9.0
docker pull mcr.microsoft.com/dotnet/aspire-dashboard:9.0
This image contains the .NET Aspire Dashboard.
Watch discussions for Docker-related .NET announcements.
The .NET Aspire Dashboard is a browser-based app to view run-time information about your distributed application.
The dashboard shows:
- Resources that make up your app, such as .NET projects, executables and containers.
- Live console logs of resources.
- Live telemetry, such as structured logs, traces and metrics.
The dashboard must be configured when it is started. The configuration is done via environment variables. The following environment variables are supported:
ASPNETCORE_URLS
specifies one or more HTTP endpoints through which the dashboard frontend is served. The frontend endpoint is used to view the dashboard in a browser. Defaults tohttp://localhost:18888
.DOTNET_DASHBOARD_OTLP_ENDPOINT_URL
specifies the OTLP/gRPC endpoint. This endpoint hosts an OTLP service and receives telemetry using gRPC. When the dashboard is launched by the .NET Aspire app host this address is secured with HTTPS. Securing the dashboard with HTTPS is recommended. Defaults tohttp://localhost:18889
.DOTNET_DASHBOARD_OTLP_HTTP_ENDPOINT_URL
specifies the OTLP/HTTP endpoint. This endpoint hosts an OTLP service and receives telemetry using Protobuf over HTTP. Defaults tohttp://localhost:18890
.DOTNET_DASHBOARD_UNSECURED_ALLOW_ANONYMOUS
specifies the dashboard doesn't use authentication and accepts anonymous access. This setting is a shortcut to configuringDashboard:Frontend:AuthMode
andDashboard:Otlp:AuthMode
toUnsecured
.DOTNET_DASHBOARD_CONFIG_FILE_PATH
specifies the path for an optional JSON configuration file.
The dashboard's frontend supports OpenID Connect (OIDC). Set Dashboard__Frontend__AuthMode
to OpenIdConnect
, then add the following configuration:
Authentication__Schemes__OpenIdConnect__Authority
— URL to the identity provider (IdP)Authentication__Schemes__OpenIdConnect__ClientId
— Identity of the relying party (RP)Authentication__Schemes__OpenIdConnect__ClientSecret
— A secret that only the real RP would know- Other properties of
OpenIdConnectOptions
specified in configuration containerAuthentication__Schemes__OpenIdConnect__*
It may also be run unsecured. Set Dashboard__Frontend__AuthMode
to Unsecured
. The frontend endpoint will allow anonymous access. This setting is used during local development, but is not recommended if you attempt to host the dashboard in other settings.
The OTLP endpoint can be secured with client certificate or API key authentication.
For client certification authentication, set Dashboard__Otlp__AuthMode
to Certificate
.
For API key authentication, set Dashboard__Otlp__AuthMode
to ApiKey
, then add the following configuration:
Dashboard__Otlp__PrimaryApiKey
specifies the primary API key. (required, string)Dashboard__Otlp__SecondaryApiKey
specifies the secondary API key. (optional, string)
It may also be run unsecured. Set Dashboard__Otlp__AuthMode
to Unsecured
. The OTLP endpoint will allow anonymous access. This setting is used during local development, but is not recommended if you attempt to host the dashboard in other settings.
Dashboard__ResourceServiceClient__Url
specifies the gRPC endpoint to which the dashboard connects for its data. There's no default. If this variable is unspecified, the dashboard shows OTEL data but no resource list or console logs.
The resource service client supports certificates. Set Dashboard__ResourceServiceClient__AuthMode
to Certificate
, then add the following configuration:
Dashboard__ResourceServiceClient__ClientCertificate__Source
(required) one of:File
to load the cert from a file path, configured with:Dashboard__ResourceServiceClient__ClientCertificate__FilePath
(required, string)Dashboard__ResourceServiceClient__ClientCertificate__Password
(optional, string)
KeyStore
to load the cert from a key store, configured with:Dashboard__ResourceServiceClient__ClientCertificate__Subject
(required, string)Dashboard__ResourceServiceClient__ClientCertificate__Store
(optional,StoreName
, defaults toMy
)Dashboard__ResourceServiceClient__ClientCertificate__Location
(optional,StoreLocation
, defaults toCurrentUser
)
To opt-out of authentication, set Dashboard__ResourceServiceClient__AuthMode
to Unsecured
. This completely disables all security for the resource service client. This setting is used during local development, but is not recommended if you attempt to host the dashboard in other settings.
