privilegedescalation/headlamp-polaris-plugin
12
0
Fork 0
Code Issues 4 Pull Requests 3 Actions Packages Projects Releases 50 Wiki Activity
Files
dev
headlamp-polaris-plugin/docs/getting-started/installation.md
T
privilegedescalation-ceo[bot] e2ae92648c docs: replace hardcoded namespace with <your-namespace> placeholder 
* docs: update Headlamp install namespace references from kube-system to headlamp

Updates all documentation references to the Headlamp install namespace
from kube-system to headlamp as part of PRI-433.

In-scope files updated:
- README.md, SECURITY.md
- docs/getting-started/installation.md, quick-start.md, prerequisites.md
- docs/deployment/helm.md, kubernetes.md, production.md
- docs/troubleshooting/README.md, common-issues.md, rbac-issues.md
- docs/user-guide/configuration.md, rbac-permissions.md
- docs/TESTING.md, TROUBLESHOOTING.md, DEPLOYMENT.md

Out-of-scope (unchanged):
- Source files referencing upstream workload namespace
- RBAC manifests describing Polaris namespace (polaris ns is unchanged)
- NetworkPolicy namespaceSelector (API server runs in kube-system)
- design-decisions.md and ARCHITECTURE.md (URL hashes refer to cluster namespaces, not Headlamp install ns)

Co-Authored-By: Paperclip <noreply@paperclip.ing>

* fix: correct RBAC manifest per QA review (PRI-555)

- Remove rbac.authorization.k8s.io privilege escalation block
- Fix orphaned comment from round 1
- Add EOF newline
- Keep serviceaccounts/token for E2E auth (confirmed needed)
- Namespace already correct (privilegedescalation-dev)

Co-Authored-By: Paperclip <noreply@paperclip.ing>

* docs: replace hardcoded namespace with <your-namespace> placeholder

Users choose their own namespace for Headlamp. Replace all hardcoded
namespace references (headlamp, kube-system) in user-facing docs with
<your-namespace> so users substitute their own value.

Conventions:
- Helm install: --namespace <your-namespace> --create-namespace
- kubectl commands: -n <your-namespace>
- YAML metadata: namespace: <your-namespace>
- Prose: "the namespace where Headlamp is installed"

Out-of-scope references left untouched:
- kube-system in NetworkPolicy selectors (API server namespace)
- polaris namespace references (upstream workload namespace)
- Source code and test files

Refs: PRI-433

Co-Authored-By: Paperclip <noreply@paperclip.ing>

* docs: fix remaining hardcoded headlamp namespace to <your-namespace> placeholder

Prior commit was inconsistent — some files used <your-namespace> while
DEPLOYMENT.md, TROUBLESHOOTING.md and several troubleshooting/user-guide
docs still hardcoded headlamp as the namespace.

Co-Authored-By: Paperclip <noreply@paperclip.ing>

---------

Co-authored-by: Chris Farhood <chris@farhood.org>
Co-authored-by: Paperclip <noreply@paperclip.ing>
2026-05-10 21:34:49 +00:00

