Containerization, a concept that he been higly adopted in the past decade, involves packaging software in a lightweight executable known as a container. Kubernetes, Docker, and Podman are open-source tools that have played a more significant part in acquiring this technology.
Kubernetes, also known as K8s is an open-source tool used in container orchestration. It is used to deploy containerized workloads across a server farm. It works by distributing the workload across the servers while automating the container networking needs, storage, persistent volumes e.t.c. It also works continuously to maintain the desired container state.
In Kubernetes, the smallest deployable unit is known as a pod. A single pod can consist of one or many containers, each with its configurations. There are 3 different resources provided when deploying pods. These are:
- Deployments: this is the most used and easiest resource to deploy. They are usually used for stateless applications. However, the application can be made stateful by attaching a persistent volume to it.
- DaemonSets: it ensures all the pod runs on all the nodes of the cluster. In case a node is added/removed from the cluster, DaemonSet automatically adds or removes the pod.
- StatefulSets: this resource is used to manage the deployment and scale a set of pods. It provides the guarantee about ordering and uniqueness of these Pods.
Currently, Kubernetes is everywhere without a doubt and has become the standard for orchestrating containers. But with a large production environment with several clusters, it becomes hard to manage it. Therefore, there is a high need for Kubernetes management tools. The popularly used tools are K9s, Weave scope, Rancher, Dashboard + Kubectl + Kubeadm, KubeSpray, Kontena Lens, Konstellate, WKSctl, Portainer e.t.c
What is Headlamp?
Headlamp is an open-source, easy-to-use, and extensible Kubernetes WebUI developed by the team at Kinvolk which was later acquired by Microsoft. It was developed to be a Kubernetes WebUI with the traditional functionality of the available Kubernetes dashboards.
Headlamp offers several features, some of which are:
- Extensible through plugins: It has a plugin system that allows vendors to build and deploy Headlamp with extra functionality without having to maintain a fork of the project. The plugins are written in JavaScript, and documentation on how to write, build and ship the plugins is provided
- Clean and modern UI: Viewing Kubernetes object is excellent since the UI is very clean and functional. There’s a mix of metrics and lists of objects on the pages, and I appreciate having different ways to parse the state of the cluster visually. There is a lot of attention to detail in its design.
- Read-write/interactive: It provides a read-write interface to the objects in your Kubernetes cluster. Clicking on an object in the UI takes you to a page with an overview of its state and makes cluster management easier.
- Cluster View: It is possible to view metrics from Headlamp without any additional setup. The default cluster view displays basic metrics and the list of events recently performed.
- Installation: Headlamp is nifty as it works in-cluster, or locally as a desktop app. It can be installed on Linux, Mac, and Windows systems.
In this guide, we will learn how to install and use Headlamp Kubernetes Web UI.
Getting Started
It is recommended that you have a Kubernetes cluster set up. The below guides can be used to set up a Kubernetes cluster.
- Deploy HA Kubernetes Cluster on Rocky Linux 8 using RKE2
- Run Kubernetes on Debian with Minikube
- Deploy Kubernetes Cluster on Linux With k0s
- Install Kubernetes Cluster on Ubuntu using K3s
- Install Kubernetes Cluster on Rocky Linux 8 with Kubeadm & CRI-O
Once the cluster has been set up, install the kubectltool.
curl -LO "https://storage.googleapis.com/kubernetes-release/release/$(curl -s https://storage.googleapis.com/kubernetes-release/release/stable.txt)/bin/linux/amd64/kubectl"
chmod +x kubectl
sudo mv kubectl /usr/local/binEnsure kubectl has access to your cluster.
