Kubeapps is a web-based UI for deploying and managing applications in Kubernetes clusters. Kubeapps allows you to:
- Browse and deploy Helm charts from chart repositories
- Inspect, upgrade and delete Helm-based applications installed in the cluster
- Add custom and private chart repositories (supports ChartMuseum and JFrog Artifactory)
- Browse and provision external services from the Service Catalog and available Service Brokers
- Connect Helm-based applications to external services with Service Catalog Bindings
- Secure authentication and authorization based on Kubernetes Role-Based Access Control
helm repo add bitnami https://charts.bitnami.com/bitnami
helm install --name kubeapps --namespace kubeapps bitnami/kubeapps
This chart bootstraps a Kubeapps deployment on a Kubernetes cluster using the Helm package manager.
It also packages the Bitnami MongoDB chart which is required for bootstrapping a MongoDB deployment for the database requirements of the Kubeapps application.
- Kubernetes 1.8+ (tested with Azure Kubernetes Service, Google Kubernetes Engine, minikube and Docker for Desktop Kubernetes)
- Helm 2.9.1+
- PV provisioner support in the underlying infrastructure
- Administrative access to the cluster to create and update RBAC ClusterRoles
To install the chart with the release name kubeapps
:
$ helm repo add bitnami https://charts.bitnami.com/bitnami
$ helm install --name kubeapps --namespace kubeapps bitnami/kubeapps
IMPORTANT This assumes an insecure Helm installation, which is not recommended in production. See the documentation to learn how to secure Helm and Kubeapps in production.
The command deploys Kubeapps on the Kubernetes cluster in the kubeapps
namespace. The configuration section lists the parameters that can be configured during installation.
Tip: List all releases using
helm list
To upgrade Kubeapps, first ensure you have the updated your local chart repository cache:
$ helm repo update
Now upgrade Kubeapps:
$ export RELEASE_NAME=kubeapps
$ export NAMESPACE=kubeapps
$ export MONGODB_ROOT_PASSWORD=$(kubectl get secret --namespace $NAMESPACE $RELEASE_NAME-mongodb -o jsonpath="{.data.mongodb-root-password}" | base64 --decode)
$ helm upgrade $RELEASE_NAME bitnami/kubeapps --set mongodb.mongodbRootPassword=$MONGODB_ROOT_PASSWORD
The above commands ensure the MongoDB password is set to the existing password and not regenerated by the chart.
To uninstall/delete the kubeapps
deployment:
$ helm delete --purge kubeapps
The command removes all the Kubernetes components associated with the chart and deletes the release.
For a full list of configuration parameters of the Kubeapps chart, see the values.yaml file.
Specify each parameter using the --set key=value[,key=value]
argument to helm install
. For example,
$ helm install --name kubeapps --namespace kubeapps \
--set chartsvc.service.port=9090 \
bitnami/kubeapps
The above command sets the port for the chartsvc Service to 9090.
Alternatively, a YAML file that specifies the values for parameters can be provided while installing the chart. For example,
$ helm install --name kubeapps --namespace kubeapps -f custom-values.yaml bitnami/kubeapps
By default, Kubeapps will track the community Helm charts and the Kubernetes Service Catalog charts. To change these defaults, override the apprepository.initialRepos
object:
$ cat > custom-values.yaml <<EOF
apprepository:
initialRepos:
- name: example
url: https://charts.example.com
EOF
$ helm install --name kubeapps --namespace kubeapps bitnami/kubeapps -f custom-values.yaml
By default, Kubeapps connects to the Tiller Service in the kube-system
namespace, the default install location for Helm.
If your instance of Tiller is running in a different namespace or you want to have different instances of Kubeapps connected to different Tiller instances, you can achieve it by setting tillerProxy.host
:
helm install \
--set tillerProxy.host=tiller-deploy.my-custom-namespace:44134 \
bitnami/kubeapps
In production, we strongly recommend setting up a secure installation of Tiller, the Helm server side component.
In this case, set the following values to configure TLS:
helm install \
--tls --tls-ca-cert ca.cert.pem --tls-cert helm.cert.pem --tls-key helm.key.pem \
--set tillerProxy.tls.verify=true \
--set tillerProxy.tls.ca="$(cat ca.cert.pem)" \
--set tillerProxy.tls.key="$(cat helm.key.pem)" \
--set tillerProxy.tls.cert="$(cat helm.cert.pem)" \
bitnami/kubeapps
Learn more about how to secure your Kubeapps installation here.
The simplest way to expose the Kubeapps Dashboard is to assign a LoadBalancer type to the Kubeapps frontend Service. For example:
$ helm install --name kubeapps --namespace kubeapps bitnami/kubeapps --set frontend.service.type=LoadBalancer
Wait for your cluster to assign a LoadBalancer IP or Hostname to the kubeapps
Service and access it on that address:
$ kubectl get services --namespace kubeapps --watch
This chart provides support for ingress resources. If you have an ingress controller installed on your cluster, such as nginx-ingress or traefik you can utilize the ingress controller to expose Kubeapps.
To enable ingress integration, please set ingress.enabled
to true
Most likely you will only want to have one hostname that maps to this Kubeapps installation, however, it is possible to have more than one host. To facilitate this, the ingress.hosts
object is an array.
For annotations, please see this document. Not all annotations are supported by all ingress controllers, but this document does a good job of indicating which annotation is supported by many popular ingress controllers. Annotations can be set using ingress.annotations
.
TLS can be configured using the ingress.tls
object in the same format that the Kubernetes Ingress requests. Please see this example for more information.
If during installation you run into an error similar to:
Error: release kubeapps failed: clusterroles.rbac.authorization.k8s.io "kubeapps-apprepository-controller" is forbidden: attempt to grant extra privileges: [{[get] [batch] [cronjobs] [] []...
It is possible that your cluster does not have Role Based Access Control (RBAC) fully configured. In which case you should perform the chart installation by setting rbac.create=false
:
$ helm install --name kubeapps --namespace kubeapps bitnami/kubeapps --set rbac.create=false