Spectro Kubernetes Dashboard is a web-based UI for Kubernetes clusters that auto-enables the Kubernetes Dashboard using secure ports and conveniently includes Spectro Proxy. When used with the default settings for access control and Identity Provider (IDP), there is nothing to configure.
We recommend using the pack defaults. Default settings provide best practices for your clusters. Changing the default settings can introduce misconfigurations. Carefully review the changes you make to a pack.
2.7.x
- Outbound internet connectivity for port 443 is allowed so that you and your applications can connect with the Spectro Cloud reverse proxy.
- Users or groups must be mapped to a Kubernetes RBAC role, either a Role or a ClusterRole. You can create a custom role through a manifest and use Palette's roleBinding feature to associate the users or groups with the role. Refer to the Create a Role Binding guide to learn more.
The Spectro Kubernetes Dashboard supports the following parameters.
User Selections
These settings are also included in the manifest as access and identityProvider parameters.
| Parameter | Description | Default |
|---|---|---|
| Access | Controls cluster access. Private access means that nodes and pods are isolated from the internet. | Private |
| Identity Provider | You can use Palette as the IDP or a third-party application as the IDP. | Palette |
Internal Manifest Parameters
| Parameter | Description | Default |
|---|---|---|
| namespace | The Kubernetes namespace to install the dashboard. | kubernetes-dashboard |
| ClusterRole | The ClusterRole to assign to the Kubernetes Dashboard. | read-only |
| certDuration | Self-signed certificate duration in hours. | 8760h (365d) |
| certRenewal | Self-signed certificate renewal in hours | 720h (30d) |
| enableInsecureLogin | RBAC ensures secure login. | false |
| serviceType | The service type for the dashboard. Supported values are ClusterIP, LoadBalancer, and NodePort. | ClusterIP |
| skipLogin | Enables or disables the skip login option on the dashboard. | false |
| enableInsecureLogin | Enables non-Secure Sockets Layer (SSL) login. Dashboard login is always restricted to HTTP(S) + localhost or HTTPS and external domain. | false |
| ingress.enabled | Ingress configuration to access the ClusterIP, loadBalancer, or nodePort. | false |
To use the Spectro Kubernetes Dashboard pack, you have to add it to your cluster profile. Spectro Kubernetes Dashboard supports the following clouds:
- Amazon Web Services (AWS)
- Amazon Elastic Kubernetes Service (EKS)
- Canonical Metal as a Service (MAAS)
- Google Cloud Platform (GCP)
- Microsoft Azure
- OpenStack
- VMware vSphere
Spectro Kubernetes Dashboard has the following default settings for Access and Identity Provider. Changing these default settings may require some additional configuration.
Access
The default setting is Private. When Access is set to Private, the latest version of the Spectro Proxy pack is included with Spectro Kubernetes Dashboard when you create your cluster profile.
If you change the setting to Public and your cluster is in a public cloud, there is no additional configuration.
However, if you change Access to Public and your cluster is in a private cloud, you have to manually add and configure the Spectro Proxy pack to your cluster profile. For more information, refer to the Spectro Proxy guide.
Identity Provider
All IDP options below require you to map a set of users or groups to a Kubernetes RBAC role. There are two options you can use to get started with the Kubernetes Dashboard and an IDP.
- You can create a custom role by using a manifest file in your cluster profile and specifying the creation of a Role or ClusterRole. You can also specify the roleBinding in the same manifest file.
- Alternatively, you can use the default Kubernetes cluster roles that are available and create a roleBinding for a set of users or groups. As an example, you could assign yourself or another user a roleBinding to the role
vieworcluster-admin. By assigning yourself or your users one of the default Kubernetes roles, you will be able to view resources in the Kubernetes Dashboard. Use the Create a Role Binding guide to learn more.
The default setting is Palette.
- Palette: This setting makes Palette the IDP, so any user with a Palette account in the tenant and the proper permissions to view and access the project's resources can log into the Kubernetes dashboard.
Inherit from Organization: This setting requires you to configure OpenID Connect (OIDC) in Tenant Settings. In Tenant Admin scope, navigate to Tenant Settings > SSO, choose OIDC, and provide your third-party IDP details. For more information, check out the SSO Setup guide.
None: This setting requires you to configure OIDC manually in the Kubernetes pack.
You only need to configure OIDC manually if you change the Identity Provider setting to None. The basic method to enable OIDC can be used for all cloud services except Amazon EKS.
Follow the steps in the Use RBAC With OIDC guide.
You can reference the Spectro Proxy pack in Terraform with a data resource.
data "spectrocloud_registry" "public_registry" {name = "Public Repo"}data "spectrocloud_pack_simple" "k8s-dashboard" {name = "spectro-k8s-dashboard"version = "2.7.0"type = "helm"registry_uid = data.spectrocloud_registry.public_registry.id}