Telemetry is stored in-memory. To avoid excessive memory usage, the dashboard has limits on the count and size of stored telemetry. When a count limit is reached, new telemetry is added, and the oldest telemetry is removed. When a size limit is reached, data is truncated to the limit.
Dashboard__TelemetryLimits__MaxLogCount
specifies the maximum number of log entries. Defaults to 10,000.Dashboard__TelemetryLimits__MaxTraceCount
specifies the maximum number of traces. Defaults to 10,000.Dashboard__TelemetryLimits__MaxMetricsCount
specifies the maximum number of metric data points. Defaults to 50,000.Dashboard__TelemetryLimits__MaxAttributeCount
specifies the maximum number of attributes on telemetry. Defaults to 128.Dashboard__TelemetryLimits__MaxAttributeLength
specifies the maximum length of attributes. Defaults to unlimited.Dashboard__TelemetryLimits__MaxSpanEventCount
specifies the maximum number of events on span attributes. Defaults to unlimited.
Limits are per-resource. For example, a MaxLogCount
value of 10,000 configures the dashboard to store up to 10,000 log entries per-resource.
Dashboard__ApplicationName
specifies the application name to be displayed in the UI. This applies only when no resource service URL is specified. When a resource service exists, the service specifies the application name.
.NET:
- dotnet: .NET
- dotnet/sdk: .NET SDK
- dotnet/aspnet: ASP.NET Core Runtime
- dotnet/runtime: .NET Runtime
- dotnet/runtime-deps: .NET Runtime Dependencies
- dotnet/monitor: .NET Monitor Tool
- dotnet/nightly/aspire-dashboard: .NET Aspire Dashboard (Preview)
- dotnet/samples: .NET Samples
.NET Framework:
- dotnet/framework: .NET Framework, ASP.NET and WCF
- dotnet/framework/samples: .NET Framework, ASP.NET and WCF Samples
Tags | Dockerfile | OS Version |
---|---|---|
9.0.0, 9.0, 9, latest | Dockerfile | CBL-Mariner 2.0 |
Tags | Dockerfile | OS Version |
---|---|---|
9.0.0, 9.0, 9, latest | Dockerfile | CBL-Mariner 2.0 |
Tags not listed in the table above are not supported. See the Supported Tags Policy. See the full list of tags for all supported and unsupported tags.
- Base Image Updates: Images are re-built within 12 hours of any updates to their base images (e.g. debian:bookworm-slim, windows/nanoserver:ltsc2022, etc.).
- .NET Releases: Images are re-built as part of releasing new .NET versions. This includes new major versions, minor versions, and servicing releases.
- Critical CVEs: Images are re-built to pick up critical CVE fixes as described by the CVE Update Policy below.
- Monthly Re-builds: Images are re-built monthly, typically on the second Tuesday of the month, in order to pick up lower-severity CVE fixes.
- Out-Of-Band Updates: Images can sometimes be re-built when out-of-band updates are necessary to address critical issues. If this happens, new fixed version tags will be updated according to the Fixed version tags documentation.
.NET container images are regularly monitored for the presence of CVEs. A given image will be rebuilt to pick up fixes for a CVE when:
- We detect the image contains a CVE with a CVSS score of "Critical"
- AND the CVE is in a package that is added in our Dockerfile layers (meaning the CVE is in a package we explicitly install or any transitive dependencies of those packages)
- AND there is a CVE fix for the package available in the affected base image's package repository.
Please refer to the Security Policy and Container Vulnerability Workflow for more detail about what to do when a CVE is encountered in a .NET image.