Skip to content
Documentation

This is the Experimental version (Latest). It is under active development and may change. For the most reliable documentation, use the version selector in the top-right to switch to Stable, or click here to go to the Stable version's homepage.

Headlamp Production Environment Installation

Last updated:

Prerequisites

Section titled “Prerequisites”

Kubernetes Cluster

Section titled “Kubernetes Cluster”

Prepare Shell Variables

Section titled “Prepare Shell Variables”

Ensure you have defined and loaded your Global Shell Variables as described in Shell Variables.

  1. Connect to 🟥 Production Workload Kubernetes Cluster ; i.e w/ Kubeconfig File

    Ensure you have defined and loaded your Global Shell Variables as described in Shell Variables.

    Terminal window
    source $BASE_WORKING_DIR/shell-values/kubernetes/prod_cluster.vars.sh

  2. Create Kubernetes Secret for 🛡️ TLS Certificate for Headlamp (Production) in Namespace devsecops-system.

    Create one using from .crt and .key file.

    Terminal window
    kubectl create secret tls $K8S_INGRESS_TLS_CERTIFICATE_SECRET_NAME \
      --cert=/path/to/cert/file --key=/path/to/key/file \
      --namespace devsecops-system

    💡 Should return secret/wildcard-...-tls created message.

Pre-Installation

Section titled “Pre-Installation”

Prepare Headlamp (Production) Configurations

Section titled “Prepare Headlamp (Production) Configurations”

  1. Create Helm Values Configurations

    Terminal window
    cat <<EOF > $BASE_WORKING_DIR/helm-values/headlamp-prod-full-values.yaml
    ingress:
      # -- Enable ingress controller resource
      enabled: true
      ingressClassName: ${K8S_INGRESSCLASS_NAME}
      # -- Hostname(s) for the Ingress resource
      hosts:
        - host: ${HEADLAMP_DOMAIN}
          paths:
            - path: /
              type: Prefix
      # -- Ingress TLS configuration
      tls:
        - secretName: ${K8S_INGRESS_TLS_CERTIFICATE_SECRET_NAME}
          hosts:
            - ${HEADLAMP_DOMAIN}
    

    # -- Headlamp containers Security Context
    securityContext:
      seccompProfile:
        type: RuntimeDefault
      capabilities:
        drop: ["ALL"]
      runAsNonRoot: true
      privileged: false
      allowPrivilegeEscalation: false
      runAsUser: 100
      runAsGroup: 101
    

    EOF

Installation

Section titled “Installation”

  1. Add Headlamp Helm Repository

    Terminal window
    # Add Helm Repository
    helm repo add headlamp https://kubernetes-sigs.github.io/headlamp/
    helm repo update

  2. Install a Helm Release with specific Helm Chart Version --version 0.28.1 (App Version: 0.28.1)

    Terminal window
    helm upgrade --install headlamp headlamp/headlamp --version 0.28.1 \
        --namespace devsecops-system \
        -f $BASE_WORKING_DIR/helm-values/headlamp-prod-full-values.yaml

Post-Installation

Section titled “Post-Installation”

Headlamp Testing

Section titled “Headlamp Testing”

  1. Get Pod Status - Headlamp

    Terminal window
    kubectl get pods -n devsecops-system

    Headlamp should be Running

    NAME                      READY   STATUS    RESTARTS   AGE
    ... (deducted)
    headlamp-XXXXXXXX-YYYYY   1/1     Running   0          Xd

  2. Visit https://${HEADLAMP_DOMAIN}

    • It should be accessible.
    • TLS Certificate should be valid and coresponding to your TLS Certificate Installed

Finished?

Use the below navigation to proceed