Skip to content


KubeApps is a dashboard for helm. You can use KubeApps to deploy and manage your confidential applications. While we expect that most confidential applications will be deployed via the helm CLI, using a dashboard is a convenient way to inspect the running applications and to test new applications.

Deploy and Manage

We provide a catalog with sconeapps, i.e., curated, confidential applications that can be installed with the help of helm or via point and click using KubeApps.

KubeApps provides you with a view of available sconeapps, like this:

SCONE Workflow

You can select an application that you want to start and deploy it as described below.

Deploy a sconeapp

When deploying an application, you can customize its configuration values. For example, for LAS, i.e., the SCONE's local attestation service, you will be able to configure the parameters of the Helm chart that is used to install this application:

SCONE Workflow

Inspecting Applications

KubeApps is a dashboard that can show you all running applications. You can select an application for inspection.

SCONE Workflow

Inspecting LAS

A view of the LAS application that we started above, will look as follows:

SCONE Workflow

Deploying Kubeapps

sconeapps is a private Helm repository. Hence, we need to grant you access and you need a GitHub token to access the sconeapps repo.

Define an environment variable that contains this token:

export GH_TOKEN=...

Use the token to give KubeApps access to the sconeapps repository:

if [ -z "$GH_TOKEN" ] ; then
  echo "You need to set you github token:"
  cat > kubeapps_values.yml <<EOF
      - name: sconeapps
        url: https://${GH_TOKEN}
      - name: bitnami

You can now start KubeApps with the help of helm as follows:

kubectl create namespace  kubeapps || echo "Does namespace 'kubeapps' already exists?"
helm install -f kubeapps_values.yml kubeapps --namespace kubeapps bitnami/kubeapps --set useHelm3=true

Access Control

For production mode, you should define a Role-based Access Control. For testing, you might want to create a simple service account:

kubectl create serviceaccount kubeapps-operator
kubectl create clusterrolebinding kubeapps-operator --clusterrole=cluster-admin --serviceaccount=default:kubeapps-operator

To log into the KubeApps dashboard, you need to determine the API Token:

APITOKEN=$(kubectl get -n default secret $(kubectl get -n default serviceaccount kubeapps-operator -o jsonpath='{.secrets[].name}') -o go-template='{{.data.token | base64decode}}' && echo)