure.

We recommend using the pack defaults. Default settings provide best practices for your clusters. Changing the default settings can introduce misconfigurations. Carefully review the changes you make to a pack.

Versions Supported



  • Outbound internet connectivity for port 443 is allowed so that you and your applications can connect with the Spectro Cloud reverse proxy.
  • Users or groups must be mapped to a Kubernetes RBAC role, either a Role or a ClusterRole. You can create a custom role through a manifest and use Palette's roleBinding feature to associate the users or groups with the role. Refer to the Create a Role Binding guide to learn more.


The Spectro Kubernetes Dashboard supports the following parameters.

User Selections

These settings are also included in the manifest as access and identityProvider parameters.

AccessControls cluster access. Private access means that nodes and pods are isolated from the internet.Private
Identity ProviderYou can use Palette as the IDP or a third-party application as the IDP.Palette

Internal Manifest Parameters

namespaceThe Kubernetes namespace to install the dashboard.kubernetes-dashboard
ClusterRoleThe ClusterRole to assign to the Kubernetes Dashboard.read-only
certDurationSelf-signed certificate duration in hours.8760h (365d)
certRenewalSelf-signed certificate renewal in hours720h (30d)
enableInsecureLoginRBAC ensures secure login.false
serviceTypeThe service type for the dashboard. Supported values are ClusterIP, LoadBalancer, and NodePort.ClusterIP
skipLoginEnables or disables the skip login option on the dashboard.false
enableInsecureLoginEnables non-Secure Sockets Layer (SSL) login. Dashboard login is always restricted to HTTP(S) + localhost or HTTPS and external domain.false
ingress.enabledIngress configuration to access the ClusterIP, loadBalancer, or nodePort.false


To use the Spectro Kubernetes Dashboard pack, you have to add it to your cluster profile. Spectro Kubernetes Dashboard supports the following clouds:

  • Amazon Web Services (AWS)
  • Amazon Elastic Kubernetes Service (EKS)
  • Canonical Metal as a Service (MAAS)
  • Google Cloud Platform (GCP)
  • Microsoft Azure
  • OpenStack
  • VMware vSphere

Spectro Kubernetes Dashboard has the following default settings for Access and Identity Provider. Changing these default settings may require some additional configuration.


The default setting is Private. When Access is set to Private, the latest version of the Spectro Proxy pack is included with Spectro Kubernetes Dashboard when you create your cluster profile.

If you change the setting to Public and your cluster is in a public cloud, there is no additional configuration.

However, if you change Access to Public and your cluster is in a private cloud, you have to manually add and configure the Spectro Proxy pack to your cluster profile. For more information, refer to the Spectro Proxy guide.

Identity Provider

All IDP options below require you to map a set of users or groups to a Kubernetes RBAC role. There are two options you can use to get started with the Kubernetes Dashboard and an IDP.

  • You can create a custom role by using a manifest file in your cluster profile and specifying the creation of a Role or ClusterRole. You can also specify the roleBinding in the same manifest file.
  • Alternatively, you can use the default Kubernetes cluster roles that are available and create a roleBinding for a set of users or groups. As an example, you could assign yourself or another user a roleBinding to the role view or cluster-admin. By assigning yourself or your users one of the default Kubernetes roles, you will be able to view resources in the Kubernetes Dashboard. Use the Create a Role Binding guide to learn more.

The two options presented above displayed in a diagram

Selecting Identity Provider

The default setting is Palette.

  • Palette: This setting makes Palette the IDP, so any user with a Palette account in the tenant and the proper permissions to view and access the project's resources can log into the Kubernetes dashboard.
  • Inherit from Organization: This setting requires you to configure OpenID Connect (OIDC) in Tenant Settings. In Tenant Admin scope, navigate to Tenant Settings > SSO, choose OIDC, and provide your third-party IDP details. For more information, check out the SSO Setup guide.

  • None: This setting requires you to configure OIDC manually in the Kubernetes pack.

Manually Configure OIDC

You only need to configure OIDC manually if you change the Identity Provider setting to None. The basic method to enable OIDC can be used for all cloud services except Amazon EKS.

Follow the steps in the Use RBAC With OIDC guide.


You can reference the Spectro Proxy pack in Terraform with a data resource.

data "spectrocloud_registry" "public_registry" {
name = "Public Repo"
data "spectrocloud_pack_simple" "k8s-dashboard" {
name = "spectro-k8s-dashboard"
version = "2.7.0"
type = "helm"
registry_uid = data.spectrocloud_registry.public_registry.id