Headlamp — Extensible Open-Source Kubernetes Web UI

Introduction

Headlamp is a CNCF Sandbox project started by Kinvolk (now Microsoft) as an open, vendor-neutral replacement for aging Kubernetes dashboards. It runs as a desktop app or a self-hosted web service, speaks to the API server via your kubeconfig or an in-cluster ServiceAccount, and exposes a plugin API so any team can extend it without forking.

What Headlamp Does

• Browses every core and custom resource with rich column presets
• Edits YAML in-browser with Monaco, JSON schema validation, and side-by-side diffs
• Streams logs, exec shells, and port-forward sessions in multiple tabs
• Exposes a plugin loader so CRDs like Flux, Argo CD, or Cert-Manager get first-class tabs
• Supports multi-cluster context switching with SSO via OIDC

Architecture Overview

The frontend is React + Material UI; the backend is a Go proxy that terminates OIDC, handles plugin serving, and forwards to the Kubernetes API. Each plugin is a small JavaScript bundle that registers sidebar items, detail tabs, or table column renderers. The desktop build wraps the same web app in an Electron shell for local-only use without deploying anything.

Self-Hosting & Configuration

• Helm chart supports ingress, OIDC, and TLS out of the box
• Plugins mounted from a ConfigMap or S3 bucket at boot
• HEADLAMP_CONFIG_OIDC_ISSUER_URL and friends wire up any OIDC provider
• RBAC respected end-to-end — the UI only shows what your token can see
• Desktop app auto-detects ~/.kube/config and any context-switching tools you already use

Key Features

• Native plugin SDK with TypeScript types (@kinvolk/headlamp-plugin)
• Multi-cluster ops without juggling kubectl contexts
• Built-in search across resources, namespaces, and events
• YAML editor with apply-as-dry-run and save
• AI assistant plugin for natural-language cluster queries (opt-in)

Comparison with Similar Tools

• Lens — feature-rich but recent license changes pushed community to OpenLens / Headlamp
• k9s — terminal-only, unbeatable speed; Headlamp is its GUI complement
• Kubernetes Dashboard — official but limited plugin story and dated UX
• Octant (archived) — VMware project with a similar plugin vision
• Rancher UI — tied to Rancher's cluster management platform

FAQ

Q: Does Headlamp need cluster-admin? A: No. The UI respects the RBAC of whatever token you authenticate with.

Q: Can I write a plugin in an afternoon? A: Yes. The create-plugin scaffold generates a working tab with hot-reload in a few commands.

Q: Is there an on-prem deployment story? A: Yes — Helm chart, supports air-gapped registries, and ships arm64 images for Raspberry Pi clusters.

Q: How does it compare to cloud-provider consoles? A: Vendor-neutral. It works the same against GKE, EKS, AKS, and on-prem distributions.

Sources

• https://github.com/kubernetes-sigs/headlamp
• https://headlamp.dev/