Add support for Headlamp dashboard for kubernetes; deprecate legacy kubernetes dashboard#12776
Add support for Headlamp dashboard for kubernetes; deprecate legacy kubernetes dashboard#12776
Conversation
…ubernetes dashboard
Codecov Report❌ Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## main #12776 +/- ##
=========================================
Coverage 17.92% 17.92%
- Complexity 16176 16179 +3
=========================================
Files 5949 5949
Lines 534058 534063 +5
Branches 65301 65303 +2
=========================================
+ Hits 95742 95751 +9
+ Misses 427560 427555 -5
- Partials 10756 10757 +1
Flags with carried forward coverage won't be shown. Click here to find out more. ☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
|
Hi @Pearl1594 it mentions the creation of token for Kubernetes dashboard |
yes the text needs to be updated https://headlamp.dev/docs/latest/installation/ cc @Pearl1594 |
Yes @weizhouapache it requires change in text, this PR isn't ready yet for review - work in progress. |
thanks @Pearl1594 it would be better consider that some users still use the old CKS ISOs which have old kubernetes dashboard bundled. |
|
Updated Access details: 
|
|
|
@blueorangutan package |
|
@kiranchavala a [SL] Jenkins job has been kicked to build packages. It will be bundled with no SystemVM templates. I'll keep you posted as I make progress. |
|
Packaging result [SF]: ✔️ el8 ✔️ el9 ✔️ el10 ✔️ debian ✔️ suse15. SL-JID 17151 |
|
@Pearl1594 is it good for 4.22.1? if so, can you re-target this to 4.22. |
There was a problem hiding this comment.
Pull request overview
This PR updates CloudStack’s Kubernetes integration and UI guidance to prefer the Headlamp dashboard for newly provisioned Kubernetes clusters, while retaining compatibility with the legacy Kubernetes Dashboard for older clusters.
Changes:
- Update the Kubernetes cluster UI “Dashboard” instructions to include Headlamp access/token creation steps and keep legacy dashboard steps.
- Update the Kubernetes binaries ISO creation script to fetch the Headlamp manifest (by version) and include it in the ISO image list processing.
- Update control-node provisioning and server-side readiness checks to install/recognize Headlamp (with fallback to legacy Kubernetes Dashboard).
Reviewed changes
Copilot reviewed 4 out of 4 changed files in this pull request and generated 4 comments.
| File | Description |
|---|---|
| ui/src/views/compute/KubernetesServiceTab.vue | Adds Headlamp + legacy dashboard access/token guidance in the Kubernetes cluster UI tab. |
| scripts/util/create-kubernetes-binaries-iso.sh | Switches ISO dashboard asset from a Dashboard YAML URL to a Headlamp manifest version and bundles headlamp.yaml. |
| plugins/integrations/kubernetes-service/src/main/resources/conf/k8s-control-node.yml | Installs headlamp.yaml when present (fallback to dashboard.yaml) and uses Headlamp by default for online installs. |
| plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/utils/KubernetesClusterUtil.java | Extends dashboard readiness checks to detect Headlamp first, then legacy dashboard. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
You can also share your feedback on Copilot code review. Take the survey.