423 lines
10 KiB
Markdown
Raw Permalink Blame History

# Installation Guide
This guide covers all installation methods for the Headlamp Polaris Plugin.
## Table of Contents
- [Prerequisites](#prerequisites)
- [Installation Methods](#installation-methods)
- [Option 1: Plugin Manager (Recommended)](#option-1-plugin-manager-recommended)
- [Option 2: Sidecar Container](#option-2-sidecar-container)
- [Option 3: Manual Tarball](#option-3-manual-tarball)
- [Option 4: Build from Source](#option-4-build-from-source)
- [Post-Installation](#post-installation)
- [Troubleshooting](#troubleshooting)
## Prerequisites
Before installation, ensure all [prerequisites](prerequisites.md) are met:
- Kubernetes v1.24+
- Headlamp v0.26+ (v0.39+ recommended)
- Polaris deployed with dashboard enabled
- RBAC permissions configured
## Installation Methods
### Option 1: Plugin Manager (Recommended)
**Best for:** Production deployments, managed updates, ease of use
The plugin is published on [Artifact Hub](https://artifacthub.io/packages/headlamp/polaris/headlamp-polaris-plugin) and can be installed via the Headlamp Plugin Manager.
#### Via Headlamp UI
1. **Navigate to Plugin Settings:**
- Open Headlamp in your browser
- Go to **Settings → Plugins**
- Click the **Catalog** tab
2. **Search and Install:**
- Search for "Polaris"
- Find "Headlamp Polaris Plugin"
- Click **Install**
3. **Hard Refresh Browser:**
- **Mac:** Cmd+Shift+R
- **Windows/Linux:** Ctrl+Shift+R
4. **Verify Installation:**
- Sidebar should show "Polaris" entry
- Click **Polaris** → Overview page loads
#### Via Helm Configuration
Add to your Headlamp Helm values:
```yaml
# headlamp-values.yaml
config:
pluginsDir: /headlamp/plugins
pluginsManager:
enabled: true
repositories:
- https://artifacthub.io/packages/search?kind=4
```
Deploy or update Headlamp:
```bash
helm upgrade --install headlamp headlamp/headlamp \
--namespace <your-namespace> \
--values headlamp-values.yaml
```
Then install the plugin via Headlamp UI as described above.
### Option 2: Sidecar Container
**Best for:** Controlled plugin versions, air-gapped environments, specific version pinning
This method uses an init container to download and install the plugin from a tarball URL.
#### Helm Values Configuration
```yaml
# headlamp-values.yaml
config:
pluginsDir: /headlamp/plugins
initContainers:
- name: install-polaris-plugin
image: node:lts-alpine
command:
- sh
- -c
- |
npm install -g @kinvolk/headlamp-plugin
headlamp-plugin install --config /config/plugin.yml --plugins-dir /plugins
volumeMounts:
- name: plugins
mountPath: /plugins
- name: plugin-config
mountPath: /config
volumes:
- name: plugins
emptyDir: {}
- name: plugin-config
configMap:
name: headlamp-plugin-config
```
#### Plugin Configuration ConfigMap
```yaml
---
apiVersion: v1
kind: ConfigMap
metadata:
name: headlamp-plugin-config
namespace: <your-namespace>
data:
plugin.yml: |
- name: headlamp-polaris-plugin
version: 0.3.5
url: https://github.com/privilegedescalation/headlamp-polaris-plugin/releases/download/v0.3.10/polaris-0.3.10.tar.gz
```
#### Apply Configuration
```bash
# Create ConfigMap
kubectl apply -f headlamp-plugin-config.yaml
# Deploy/update Headlamp with sidecar
helm upgrade --install headlamp headlamp/headlamp \
--namespace <your-namespace> \
--values headlamp-values.yaml
# Wait for pod to be ready
kubectl -n <your-namespace> wait --for=condition=ready pod -l app.kubernetes.io/name=headlamp --timeout=300s
# Verify plugin files
kubectl -n <your-namespace> exec -it deployment/headlamp -c headlamp -- ls -la /headlamp/plugins/headlamp-polaris-plugin/
# Expected output:
# drwxr-xr-x dist/
# -rw-r--r-- package.json
```
### Option 3: Manual Tarball
**Best for:** Testing specific versions, offline installations
Download the plugin tarball and extract it into Headlamp's plugin directory.
#### Download and Extract
```bash
# Download latest release
VERSION=0.3.5
wget https://github.com/privilegedescalation/headlamp-polaris-plugin/releases/download/v${VERSION}/headlamp-polaris-plugin-${VERSION}.tar.gz
# Extract to plugin directory
tar xzf headlamp-polaris-plugin-${VERSION}.tar.gz -C /headlamp/plugins/
# Verify extraction
ls -la /headlamp/plugins/headlamp-polaris-plugin/
# Expected output:
# drwxr-xr-x dist/
# -rw-r--r-- package.json
```
#### Kubernetes Volume Mount
If Headlamp runs in Kubernetes, mount the plugin directory as a volume:
```yaml
# headlamp-values.yaml
config:
pluginsDir: /plugins
volumes:
- name: plugins
hostPath:
path: /path/to/plugins # Where you extracted the tarball
type: Directory
volumeMounts:
- name: plugins
mountPath: /plugins
readOnly: true
```
**Note:** This method is not recommended for production (hostPath is node-specific).
### Option 4: Build from Source
**Best for:** Development, contributing, testing unreleased features
Clone the repository and build the plugin from source.
#### Clone and Build
```bash
# Clone repository
git clone https://github.com/privilegedescalation/headlamp-polaris-plugin.git
cd headlamp-polaris-plugin
# Install dependencies
npm install
# Build plugin
npm run build
