Skip to content

Latest commit

 

History

History
162 lines (105 loc) · 11.3 KB

README.aspire-dashboard.md

File metadata and controls

162 lines (105 loc) · 11.3 KB

.NET Aspire Dashboard

Featured Tags

  • 8.2
    • docker pull mcr.microsoft.com/dotnet/aspire-dashboard:8.2

About

This image contains the .NET Aspire Dashboard.

Watch discussions for Docker-related .NET announcements.

Usage

The .NET Aspire Dashboard is a browser-based app to view run-time information about your distributed application.

The dashboard shows:

  • Resources that make up your app, such as .NET projects, executables and containers.
  • Live console logs of resources.
  • Live telemetry, such as structured logs, traces and metrics.

Configuration

The dashboard must be configured when it is started. The configuration is done via environment variables. The following environment variables are supported:

  • ASPNETCORE_URLS specifies one or more HTTP endpoints through which the dashboard frontend is served. The frontend endpoint is used to view the dashboard in a browser. Defaults to http://localhost:18888.
  • DOTNET_DASHBOARD_OTLP_ENDPOINT_URL specifies the OTLP/gRPC endpoint. This endpoint hosts an OTLP service and receives telemetry using gRPC. When the dashboard is launched by the .NET Aspire app host this address is secured with HTTPS. Securing the dashboard with HTTPS is recommended. Defaults to http://localhost:18889.
  • DOTNET_DASHBOARD_OTLP_HTTP_ENDPOINT_URL specifies the OTLP/HTTP endpoint. This endpoint hosts an OTLP service and receives telemetry using Protobuf over HTTP. Defaults to http://localhost:18890.
  • DOTNET_DASHBOARD_UNSECURED_ALLOW_ANONYMOUS specifies the dashboard doesn't use authentication and accepts anonymous access. This setting is a shortcut to configuring Dashboard:Frontend:AuthMode and Dashboard:Otlp:AuthMode to Unsecured.
  • DOTNET_DASHBOARD_CONFIG_FILE_PATH specifies the path for an optional JSON configuration file.

Frontend authentication

The dashboard's frontend supports OpenID Connect (OIDC). Set Dashboard__Frontend__AuthMode to OpenIdConnect, then add the following configuration:

  • Authentication__Schemes__OpenIdConnect__Authority — URL to the identity provider (IdP)
  • Authentication__Schemes__OpenIdConnect__ClientId — Identity of the relying party (RP)
  • Authentication__Schemes__OpenIdConnect__ClientSecret— A secret that only the real RP would know
  • Other properties of OpenIdConnectOptions specified in configuration container Authentication__Schemes__OpenIdConnect__*

It may also be run unsecured. Set Dashboard__Frontend__AuthMode to Unsecured. The frontend endpoint will allow anonymous access. This setting is used during local development, but is not recommended if you attempt to host the dashboard in other settings.

OTLP authentication

The OTLP endpoint can be secured with client certificate or API key authentication.

For client certification authentication, set Dashboard__Otlp__AuthMode to Certificate.

For API key authentication, set Dashboard__Otlp__AuthMode to ApiKey, then add the following configuration:

  • Dashboard__Otlp__PrimaryApiKey specifies the primary API key. (required, string)
  • Dashboard__Otlp__SecondaryApiKey specifies the secondary API key. (optional, string)

It may also be run unsecured. Set Dashboard__Otlp__AuthMode to Unsecured. The OTLP endpoint will allow anonymous access. This setting is used during local development, but is not recommended if you attempt to host the dashboard in other settings.

Resources

  • Dashboard__ResourceServiceClient__Url specifies the gRPC endpoint to which the dashboard connects for its data. There's no default. If this variable is unspecified, the dashboard shows OTEL data but no resource list or console logs.

