From bd59781bbb136a764deeb2a43d74b236a6a2fb72 Mon Sep 17 00:00:00 2001 From: Kautilya Tripathi Date: Wed, 18 Dec 2024 04:34:57 +0530 Subject: [PATCH] charts: Reorganize and Enhance the Structure - Add a more detailed introduction with key features. - Add a Prerequisites section. - Improve installation instructions with common configurations. - Add a Quick Start Guide with examples. - Better organization of configuration tables with grouping. Signed-off-by: Kautilya Tripathi --- charts/headlamp/README.md | 272 +++++++++++++++++++++++++++++--------- 1 file changed, 210 insertions(+), 62 deletions(-) diff --git a/charts/headlamp/README.md b/charts/headlamp/README.md index 87e5b1336c..9989e2358a 100644 --- a/charts/headlamp/README.md +++ b/charts/headlamp/README.md @@ -1,83 +1,231 @@ -# headlamp +# Headlamp Helm Chart -Headlamp is an easy-to-use and extensible Kubernetes web UI. +Headlamp is an easy-to-use and extensible Kubernetes web UI that provides: +- 🚀 Modern, fast, and responsive interface +- 🔒 OIDC authentication support +- 🔌 Plugin system for extensibility +- 🎯 Real-time cluster state updates -**Homepage:** +## Prerequisites -## TL;DR +- Kubernetes 1.21+ +- Helm 3.x +- Cluster admin access for initial setup + +## Quick Start + +Add the Headlamp repository and install the chart: ```console $ helm repo add headlamp https://headlamp-k8s.github.io/headlamp/ +$ helm repo update $ helm install my-headlamp headlamp/headlamp --namespace kube-system ``` +Access Headlamp: +```console +$ kubectl port-forward -n kube-system svc/my-headlamp 8080:80 +``` +Then open http://localhost:8080 in your browser. + +## Installation + +### Basic Installation +```console +$ helm install my-headlamp headlamp/headlamp --namespace kube-system +``` + +### Installation with OIDC +```console +$ helm install my-headlamp headlamp/headlamp \ + --namespace kube-system \ + --set config.oidc.clientID=your-client-id \ + --set config.oidc.clientSecret=your-client-secret \ + --set config.oidc.issuerURL=https://your-issuer-url +``` + +### Installation with Ingress +```console +$ helm install my-headlamp headlamp/headlamp \ + --namespace kube-system \ + --set ingress.enabled=true \ + --set ingress.hosts[0].host=headlamp.example.com \ + --set ingress.hosts[0].paths[0].path=/ +``` + +## Configuration + +### Core Parameters + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| replicaCount | int | `1` | Number of desired pods | +| image.registry | string | `"ghcr.io"` | Container image registry | +| image.repository | string | `"headlamp-k8s/headlamp"` | Container image name | +| image.tag | string | `""` | Container image tag (defaults to Chart appVersion) | +| image.pullPolicy | string | `"IfNotPresent"` | Image pull policy | + +### Application Configuration + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| config.baseURL | string | `""` | Base URL path for Headlamp UI | +| config.pluginsDir | string | `"/headlamp/plugins"` | Directory to load Headlamp plugins from | +| config.extraArgs | array | `[]` | Additional arguments for Headlamp server | + +### OIDC Configuration + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| config.oidc.clientID | string | `""` | OIDC client ID | +| config.oidc.clientSecret | string | `""` | OIDC client secret | +| config.oidc.issuerURL | string | `""` | OIDC issuer URL | +| config.oidc.scopes | string | `""` | OIDC scopes to be used | +| config.oidc.secret.create | bool | `true` | Create OIDC secret using provided values | +| config.oidc.secret.name | string | `"oidc"` | Name of the OIDC secret | +| config.oidc.externalSecret.enabled | bool | `false` | Enable using external secret for OIDC | +| config.oidc.externalSecret.name | string | `""` | Name of external OIDC secret | -## Maintainers +There are three ways to configure OIDC: -See [MAINTAINERS.md](https://github.com/headlamp-k8s/headlamp/blob/main/MAINTAINERS.md) in the headlamp github repo. +1. Using direct configuration: +```yaml +config: + oidc: + clientID: "your-client-id" + clientSecret: "your-client-secret" + issuerURL: "https://your-issuer" + scopes: "openid profile email" +``` -## Source Code +2. Using automatic secret creation: +```yaml +config: + oidc: + secret: + create: true + name: oidc +``` -* -* +3. Using external secret: +```yaml +config: + oidc: + secret: + create: false + externalSecret: + enabled: true + name: your-oidc-secret +``` -### Headlamp parameters +### Deployment Configuration | Key | Type | Default | Description | |-----|------|---------|-------------| -| affinity | object | `{}` | Affinity settings for pod assignment | -| clusterRoleBinding.annotations | object | `{}` | Annotations to add to the cluster role binding | -| clusterRoleBinding.create | bool | `true` | Specified whether a cluster role binding should be created | -| clusterRoleBinding.clusterRoleName| string | `cluster-admin` | Kubernetes ClusterRole name | -| env | list | `[]` | An optional list of environment variables | -| fullnameOverride | string | `""` | Overrides the full name of the chart | -| image.pullPolicy | string | `"IfNotPresent"` | Image pull policy. One of Always, Never, IfNotPresent | +| replicaCount | int | `1` | Number of desired pods | | image.registry | string | `"ghcr.io"` | Container image registry | | image.repository | string | `"headlamp-k8s/headlamp"` | Container image name | -| image.tag | string | `""` | Container image tag, If "" uses appVersion in Chart.yaml | -| imagePullSecrets | list | `[]` | An optional list of references to secrets in the same namespace to use for pulling any of the images used | -| ingress.annotations | object | `{}` | Annotations for Ingress resource | -| ingress.enabled | bool | `false` | Enable ingress controller resource | -| ingress.ingressClassName | string | `""` | The ingress class name. Replacement for the deprecated "kubernetes.io/ingress.class" annotation | -| ingress.hosts | list | `[]` | Hostname(s) for the Ingress resource | +| image.tag | string | `""` | Container image tag (defaults to Chart appVersion) | +| image.pullPolicy | string | `"IfNotPresent"` | Image pull policy | +| imagePullSecrets | list | `[]` | Image pull secrets references | +| nameOverride | string | `""` | Override the name of the chart | +| fullnameOverride | string | `""` | Override the full name of the chart | +| initContainers | list | `[]` | Init containers to run before main container | + +### Security Configuration + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| serviceAccount.create | bool | `true` | Create service account | +| serviceAccount.name | string | `""` | Service account name | +| serviceAccount.annotations | object | `{}` | Service account annotations | +| clusterRoleBinding.create | bool | `true` | Create cluster role binding | +| clusterRoleBinding.clusterRoleName | string | `"cluster-admin"` | Kubernetes ClusterRole name | +| clusterRoleBinding.annotations | object | `{}` | Cluster role binding annotations | +| podSecurityContext | object | `{}` | Pod security context (e.g., fsGroup: 2000) | +| securityContext.runAsNonRoot | bool | `true` | Run container as non-root | +| securityContext.privileged | bool | `false` | Run container in privileged mode | +| securityContext.runAsUser | int | `100` | User ID to run container | +| securityContext.runAsGroup | int | `101` | Group ID to run container | +| securityContext.capabilities | object | `{}` | Container capabilities (e.g., drop: [ALL]) | +| securityContext.readOnlyRootFilesystem | bool | `false` | Mount root filesystem as read-only | + +### Storage Configuration + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| persistentVolumeClaim.enabled | bool | `false` | Enable PVC | +| persistentVolumeClaim.annotations | object | `{}` | PVC annotations | +| persistentVolumeClaim.size | string | `""` | PVC size (required if enabled) | +| persistentVolumeClaim.storageClassName | string | `""` | Storage class name | +| persistentVolumeClaim.accessModes | list | `[]` | PVC access modes | +| persistentVolumeClaim.selector | object | `{}` | PVC selector | +| persistentVolumeClaim.volumeMode | string | `""` | PVC volume mode | +| volumeMounts | list | `[]` | Container volume mounts | +| volumes | list | `[]` | Pod volumes | + +### Network Configuration + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| service.type | string | `"ClusterIP"` | Kubernetes service type | +| service.port | int | `80` | Kubernetes service port | +| ingress.enabled | bool | `false` | Enable ingress | +| ingress.className | string | `""` | Ingress class name | +| ingress.annotations | object | `{}` | Ingress annotations (e.g., kubernetes.io/tls-acme: "true") | +| ingress.hosts | list | `[]` | Ingress hosts configuration | | ingress.tls | list | `[]` | Ingress TLS configuration | -| initContainers | list | `[]` | An optional list of