Skip to content

Kubernetes Dashboard Helm Chart

The Kubernetes Dashboard Helm Chart facilitates the deployment of the Kubernetes Dashboard onto a Kubernetes cluster using the Helm package manager^[400-devops__06-Kubernetes__devops-helm__terraform-helm__helm__README.md]. The Kubernetes Dashboard itself is a general-purpose, web-based UI designed to manage and troubleshoot applications running in the cluster, as well as manage the cluster resources^[400-devops__06-Kubernetes__devops-helm__terraform-helm__helm__README.md].

Installation

To deploy the chart, users must first add the official Kubernetes Dashboard repository to Helm^[400-devops__06-Kubernetes__devops-helm__terraform-helm__helm__README.md]. The chart can then be installed using a specific release name.

helm repo add kubernetes-dashboard https://kubernetes.github.io/dashboard/
helm install kubernetes-dashboard/kubernetes-dashboard --name my-release

This command deploys the dashboard with the default configuration^[400-devops__06-Kubernetes__devops-helm__terraform-helm__helm__README.md].

Access and Networking

By default, the chart exposes the dashboard via a ClusterIP service on port 443^[400-devops__06-Kubernetes__devops-helm__terraform-helm__helm__README.md].

Kubectl Proxy Compatibility

When accessing the dashboard via kubectl proxy, the address localhost:8001/ui redirects to a specific proxy URL that assumes the Service name is kubernetes-dashboard^[400-devops__06-Kubernetes__devops-helm__terraform-helm__helm__README.md].

If a custom Helm release name is used, the resulting Service name will differ, causing the redirect to fail unless the fullnameOverride value is explicitly set to kubernetes-dashboard^[400-devops__06-Kubernetes__devops-helm__terraform-helm__helm__README.md].

Ingress

The chart supports Ingress configuration. By default, the Ingress is disabled, but it can be enabled to expose the dashboard via HTTP/HTTPS hosts^[400-devops__06-Kubernetes__devops-helm__terraform-helm__helm__README.md]. If the protocolHttp setting is not enabled (meaning HTTPS is used), the chart automatically applies annotations to support HTTPS backends for nginx-ingress and GKE Ingress controllers^[400-devops__06-Kubernetes__devops-helm__terraform-helm__helm__README.md].

Configuration

The chart is highly configurable via Helm values. Some of the primary configurable parameters include^[400-devops__06-Kubernetes__devops-helm__terraform-helm__helm__README.md]:

  • Image: Defaults to kubernetesui/dashboard:v2.0.1^[400-devops__06-Kubernetes__devops-helm__terraform-helm__helm__README.md].
  • Protocol: protocolHttp (default: false) allows switching the backend to plain HTTP^[400-devops__06-Kubernetes__devops-helm__terraform-helm__helm__README.md].
  • Metrics Scraper: metricsScraper.enabled (default: false) toggles the sidecar container that retrieves metrics^[400-devops__06-Kubernetes__devops-helm__terraform-helm__helm__README.md].
  • Resources: Default requests are set to 100m CPU and 100Mi memory, with limits at 2 CPUs and 100Mi memory^[400-devops__06-Kubernetes__devops-helm__terraform-helm__helm__README.md].

Security and RBAC

Access Control: It is critical to correctly set up access control, ideally using [[RBAC]] with minimal privileges^[400-devops__06-Kubernetes__devops-helm__terraform-helm__helm__README.md].

Upgrading from v1.x.x: Version 2.0.0 of the chart introduced significant security changes. The dangerous clusterAdminRole parameter was removed, and ServiceAccounts no longer have permission to create secrets^[400-devops__06-Kubernetes__devops-helm__terraform-helm__helm__README.md]. Parameters like enableSkipLogin and enableInsecureLogin were removed in favor of extraEnv^[400-devops__06-Kubernetes__devops-helm__terraform-helm__helm__README.md]. Upgrading requires uninstalling the old release and installing the new one with the updated configuration^[400-devops__06-Kubernetes__devops-helm__terraform-helm__helm__README.md].

Container Security: The chart applies a default containerSecurityContext that runs as a non-root user (UID 1001, GID 2001), prevents privilege escalation, and enforces a read-only root filesystem^[400-devops__06-Kubernetes__devops-helm__terraform-helm__helm__README.md].

Sources