##For RKE2
export PATH=$PATH:/var/lib/rancher/rke2/bin export KUBECONFIG=/etc/rancher/rke2/rke2.yaml
##For K0s
export KUBECONFIG=/var/lib/k0s/pki/admin.confCheck the available nodes:
# kubectl get nodes
NAME STATUS ROLES AGE VERSION
master Ready control-plane 103s v1.24.4+k0s
worker1 Ready <none> 89s v1.24.4+k0s
worker2 Ready <none> 84s v1.24.4+k0sThe token provided, will be used to log in to the Headlamp WebUI
Step 1 – Headlamp In-cluster Deployment
Headlamp can be deployed as a desktop application or in-cluster deployment. The most common use case for most Kubernetes web UI tools is the in-cluster deployment with ingress services.
To deploy Headlamp on your Kubernetes cluster, issue the command:
kubectl apply -f https://raw.githubusercontent.com/kinvolk/headlamp/main/kubernetes-headlamp.yamlVerify the deployment
$ kubectl get deploy -n kube-system
NAME READY UP-TO-DATE AVAILABLE AGE
coredns 2/2 2 2 30m
headlamp 1/1 1 1 25s
metrics-server 1/1 1 1 30mVerify if the service is deployed as well:
$ kubectl get svc -n kube-system
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
headlamp ClusterIP 10.107.182.43 <none> 80/TCP 2m36s
kube-dns ClusterIP 10.96.0.10 <none> 53/UDP,53/TCP,9153/TCP 32m
metrics-server ClusterIP 10.110.195.112 <none> 443/TCP 32m
Step 2 – Exposing the Headlamp Service
There are 3 ways of exposing Kubernetes services. These are Nodeport, LoadBalancer, and Ingress.
1. NodePort
To expose Headlamp as a Nodeport service, use the command:
$ kubectl expose deployment headlamp --type=NodePort --port=4466 --name=headlamp1 -n kube-system
service/headlamp1 exposedBow you can access the WebUI using the provided port with any node IP.
$ kubectl get svc -n kube-system
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
headlamp ClusterIP 10.107.182.43 <none> 80/TCP 13m
headlamp1 NodePort 10.105.231.3 <none> 4466:30686/TCP 16s
kube-dns ClusterIP 10.96.0.10 <none> 53/UDP,53/TCP,9153/TCP 43m
metrics-server ClusterIP 10.110.195.112 <none> 443/TCP
If you have a firewall enabled, allow the port through it.
#For UFW
sudo ufw allow 30686
##For Firewalld
sudo firewall-cmd --add-port=30686/tcp --permanent
sudo firewall-cmd --reload2. LoadBalancer and Ingress
To expose Headlamp as a LoadBalancer and Ingress service, you need to install the MetalLB
MetalLB_RTAG=$(curl -s https://api.github.com/repos/metallb/metallb/releases/latest|grep tag_name|cut -d '"' -f 4|sed 's/v//')
wget https://raw.githubusercontent.com/metallb/metallb/v$MetalLB_RTAG/config/manifests/metallb-native.yamlCreate the config map that contains a virtual pool with an addressable IP range that works on your local machine.
$ vim metallb-pool.yaml
apiVersion: v1
kind: ConfigMap
metadata:
namespace: metallb-system
name: config
data:
config: |
address-pools:
- name: default
protocol: layer2
addresses:
- 192.168.205.40-192.168.205.50
$ kubectl apply -f metallb-pool.yaml- LoadBalancer
Deploy a LoadBalancer service:
kubectl expose deployment headlamp --type=LoadBalancer --port=4466 --name=headlamp2 -n kube-systemVerify this:
$ kubectl get svc -n kube-system
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
headlamp ClusterIP 10.107.182.43 <none> 80/TCP 22m
headlamp1 NodePort 10.101.67.46 <none> 80:32682/TCP 9m40s
headlamp2 LoadBalancer 10.100.65.9 192.168.205.40 4466:31799/TCP 4s
kube-dns ClusterIP 10.96.0.10 <none> 53/UDP,53/TCP,9153/TCP 52m
metrics-server ClusterIP 10.110.195.112 <none> 443/TCP 52mNow you can access the WebUI using the provided IP address and port 4466 for example http://192.168.205.40:4466
- Ingress
For this guide, we will use Traefik ingress deployed using Helm. Install Helm with the command:
curl -fsSL -o get_helm.sh https://raw.githubusercontent.com/helm/helm/master/scripts/get-helm-3
chmod 700 get_helm.sh
sudo ./get_helm.shOnce installed, add the Traefik ingress repo:
helm repo add traefik https://helm.traefik.io/traefik
helm repo updateNow install Traefik Ingress Controller using the helm chart.