The resource service client supports certificates. Set Dashboard__ResourceServiceClient__AuthMode to Certificate, then add the following configuration:

  • Dashboard__ResourceServiceClient__ClientCertificate__Source (required) one of:
    • File to load the cert from a file path, configured with:
      • Dashboard__ResourceServiceClient__ClientCertificate__FilePath (required, string)
      • Dashboard__ResourceServiceClient__ClientCertificate__Password (optional, string)
    • KeyStore to load the cert from a key store, configured with:
      • Dashboard__ResourceServiceClient__ClientCertificate__Subject (required, string)
      • Dashboard__ResourceServiceClient__ClientCertificate__Store (optional, StoreName, defaults to My)
      • Dashboard__ResourceServiceClient__ClientCertificate__Location (optional, StoreLocation, defaults to CurrentUser)

To opt-out of authentication, set Dashboard__ResourceServiceClient__AuthMode to Unsecured. This completely disables all security for the resource service client. This setting is used during local development, but is not recommended if you attempt to host the dashboard in other settings.

Telemetry Limits

Telemetry is stored in-memory. To avoid excessive memory usage, the dashboard has limits on the count and size of stored telemetry. When a count limit is reached, new telemetry is added, and the oldest telemetry is removed. When a size limit is reached, data is truncated to the limit.

  • Dashboard__TelemetryLimits__MaxLogCount specifies the maximum number of log entries. Defaults to 10,000.
  • Dashboard__TelemetryLimits__MaxTraceCount specifies the maximum number of traces. Defaults to 10,000.
  • Dashboard__TelemetryLimits__MaxMetricsCount specifies the maximum number of metric data points. Defaults to 50,000.
  • Dashboard__TelemetryLimits__MaxAttributeCount specifies the maximum number of attributes on telemetry. Defaults to 128.
  • Dashboard__TelemetryLimits__MaxAttributeLength specifies the maximum length of attributes. Defaults to unlimited.
  • Dashboard__TelemetryLimits__MaxSpanEventCount specifies the maximum number of events on span attributes. Defaults to unlimited.

Limits are per-resource. For example, a MaxLogCount value of 10,000 configures the dashboard to store up to 10,000 log entries per-resource.

Other

  • Dashboard__ApplicationName specifies the application name to be displayed in the UI. This applies only when no resource service URL is specified. When a resource service exists, the service specifies the application name.

Related Repositories

.NET:

.NET Framework:

Full Tag Listing

Linux amd64 Tags

Tags Dockerfile OS Version
8.2.1, 8.2, 8, latest Dockerfile CBL-Mariner 2.0

Linux arm64 Tags

Tags Dockerfile OS Version
8.2.1, 8.2, 8, latest Dockerfile CBL-Mariner 2.0

Tags not listed in the table above are not supported. See the Supported Tags Policy. See the full list of tags for all supported and unsupported tags.

Support

Lifecycle

Image Update Policy

  • Base Image Updates: Images are re-built within 12 hours of any updates to their base images (e.g. debian:bookworm-slim, windows/nanoserver:ltsc2022, etc.).
  • .NET Releases: Images are re-built as part of releasing new .NET versions. This includes new major versions, minor versions, and servicing releases.
  • Critical CVEs: Images are re-built to pick up critical CVE fixes as described by the CVE Update Policy below.
  • Monthly Re-builds: Images are re-built monthly, typically on the second Tuesday of the month, in order to pick up lower-severity CVE fixes.
  • Out-Of-Band Updates: Images can sometimes be re-built when out-of-band updates are necessary to address critical issues. If this happens, new fixed version tags will be updated according to the Fixed version tags documentation.

CVE Update Policy

.NET container images are regularly monitored for the presence of CVEs. A given image will be rebuilt to pick up fixes for a CVE when:

  • We detect the image contains a CVE with a CVSS score of "Critical"
  • AND the CVE is in a package that is added in our Dockerfile layers (meaning the CVE is in a package we explicitly install or any transitive dependencies of those packages)
  • AND there is a CVE fix for the package available in the affected base image's package repository.

Please refer to the Security Policy and Container Vulnerability Workflow for more detail about what to do when a CVE is encountered in a .NET image.

Feedback

License