init containers to be run before the main containers. | -| nameOverride | string | `""` | Overrides the name of the chart | + +Example ingress configuration: +```yaml +ingress: + enabled: true + annotations: + kubernetes.io/tls-acme: "true" + hosts: + - host: headlamp.example.com + paths: + - path: / + type: ImplementationSpecific + tls: + - secretName: headlamp-tls + hosts: + - headlamp.example.com +``` + +### Resource Management + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| resources | object | `{}` | Container resource requests/limits | | nodeSelector | object | `{}` | Node labels for pod assignment | -| persistentVolumeClaim.accessModes | list | `[]` | accessModes for the persistent volume claim, eg: ReadWriteOnce, ReadOnlyMany, ReadWriteMany etc. | -| persistentVolumeClaim.annotations | object | `{}` | Annotations to add to the persistent volume claim (if enabled) | -| persistentVolumeClaim.enabled | bool | `false` | Enable Persistent Volume Claim | -| persistentVolumeClaim.selector | object | `{}` | selector for the persistent volume claim. | -| persistentVolumeClaim.size | string | `""` | size of the persistent volume claim, eg: 10Gi. Required if enabled is true. | -| persistentVolumeClaim.storageClassName | string | `""` | storageClassName for the persistent volume claim. | -| persistentVolumeClaim.volumeMode | string | `""` | volumeMode for the persistent volume claim, eg: Filesystem, Block. | -| podAnnotations | object | `{}` | Annotations to add to the pod | -| podSecurityContext | object | `{}` | Headlamp pod's Security Context | -| replicaCount | int | `1` | Number of desired pods | -| resources | object | `{}` | CPU/Memory resource requests/limits | -| securityContext | object | `{}` | Headlamp containers Security Context | -| service.port | int | `80` | Kubernetes Service port | -| service.type | string | `"ClusterIP"` | Kubernetes Service type | -| serviceAccount.annotations | object | `{}` | Annotations to add to the service account | -| serviceAccount.create | bool | `true` | Specifies whether a service account should be created | -| serviceAccount.name | string | `""` | The name of the service account to use.(If not set and create is true, a name is generated using the fullname template) | -| tolerations | list | `[]` | Toleration labels for pod assignment | -| volumeMounts | list | `[]` | Headlamp containers volume mounts | -| volumes | list | `[]` | Headlamp pod's volumes | - - -### Headlamp Configuration - -| Key | Type | Default | Description | -|------------------------------------|--------|-----------------------|-------------------------------------------------------------------------------------------------------| -| config.baseURL | string | `""` | base url path at which headlamp should run | -| config.oidc.clientID | string | `""` | OIDC client ID | -| config.oidc.clientSecret | string | `""` | OIDC client secret | -| config.oidc.issuerURL | string | `""` | OIDC issuer URL | -| config.oidc.scopes | string | `""` | OIDC scopes to be used | -| config.oidc.secret.create | bool | `true` | Enable this option to have the chart automatically create the OIDC secret using the specified values. | -| config.oidc.secret.name | string | `oidc` | Name of the OIDC secret used by headlamp | -| config.oidc.externalSecret.enabled | bool | `false` | Enable this option if you want to use an external secret for OIDC configuration. | -| config.oidc.externalSecret.name | string | `""` | Name of the external OIDC secret to be used by headlamp. | -| config.pluginsDir | string | `"/headlamp/plugins"` | directory to look for plugins | -| config.extraArgs | array | `[]` | Extra arguments that can be given to the container | +| tolerations | list | `[]` | Pod tolerations | +| affinity | object | `{}` | Pod affinity settings | +| podAnnotations | object | `{}` | Pod annotations | +| env | list | `[]` | Additional environment variables | + +Example resource configuration: +```yaml +resources: + limits: + cpu: 100m + memory: 128Mi + requests: + cpu: 100m + memory: 128Mi +``` + +Example environment variables: +```yaml +env: + - name: KUBERNETES_SERVICE_HOST + value: "localhost" + - name: KUBERNETES_SERVICE_PORT + value: "6443" +``` + +## Links + +- [GitHub Repository](https://github.com/headlamp-k8s/headlamp) +- [Documentation](https://headlamp.dev/) +- [Maintainers](https://github.com/headlamp-k8s/headlamp/blob/main/MAINTAINERS.md)