helm install traefik traefik/traefik --namespace kube-systemObtain the IP address of the service:
# kubectl get svc -n kube-system
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
headlamp ClusterIP 10.106.71.55 <none> 80/TCP 22m
headlamp2 LoadBalancer 10.96.89.218 192.168.205.40 80:31352/TCP 21m
traefik LoadBalancer 10.109.61.180 192.168.205.42 80:32709/TCP,443:32574/TCP 7m40sAdd a DNS entry for the IP address obtained above:
$ sudo vim /etc/hosts
192.168.205.42 headlamp.neveropen.techProvide the hostname for the IP address provided above in the below command:
$ vim headlamp-ingress.yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: headlamp
namespace: kube-system
annotations:
traefik.ingress.kubernetes.io/router.entrypoints: web
spec:
rules:
- host: headlamp.geeksforgeeks.org
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: headlamp
port:
number: 80
$ kubectl apply -f headlamp-ingress.yamlVerify the creation:
$ kubectl get ing -n kube-system | grep headlamp
headlamp <none> headlamp.geeksforgeeks.org 192.168.205.42 80 3h12mYou can now access the WebUI using the URL //headlamp.geeksforgeeks.org
Step 3 – Create a Service Account token
Headlamp uses RBAC to authenticate users and manage how they can access resources. For that reason, we will create a Service Account token.
Begin by creating a Service Account:
kubectl -n kube-system create serviceaccount headlamp-adminNow set the admin privileges to the account:
kubectl create clusterrolebinding headlamp-admin --serviceaccount=kube-system:headlamp-admin --clusterrole=cluster-adminNow obtain the secret;
$ kubectl -n kube-system get secrets | grep headlamp-admin
headlamp-admin kubernetes.io/service-account-token 3 17mNow view the token as shown:
$ kubectl -n kube-system describe secret headlamp-admin
Name: headlamp-admin
Namespace: kube-system
Labels: <none>
Annotations: kubernetes.io/service-account.name: headlamp-admin
kubernetes.io/service-account.uid: b308dfb4-7240-4eed-b7b1-477dd224c1a4
Type: kubernetes.io/service-account-token
Data
====
ca.crt: 1103 bytes
namespace: 11 bytes
token: eyJhbGcXXXXXXXXXXXxXxXXxXXx.......Step 4 – Access the Headlamp WebUI
Depending on the method used to expose the service, the URL will be different. But the URL loads, you will see the below page:
Provide the token to be authenticated. The Headlamp dashboard will be granted to you.
Now manage the Kubernetes objects from this WebUI. View namespaces:
View the available nodes
Under the workloads tab, you can view pods, Replica sets, DaemonSets, jobs, and deployments in your cluster.
You can also view storage classes, persistent volumes and persistent volume clams.
Unfortunately, we do not have any storage configurations. To add one, we will click on the + icon. The below editor will be launched.
Add the desired manifest for your storage class. For example:
kind: StorageClass
apiVersion: storage.k8s.io/v1
metadata:
name: sample-storage-class
provisioner: kubernetes.io/no-provisioner
volumeBindingMode: WaitForFirstConsumerSample:
Click on apply to create the SC. Once created, the SC will be available as shown.
It is that easy! Proceed and create desired objects on Kubernetes.
Books For Learning Kubernetes Administration:
Verdict
That marks the end of this guide on how to install and use Headlamp Kubernetes Web UI. You can now manage your Kubernetes cluster with the easy-to-use Headlamp dashboard.
Related posts:
