Quick Start¶
Get Velero Dashboard running in your Kubernetes cluster with Helm.
Prerequisites¶
Before you begin, ensure you have:
- Kubernetes cluster with Velero installed
- Helm 3.x installed
- kubectl configured with cluster access
- (Optional) OIDC Provider like Dex, Keycloak, or Auth0
1. Login to Helm Registry¶
2. Create Values File¶
Create values.yaml with your configuration:
global:
domain: "velerodash.example.com"
dashboard:
# License (required)
license:
licenseData: |
{
"algo": "Ed25519",
"payload": {
"license_id": "your-license-id",
"customer": "Your Company",
"issued_at": "2025-01-01T00:00:00Z",
"expires_at": "2026-01-01T00:00:00Z",
"features": ["pro"]
},
"signature": "your-license-signature"
}
# Cluster configuration
clusters: |
clusters:
- name: production
description: Production Kubernetes Cluster
environment: production
velero_namespace: velero
auth_method: kubeconfig
kubeconfig_path: /etc/kubeconfig/production.yaml
is_active: true
# RBAC permissions (Casbin policy format)
permissions: |
p, velero.admin, *, *, .*
g, admin, velero.admin
# Dex OIDC Provider
dex:
enabled: true
config:
staticPasswords:
- email: "admin@example.com"
# Password: "admin" - generate with: htpasswd -nbBC 10 admin yourpassword | cut -d: -f2
hash: "$2y$10$0t4vrdQDaMu2W0wAz5R3DOqzxUSf1o1x53wuwkIxm6bcr8jOY85SS"
username: "admin"
userID: "08a8684b-db88-4b73-90a9-3cd1661f5466"
groups:
- "admin"
# Ingress
ingress:
enabled: true
className: "nginx"
annotations:
cert-manager.io/cluster-issuer: "letsencrypt-prod"
tls:
- secretName: velerodash-tls
hosts:
- velerodash.example.com
3. Install¶
helm install velerodash oci://registry.velerodash.com/release/velerodash \
--version 1.0.0 \
-f values.yaml \
--namespace velerodash \
--create-namespace
4. Verify Installation¶
Generate Dex Password Hash¶
To create your own password for Dex static users:
# Using htpasswd (recommended)
htpasswd -nbBC 10 admin yourpassword | cut -d: -f2
# Or using Python
pip install bcrypt
python -c "import bcrypt; print(bcrypt.hashpw(b'your-password', bcrypt.gensalt()).decode())"
First Login¶
- Navigate to your dashboard URL
- Click "Login with OIDC"
- Enter your credentials (Dex static user or your OIDC provider credentials)
- You'll be redirected to the dashboard
First-Time Setup
Make sure your user/group is mapped in the permissions section of your values file, otherwise you won't have any permissions!
Next Steps¶
Now that you're up and running:
Troubleshooting¶
Cannot Connect to Cluster¶
Problem: "Failed to connect to cluster" error
Solutions: - Verify kubeconfig path is correct - Check API server URL is reachable - Ensure service account token has proper permissions - Verify Velero is installed in the cluster
OIDC Authentication Fails¶
Problem: Authentication redirects fail or timeout
Solutions:
- Check OIDC_DISCOVERY_URL is correct and reachable
- Verify redirect URI matches in OIDC provider config
- Enable Dex proxy if having CORS issues: USE_DEX_PROXY=True
- Check logs: kubectl logs -n velerodash -l app.kubernetes.io/name=velerodash
No Permissions After Login¶
Problem: "Access Denied" on all pages
Solutions:
- Check your username/group is mapped in the permissions section of your values file
- Verify the Casbin policy syntax is correct
- Ensure the group from your OIDC token matches the group in the policy
- Check your username on the profile page matches what's in the policy
For more help, see the Troubleshooting Guide.