| /opt/bin/kubectl create rolebinding admin-binding --role=admin --user=admin || true | ||
| /opt/bin/kubectl create clusterrolebinding cluster-admin-binding --clusterrole=cluster-admin --user=admin || true |
| /opt/bin/kubectl create serviceaccount headlamp-admin -n kube-system || true | ||
| /opt/bin/kubectl create clusterrolebinding headlamp-admin --clusterrole=cluster-admin --serviceaccount=kube-system:headlamp-admin || true |
| <p><strong>Note:</strong> CloudStack Kubernetes clusters use <strong>Headlamp</strong> dashboard (deployed in <code>kube-system</code> namespace). For backward compatibility with older clusters using Kubernetes Dashboard, please check your cluster configuration.</p> | ||
| <a-timeline> | ||
| <a-timeline-item> | ||
| <p> | ||
| {{ $t('label.run.proxy.locally') }}<br><br> | ||
| <code><b>kubectl --kubeconfig /custom/path/kube.conf proxy</b></code> | ||
| <strong>Access Headlamp Dashboard (new clusters)</strong><br><br> | ||
| <strong>Step 1:</strong> Run port-forward command:<br> | ||
| <code><b>kubectl --kubeconfig /custom/path/kube.conf port-forward -n kube-system service/headlamp 8080:80</b></code><br><br> | ||
| <strong>Step 2:</strong> Open in your browser:<br> | ||
| <a href="http://localhost:8080"><code>http://localhost:8080</code></a> | ||
| </p> | ||
| </a-timeline-item> | ||
| <a-timeline-item> | ||
| <p> | ||
| {{ $t('label.open.url') }}<br><br> | ||
| <strong>Access Kubernetes Dashboard (legacy clusters)</strong><br><br> | ||
| <strong>Step 1:</strong> {{ $t('label.run.proxy.locally') }}<br> | ||
| <code><b>kubectl --kubeconfig /custom/path/kube.conf proxy</b></code><br><br> | ||
| <strong>Step 2:</strong> {{ $t('label.open.url') }}<br> | ||
| <a href="http://localhost:8001/api/v1/namespaces/kubernetes-dashboard/services/https:kubernetes-dashboard:/proxy/"><code>http://localhost:8001/api/v1/namespaces/kubernetes-dashboard/services/https:kubernetes-dashboard:/proxy/</code></a> | ||
| </p> | ||
| </a-timeline-item> | ||
| <a-timeline-item> | ||
| <p> | ||
| <strong>Create Access Token for Headlamp (new clusters)</strong> | ||
| </p> | ||
| <p v-html="$t('label.kubernetes.dashboard.create.token')"></p> | ||
| <p v-html="$t('label.kubernetes.dashboard.create.token.desc')"></p> | ||
| <a-textarea :value="'kubectl --kubeconfig /custom/path/kube.conf apply -f - <<EOF\napiVersion: v1\nkind: ServiceAccount\nmetadata:\n name: kubernetes-dashboard-admin-user\n namespace: kubernetes-dashboard\n---\napiVersion: rbac.authorization.k8s.io/v1\nkind: ClusterRoleBinding\nmetadata:\n name: kubernetes-dashboard-admin-user\nroleRef:\n apiGroup: rbac.authorization.k8s.io\n kind: ClusterRole\n name: cluster-admin\nsubjects:\n- kind: ServiceAccount\n name: kubernetes-dashboard-admin-user\n namespace: kubernetes-dashboard\n---\napiVersion: v1\nkind: Secret\ntype: kubernetes.io/service-account-token\nmetadata:\n name: kubernetes-dashboard-token\n namespace: kubernetes-dashboard\n annotations:\n kubernetes.io/service-account.name: kubernetes-dashboard-admin-user\nEOF'" :rows="10" readonly /> | ||
| <a-textarea :value="'kubectl --kubeconfig /custom/path/kube.conf apply -f - <<EOF\napiVersion: v1\nkind: ServiceAccount\nmetadata:\n name: headlamp-admin\n namespace: kube-system\n---\napiVersion: rbac.authorization.k8s.io/v1\nkind: ClusterRoleBinding\nmetadata:\n name: headlamp-admin\nroleRef:\n apiGroup: rbac.authorization.k8s.io\n kind: ClusterRole\n name: cluster-admin\nsubjects:\n- kind: ServiceAccount\n name: headlamp-admin\n namespace: kube-system\n---\napiVersion: v1\nkind: Secret\ntype: kubernetes.io/service-account-token\nmetadata:\n name: headlamp-admin-token\n namespace: kube-system\n annotations:\n kubernetes.io/service-account.name: headlamp-admin\nEOF'" :rows="12" readonly /> |
| HEADLAMP_DASHBOARD_URL="https://raw.githubusercontent.com/kubernetes-sigs/headlamp/v${HEADLAMP_DASHBOARD_VERSION}/kubernetes-headlamp.yaml" | ||
| echo "Downloading Headlamp manifest from ${HEADLAMP_DASHBOARD_URL}" | ||
| headlamp_conf_file="${working_dir}/headlamp.yaml" | ||
| curl -sSL ${HEADLAMP_DASHBOARD_URL} -o ${headlamp_conf_file} |
Description
This PR fixes: #12728
Types of changes
Feature/Enhancement Scale or Bug Severity
Feature/Enhancement Scale
Screenshots (if appropriate):
How Has This Been Tested?
How did you try to break this feature and the system with this change?