# Package tarball (optional)
npm run package
# Extract to Headlamp plugin directory
npx @kinvolk/headlamp-plugin extract . /headlamp/plugins
```
#### Development Mode (Hot Reload)
For active development with hot reload:
```bash
# Start Headlamp with plugin hot reload
npm start
# Opens Headlamp at http://localhost:4466
# Changes to src/ automatically rebuild and reload
```
See [Development Workflow](../development/workflow.md) for detailed development setup.
## Post-Installation
After installing the plugin via any method:
### 1. Configure RBAC
Apply RBAC permissions for the plugin to access Polaris:
```bash
# Create polaris-plugin-rbac.yaml
cat <<EOF | kubectl apply -f -
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: polaris-proxy-reader
namespace: polaris
rules:
- apiGroups: [""]
resources: ["services/proxy"]
resourceNames: ["polaris-dashboard"]
verbs: ["get"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: headlamp-polaris-proxy
namespace: polaris
subjects:
- kind: ServiceAccount
name: headlamp
namespace: <your-namespace>
roleRef:
kind: Role
name: polaris-proxy-reader
apiGroup: rbac.authorization.k8s.io
EOF
```
See [RBAC Permissions](../user-guide/rbac-permissions.md) for detailed RBAC configuration.
### 2. Restart Headlamp (if needed)
```bash
# If you updated Helm values or ConfigMaps
kubectl -n <your-namespace> rollout restart deployment/headlamp
# Wait for pod to be ready
kubectl -n <your-namespace> wait --for=condition=ready pod -l app.kubernetes.io/name=headlamp --timeout=300s
```
### 3. Clear Browser Cache
**Critical:** Hard refresh your browser to load the new plugin JavaScript:
- **Mac:** Cmd+Shift+R
- **Windows/Linux:** Ctrl+Shift+R
### 4. Verify Installation
**UI Verification:**
1. Navigate to **Settings → Plugins**
2. Verify "headlamp-polaris-plugin" is listed
3. Check version matches installed version
4. Verify **Polaris** appears in sidebar
5. Click **Polaris** → Overview page loads
6. Cluster score displays correctly
**CLI Verification:**
```bash
# Verify plugin files exist
kubectl -n <your-namespace> exec -it deployment/headlamp -c headlamp -- ls -la /headlamp/plugins/headlamp-polaris-plugin/
# Expected output:
# drwxr-xr-x dist/
# -rw-r--r-- package.json
# Check Headlamp logs for errors
kubectl -n <your-namespace> logs deployment/headlamp | grep -i polaris
# Expected: No errors related to plugin loading
# Test Polaris API access
kubectl get --raw /api/v1/namespaces/polaris/services/polaris-dashboard:80/proxy/results.json | jq .PolarisOutputVersion
# Expected: "1.0" or similar
```
## Troubleshooting
### Plugin Not in Sidebar
**Symptom:** Plugin listed in Settings → Plugins but no "Polaris" entry in sidebar
**Causes:**
1. Browser cache not cleared
2. Plugin JavaScript failed to load
3. Plugin files not properly installed
**Solution:**
```bash
# 1. Verify plugin files exist
kubectl -n <your-namespace> exec deployment/headlamp -c headlamp -- \
ls -la /headlamp/plugins/headlamp-polaris-plugin/
# Expected: dist/, package.json present
# 2. Check Headlamp logs for plugin errors
kubectl -n <your-namespace> logs deployment/headlamp | grep -i polaris
# 3. Hard refresh browser (Cmd+Shift+R or Ctrl+Shift+R)
# 4. Check browser console for JavaScript errors
# Open DevTools → Console tab
```
### 403 Forbidden Error
**Symptom:** Error loading Polaris data, 403 in browser console
**Cause:** RBAC permissions missing or incorrect
**Solution:**
See [RBAC Issues](../troubleshooting/rbac-issues.md) for detailed debugging.
### 404 Not Found Error
**Symptom:** Error loading Polaris data, 404 in browser console
**Causes:**
1. Polaris not deployed
2. Polaris service name incorrect
3. Polaris namespace incorrect
**Solution:**
```bash
# Verify Polaris deployment
kubectl -n polaris get pods
kubectl -n polaris get svc polaris-dashboard
# If service doesn't exist, install Polaris:
helm install polaris fairwinds-stable/polaris \
--namespace polaris \
--create-namespace \
--set dashboard.enabled=true
```
### Plugin Version Mismatch
**Symptom:** Settings shows old version, ArtifactHub shows new version
**Cause:** ArtifactHub sync delay (30 minutes) or plugin manager cache
**Solution:**
```bash
# Wait 30 minutes for ArtifactHub sync
# Or manually force Headlamp restart:
kubectl -n <your-namespace> rollout restart deployment/headlamp
```
## Next Steps
- **[Quick Start](quick-start.md)** - Get up and running in 5 minutes
- **[Configuration](../user-guide/configuration.md)** - Customize refresh intervals, dashboard URLs
- **[Features](../user-guide/features.md)** - Learn about all plugin features
- **[Troubleshooting](../troubleshooting/README.md)** - Comprehensive troubleshooting guide
## References
- [Headlamp Plugin Documentation](https://headlamp.dev/docs/latest/development/plugins/)
- [Headlamp Helm Chart](https://github.com/headlamp-k8s/headlamp/tree/main/charts/headlamp)
- [Polaris Installation](https://polaris.docs.fairwinds.com/infrastructure-as-code/)
- [Artifact Hub Package](https://artifacthub.io/packages/headlamp/polaris/headlamp-polaris-plugin)
Reference in New Issue View Git Blame Copy Permalink