Headlamp
A full-featured, extensible Kubernetes dashboard with RBAC support.
Time: ~10 minutes Difficulty: Beginner
What You Will Learn
Section titled “What You Will Learn”- Installing Headlamp via Helm
- Creating a ServiceAccount token for authentication
- Navigating cluster resources, logs, and events
- Using the built-in terminal for exec into pods
Why Headlamp
Section titled “Why Headlamp”Headlamp is a CNCF Sandbox project that provides a production-grade Kubernetes UI. Unlike simpler dashboards, Headlamp supports:
- RBAC-aware authentication
- Plugin system for extending the UI
- Cluster and namespace resource browsing
- In-browser pod terminal (exec)
- Resource editing from the UI
- Multi-cluster support
Install
Section titled “Install”helm repo add headlamp https://kubernetes-sigs.github.io/headlamp/helm repo update
helm install headlamp headlamp/headlamp \ --namespace headlamp \ --create-namespaceCreate a Service Account Token
Section titled “Create a Service Account Token”Headlamp requires a token for authentication:
# Create a service accountkubectl create serviceaccount headlamp-admin -n headlamp
# Bind cluster-admin role (for local dev only, never in production)kubectl create clusterrolebinding headlamp-admin \ --clusterrole=cluster-admin \ --serviceaccount=headlamp:headlamp-admin
# Generate a tokenkubectl create token headlamp-admin -n headlamp --duration=24hCopy the token output. You will paste it into the Headlamp login screen.
Access
Section titled “Access”kubectl port-forward svc/headlamp -n headlamp 8080:80Open http://localhost:8080, paste the token from the previous step, and click “Authenticate”.
What You Can Do
Section titled “What You Can Do”| Feature | Description |
|---|---|
| Workloads | View and manage Deployments, StatefulSets, DaemonSets, Jobs, CronJobs |
| Pods | Live logs, exec terminal, resource usage, events |
| Networking | Services, Ingresses, Endpoints, NetworkPolicies |
| Storage | PersistentVolumes, PersistentVolumeClaims, StorageClasses |
| Config | ConfigMaps, Secrets (values hidden by default) |
| RBAC | Roles, RoleBindings, ClusterRoles, ClusterRoleBindings |
| Cluster | Nodes, Namespaces, CRDs, Events |
Suggested Workflow
Section titled “Suggested Workflow”- Deploy several demos from this repo (Redis, ArgoCD, Cert-Manager)
- Open Headlamp
- Browse each namespace to see the resources
- Click on a pod to view live logs
- Use the built-in terminal to exec into a running pod
- Edit a ConfigMap from the UI and watch the pod pick up changes
Cleanup
Section titled “Cleanup”kubectl delete clusterrolebinding headlamp-adminkubectl delete serviceaccount headlamp-admin -n headlamphelm uninstall headlamp -n headlampkubectl delete namespace headlampFurther Reading
Section titled “Further Reading”See docs/deep-dive.md for details on Headlamp’s CNCF status, token-based authentication, plugin architecture, multi-cluster support, and how it compares to other dashboard options.
Next Step
Section titled “Next Step”Move on to CloudNativePG to run production-grade PostgreSQL with automatic failover.