Dashboard container accepts multiple arguments that can be used to customize it a bit. In example we are using --auto-generate-certificates
flag in our recommended setup YAML files to pass certificates to Dashboard.
Argument name | Default value | Description |
---|---|---|
insecure-port | 9090 | The port to listen to for incoming HTTP requests. |
port | 8443 | The secure port to listen to for incoming HTTPS requests. |
insecure-bind-address | 127.0.0.1 | The IP address on which to serve the --insecure-port (set to 127.0.0.1 for all interfaces). |
bind-address | 0.0.0.0 | The IP address on which to serve the --port (set to 0.0.0.0 for all interfaces). |
default-cert-dir | /certs | Directory path containing --tls-cert-file and --tls-key-file files. Used also when auto-generating certificates flag is set. Relative to the container, not the host. |
tls-cert-file | - | File containing the default x509 Certificate for HTTPS. |
tls-key-file | - | File containing the default x509 private key matching --tls-cert-file. |
auto-generate-certificates | false | When set to true, Dashboard will automatically generate certificates used to serve HTTPS. |
apiserver-host | - | The address of the Kubernetes Apiserver to connect to in the format of protocol://address:port, e.g., http://localhost:8080. If not specified, the assumption is that the binary runs inside a Kubernetes cluster and local discovery is attempted. |
api-log-level | INFO | Level of API request logging. Should be one of 'INFO|NONE|DEBUG'. |
heapster-host | - | The address of the Heapster Apiserver to connect to in the format of protocol://address:port, e.g., http://localhost:8082. If not specified, the assumption is that the binary runs inside a Kubernetes cluster and service proxy will be used. |
sidecar-host | - | The address of the Sidecar Apiserver to connect to in the format of protocol://address:port, e.g., http://localhost:8000. If not specified, the assumption is that the binary runs inside a Kubernetes cluster and service proxy will be used. |
metrics-provider | sidecar | Select provider type for metrics. 'none' will not check metrics. |
metric-client-check-period | 30 | Time in seconds that defines how often configured metric client health check should be run. |
kubeconfig | - | Path to kubeconfig file with authorization and master location information. |
namespace | kube-system | When non-default namespace is used, create encryption key in the specified namespace. |
token-ttl | 900 | Expiration time (in seconds) of JWE tokens generated by dashboard. '0' never expires. |
authentication-mode | token | Enables authentication options that will be reflected on login screen. Supported values: token, basic. Note that basic option should only be used if apiserver has '--authorization-mode=ABAC' and '--basic-auth-file' flags set. |
enable-insecure-login | false | When enabled, Dashboard login view will also be shown when Dashboard is not served over HTTPS. |
enable-skip-login | false | When enabled, the skip button on the login page will be shown. |
disable-settings-authorizer | false | When enabled, Dashboard settings page will not require user to be logged in and authorized to access settings page. |
locale-config | ./locale_conf.json | File containing the configuration of locales. |
system-banner | - | When non-empty displays message to Dashboard users. Accepts simple HTML tags. |
system-banner-severity | INFO | Severity of system banner. Should be one of 'INFO|WARNING|ERROR'. |
Copyright 2019 The Kubernetes Dashboard Authors