Skip to content
Documentation

Headlamp Non-Production Environment Installation

Prerequisites

Section titled “Prerequisites”

Kubernetes Cluster

Section titled “Kubernetes Cluster”

Headlamp (Non-Production) will be installed on 🟦 Non-Production Workload Kubernetes Cluster

  • 📥Ingress Service provided as Kubernetes Ingress Class (IngressClass)
  • 🛡️TLS Certificate for Headlamp (Non-Production) provided as Kubernetes Secret
    • Headlamp (Non-Production) will be exposed as HTTPS with Kubernetes Ingress.

Complete Prerequisites

Section titled “Complete Prerequisites”

Kubernetes Cluster

Section titled “Kubernetes Cluster”

Prepare Shell Variables

Section titled “Prepare Shell Variables”

Ensure you have defined and loaded your Global Shell Variables as described in Shell Variables.

  1. Connect to 🟦 Non-Production Workload Kubernetes Cluster ; i.e w/ Kubeconfig File

    Ensure you have defined and loaded your Global Shell Variables as described in Shell Variables.

    Terminal window
    source $HOME/opstella-installation/shell-values/kubernetes/nonprod_cluster.vars.sh
    Terminal window
    export KUBECONFIG="$HOME/opstella-installation/kubeconfigs/nonprod_cluster.yaml"

  2. Create Kubernetes Secret for 🛡️ TLS Certificate for Headlamp (Non-Production) in Namespace devsecops-system.

    Create one using from .crt and .key file.

    Terminal window
    kubectl create secret tls $K8S_INGRESS_TLS_CERTIFICATE_SECRET_NAME \
      --cert=/path/to/cert/file --key=/path/to/key/file \
      --namespace devsecops-system

    💡 Should return secret/wildcard-...-tls created message.

Pre-Installation

Section titled “Pre-Installation”

Prepare Headlamp (Non-Production) Configurations

Section titled “Prepare Headlamp (Non-Production) Configurations”

  1. Create Helm Values Configurations

    Terminal window
    cat <<EOF > $HOME/opstella-installation/helm-values/headlamp-nonprod-full-values.yaml
    ingress:
      # -- Enable ingress controller resource
      enabled: true
      ingressClassName: ${K8S_INGRESSCLASS_NAME}
      # -- Hostname(s) for the Ingress resource
      hosts:
        - host: ${HEADLAMP_DOMAIN}
          paths:
            - path: /
              type: Prefix
      # -- Ingress TLS configuration
      tls:
        - secretName: ${K8S_INGRESS_TLS_CERTIFICATE_SECRET_NAME}
          hosts:
            - ${HEADLAMP_DOMAIN}
    

    # -- Headlamp containers Security Context
    securityContext:
      seccompProfile:
        type: RuntimeDefault
      capabilities:
        drop: ["ALL"]
      runAsNonRoot: true
      privileged: false
      allowPrivilegeEscalation: false
      runAsUser: 100
      runAsGroup: 101
    

    EOF

Installation

Section titled “Installation”

  1. Add Headlamp Helm Repository

    Terminal window
    # Add Helm Repository
    helm repo add headlamp https://kubernetes-sigs.github.io/headlamp/
    helm repo update

  2. Install a Helm Release with specific Helm Chart Version --version 0.28.1 (App Version: 0.28.1)

    Terminal window
    helm install headlamp headlamp/headlamp --version 0.28.1 \
        --namespace devsecops-system \
        -f $HOME/opstella-installation/helm-values/headlamp-nonprod-full-values.yaml

Post-Installation

Section titled “Post-Installation”

Headlamp Testing

Section titled “Headlamp Testing”

  1. Get Pod Status - Headlamp

    Terminal window
    kubectl get pods -n devsecops-system

    Headlamp should be Running

    NAME                      READY   STATUS    RESTARTS   AGE
    ... (deducted)
    headlamp-XXXXXXXX-YYYYY   1/1     Running   0          Xd

  2. Visit https://${HEADLAMP_DOMAIN}

    • It should be accessible.
    • TLS Certificate should be valid and coresponding to your TLS Certificate Installed

Finished?

Use the below navigation to proceed