Skip to main content

Headlamp

Headlamp is an open-source, extensible Kubernetes web UI designed to simplify cluster management, monitoring, and debugging. It provides a user-friendly interface for developers, DevOps engineers, and system administrators to interact with Kubernetes clusters without relying solely on the command line.

Purpose

Kubernetes is powerful but complex. While tools like kubectl and kubeadm are essential, they require deep technical knowledge and can be cumbersome for day-to-day tasks. Headlamp bridges this gap by offering:

  • A visual interface for users who prefer a GUI over CLI commands.
  • Fast(er) navigation and troubleshooting with real-time cluster insights.
  • We ship Headlamp with the FluxCD plugin which basically provides a UI for Flux.

Headlamp is ideal for:

  • Developers deploying and debugging applications.
  • DevOps teams managing cluster resources.
  • Educators and learners exploring Kubernetes concepts.

Security / Authentication

Headlamp supports connecting through OIDC. To make Headlamp work via OIDC, OIDC must be configured on the Kubernetes API server:

  • With many providers, we cannot do this (e.g., Cyso, ODCN).
  • With a provider like Azure, it works via Azure Active Directory (AAD), which needs to be enabled when creating an AKS cluster. This relies on AAD/Entra rather than Keycloak.
  • Locally, using Kind, it is possible by patching the kubeAdm extraArgs for the API server component. However, the apiserver.oidc-issuer-url must use HTTPS. Locally, Keycloak would then need a self-signed certificate, as CertManager/Let’s Encrypt won’t work on a local domain/IP. If we place a self-signed certificate directly on the Keycloak instance, users will encounter browser security warnings when interacting with Keycloak. Additionally, this is over-engineering for a local environment.
info

See this tutorial for instructions to connect to Headlamp with a token.