Introduction
Kubernetes Dashboard is a multi-module web-based UI for managing Kubernetes clusters. The architecture consists of independent, containerized modules that communicate through a Kong API Gateway, providing a scalable and maintainable solution.Architecture Diagram
Core Modules
API Module
Stateless Go module providing Kubernetes API extensions with aggregation, sorting, filtering, and pagination
Auth Module
Authentication module handling secure access to the Kubernetes API
Web Module
Angular-based frontend with Go server for configuration and settings management
Metrics Scraper
Background service that scrapes and stores metrics from Kubernetes Metrics Server
Key Design Principles
Modular Architecture
Each module is independently versioned and deployed as a separate container:- API Module: Extends Kubernetes API functionality
- Auth Module: Handles authentication workflows
- Web Module: Serves the UI and web-specific logic
- Metrics Scraper: Provides time-series metrics data
Stateless Design
The API and Auth modules are designed to be stateless, enabling:- Horizontal scaling
- Easy rolling updates
- High availability
Only the Metrics Scraper maintains state in a local SQLite database for a small time window of metrics.
API Gateway Pattern
Kubernetes Dashboard v7.0+ uses Kong Gateway as a single entry point:- DBless mode: Configuration-driven, no external database required
- Request routing: Routes requests to appropriate backend modules
- TLS termination: Handles HTTPS connections
- Authentication flow: Coordinates with Auth module
Communication Patterns
User Request Flow
- User sends HTTPS request to Kong Gateway
- Kong routes authentication requests to Auth module
- Kong routes API requests to API module based on path (
/api/v1/*) - Kong routes web assets and configuration to Web module
- Backend modules communicate with Kubernetes API Server
- API module fetches metrics from Metrics Scraper when needed
Metrics Collection Flow
Technology Stack
Backend
- Language: Go (version specified in
modules/go.work) - API Framework:
- go-restful (API module)
- Gin (Auth & Web modules)
- Kubernetes Client: client-go
- Metrics Storage: SQLite (modernc.org/sqlite)
Frontend
- Framework: Angular 16.x
- UI Components: Angular Material 14.x
- Charts: ngx-charts, D3.js
- Terminal: xterm.js
- Build Tool: Angular CLI
Infrastructure
- API Gateway: Kong (DBless mode)
- Container Runtime: Docker
- Deployment: Helm Charts
- Development: Docker Compose, Kind
Module Versioning
Starting with Dashboard v7.0.0, each module is versioned independently using semantic versioning.
api/v1.0.0- API module releaseauth/v1.0.0- Auth module releaseweb/v2.4.5- Web module releasemetrics-scraper/v1.0.0- Metrics Scraper release
Deployment Architecture
Helm-Based Deployment
As of v7.0.0, Kubernetes Dashboard only supports Helm-based installation:Container Communication
All containers communicate through Kubernetes Services:kubernetes-dashboard-kong-proxy- Kong Gateway (external access)kubernetes-dashboard-api- API module (internal)kubernetes-dashboard-auth- Auth module (internal)kubernetes-dashboard-web- Web module (internal)kubernetes-dashboard-metrics-scraper- Metrics Scraper (internal)
Security Architecture
Authentication
The Auth module supports multiple authentication methods:- Token-based: Kubernetes service account tokens
- Kubeconfig: User credentials from kubeconfig file
Authorization
All Kubernetes API calls use the authenticated user’s credentials:- No privilege escalation
- RBAC enforced by Kubernetes API Server
- Dashboard respects user permissions
CSRF Protection
CSRF tokens are generated and validated:- Tokens generated via
/api/v1/csrftoken/{action}endpoint - Required for state-changing operations
- Shared secret between API and Auth modules
Development Environment
Reference:DEVELOPMENT.md in source repository
Local Development
Module Structure
Performance Considerations
API Module Optimizations
- Aggregation: Combines related data (metrics, events) in single responses
- Pagination: Limits response size with
itemsPerPageparameter - Filtering: Server-side filtering reduces data transfer
- Sorting: Server-side sorting for efficient client rendering
Metrics Scraper Optimizations
- Time Window: Stores only recent metrics (configurable duration)
- Auto-culling: Removes old data automatically
- Namespace Filtering: Scrapes only specified namespaces
Next Steps
API Module Details
Explore the API module implementation
Auth Module Details
Learn about authentication mechanisms
Web Module Details
Understand the frontend architecture
Metrics Scraper Details
Deep dive into metrics collection