# Headlamp — Extensible Open-Source Kubernetes Web UI

> CNCF Sandbox Kubernetes dashboard — desktop app or self-hosted web UI with a plugin API, multi-cluster support, and OIDC.

## Install

Save as a script file and run:

# Headlamp — Extensible Kubernetes Web UI

## Quick Use
```bash
# run the desktop app (macOS / Linux / Windows)
brew install --cask headlamp
# or launch in-cluster
helm repo add headlamp https://headlamp-k8s.github.io/headlamp
helm install headlamp headlamp/headlamp -n kube-system

# then port-forward to your laptop
kubectl -n kube-system port-forward svc/headlamp 8080:80
open http://localhost:8080
```

## Introduction
Headlamp is a CNCF Sandbox project started by Kinvolk (now Microsoft) as an open, vendor-neutral replacement for aging Kubernetes dashboards. It runs as a desktop app or a self-hosted web service, speaks to the API server via your kubeconfig or an in-cluster ServiceAccount, and exposes a plugin API so any team can extend it without forking.

## What Headlamp Does
- Browses every core and custom resource with rich column presets
- Edits YAML in-browser with Monaco, JSON schema validation, and side-by-side diffs
- Streams logs, exec shells, and port-forward sessions in multiple tabs
- Exposes a plugin loader so CRDs like Flux, Argo CD, or Cert-Manager get first-class tabs
- Supports multi-cluster context switching with SSO via OIDC

## Architecture Overview
The frontend is React + Material UI; the backend is a Go proxy that terminates OIDC, handles plugin serving, and forwards to the Kubernetes API. Each plugin is a small JavaScript bundle that registers sidebar items, detail tabs, or table column renderers. The desktop build wraps the same web app in an Electron shell for local-only use without deploying anything.

## Self-Hosting & Configuration
- Helm chart supports ingress, OIDC, and TLS out of the box
- Plugins mounted from a ConfigMap or S3 bucket at boot
- `HEADLAMP_CONFIG_OIDC_ISSUER_URL` and friends wire up any OIDC provider
- RBAC respected end-to-end — the UI only shows what your token can see
- Desktop app auto-detects `~/.kube/config` and any context-switching tools you already use

## Key Features
- Native plugin SDK with TypeScript types (`@kinvolk/headlamp-plugin`)
- Multi-cluster ops without juggling kubectl contexts
- Built-in search across resources, namespaces, and events
- YAML editor with apply-as-dry-run and save
- AI assistant plugin for natural-language cluster queries (opt-in)

## Comparison with Similar Tools
- **Lens** — feature-rich but recent license changes pushed community to OpenLens / Headlamp
- **k9s** — terminal-only, unbeatable speed; Headlamp is its GUI complement
- **Kubernetes Dashboard** — official but limited plugin story and dated UX
- **Octant (archived)** — VMware project with a similar plugin vision
- **Rancher UI** — tied to Rancher's cluster management platform

## FAQ
**Q: Does Headlamp need cluster-admin?**
A: No. The UI respects the RBAC of whatever token you authenticate with.

**Q: Can I write a plugin in an afternoon?**
A: Yes. The `create-plugin` scaffold generates a working tab with hot-reload in a few commands.

**Q: Is there an on-prem deployment story?**
A: Yes — Helm chart, supports air-gapped registries, and ships arm64 images for Raspberry Pi clusters.

**Q: How does it compare to cloud-provider consoles?**
A: Vendor-neutral. It works the same against GKE, EKS, AKS, and on-prem distributions.

## Sources
- https://github.com/kubernetes-sigs/headlamp
- https://headlamp.dev/


---
Source: https://tokrepo.com/en/workflows/b410700d-3900-11f1-9bc6-00163e2b0d79
Author: Script Depot