privilegedescalation/headlamp-tns-csi-plugin
12
0
Fork 0
Code Issues 1 Pull Requests 2 Actions Packages Projects Releases 13 Wiki Activity
Files
ebff42fcb30d5d64ad310cbb7df01007fa405022
headlamp-tns-csi-plugin/docs/deployment/helm.md
T
privilegedescalation-engineer[bot] b0110e474c chore: remove E2E testing infrastructure (#50) 
* docs: update install docs to headlamp namespace (PRI-434)

- Update Helm/plugin install URLs from v0.2.4 to v1.0.0
- README: add pods/proxy RBAC scope, clarify controller is in kube-system
- docs/getting-started/*: update all download URLs to v1.0.0
- docs/deployment/helm.md: update install URLs to v1.0.0
- docs/architecture/overview.md: Headlamp Pod label → headlamp namespace
- docs/README.md: fix ArtifactHub URL
- CHANGELOG.md: add [Unreleased] entry

Note: driver/API-path references to kube-system are preserved
as they describe where the tns-csi controller workload runs,
not where Headlamp is installed.

Co-Authored-By: Paperclip <noreply@paperclip.ing>

* chore: remove E2E testing infrastructure

- Delete e2e/ directory (auth.setup.ts, tns-csi.spec.ts)
- Delete playwright.config.ts
- Delete scripts/deploy-e2e-headlamp.sh
- Delete scripts/teardown-e2e-headlamp.sh
- Delete .github/workflows/e2e.yaml
- Remove e2e script from package.json
- Remove @playwright/test dependency from package.json

Context: [PRI-1133](/PRI/issues/PRI-1133) — full E2E purge across org.

Co-Authored-By: Paperclip <noreply@paperclip.ing>

* fix: update pnpm-lock.yaml after E2E deletion

Remove @playwright/test dependencies after E2E infrastructure cleanup.
Resolves ERR_PNPM_OUTDATED_LOCKFILE on PR.

Co-Authored-By: Paperclip <noreply@paperclip.ing>

---------

Co-authored-by: Chris Farhood <chris@farhood.org>
Co-authored-by: Paperclip <noreply@paperclip.ing>
2026-05-11 20:11:07 +00:00

3.8 KiB
Raw Blame History

Deployment with Helm

Basic Helm Installation

Add the Headlamp Helm repository and deploy with the plugin configured:

helm repo add headlamp https://headlamp-k8s.github.io/headlamp/
helm repo update

helm install headlamp headlamp/headlamp \
  --namespace <your-namespace> \
  --create-namespace \
  --set config.pluginsDir=/headlamp/plugins \
  --set pluginsManager.sources[0].name=tns-csi \
  --set pluginsManager.sources[0].url=https://github.com/privilegedescalation/headlamp-tns-csi-plugin/releases/download/v1.0.0/tns-csi-1.0.0.tar.gz

Complete values.yaml Example

# headlamp-values.yaml

config:
  pluginsDir: /headlamp/plugins

pluginsManager:
  sources:
    - name: tns-csi
      url: https://github.com/privilegedescalation/headlamp-tns-csi-plugin/releases/download/v1.0.0/tns-csi-1.0.0.tar.gz

serviceAccount:
  name: headlamp

# Optional: OIDC authentication
# oidcConfig:
#   clientID: headlamp
#   clientSecret: <your-secret>
#   issuerURL: https://your-oidc-provider.example.com/
#   scopes: "openid profile email groups"

Apply:

helm install headlamp headlamp/headlamp \
  --namespace <your-namespace> \
  -f headlamp-values.yaml

FluxCD HelmRelease

apiVersion: source.toolkit.fluxcd.io/v1
kind: HelmRepository
metadata:
  name: headlamp
  namespace: <your-namespace>
spec:
  interval: 12h
  url: https://headlamp-k8s.github.io/headlamp/
---
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
  name: headlamp
  namespace: <your-namespace>
spec:
  interval: 1h
  chart:
    spec:
      chart: headlamp
      version: ">=0.26.0"
      sourceRef:
        kind: HelmRepository
        name: headlamp
        namespace: <your-namespace>
  values:
    config:
      pluginsDir: /headlamp/plugins
    pluginsManager:
      sources:
        - name: tns-csi
          url: https://github.com/privilegedescalation/headlamp-tns-csi-plugin/releases/download/v1.0.0/tns-csi-1.0.0.tar.gz

RBAC Manifest (Apply Separately)

After deploying Headlamp, apply the plugin's RBAC:

kubectl apply -f - <<'EOF'
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: headlamp-tns-csi-reader
rules:
  - apiGroups: ["storage.k8s.io"]
    resources: ["storageclasses", "csidrivers"]
    verbs: ["get", "list", "watch"]
  - apiGroups: [""]
    resources: ["persistentvolumes", "persistentvolumeclaims", "pods"]
    verbs: ["get", "list", "watch"]
  - apiGroups: [""]
    resources: ["pods/log", "pods/proxy"]
    verbs: ["get"]
  - apiGroups: ["snapshot.storage.k8s.io"]
    resources: ["volumesnapshots", "volumesnapshotclasses"]
    verbs: ["get", "list", "watch"]
  # Uncomment for Benchmark page:
  # - apiGroups: ["batch"]
  #   resources: ["jobs"]
  #   verbs: ["get", "list", "watch", "create", "delete"]
  # - apiGroups: [""]
  #   resources: ["persistentvolumeclaims"]
  #   verbs: ["create", "delete"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: headlamp-tns-csi
subjects:
  - kind: ServiceAccount
    name: headlamp
    namespace: <your-namespace>
roleRef:
  kind: ClusterRole
  name: headlamp-tns-csi-reader
  apiGroup: rbac.authorization.k8s.io
EOF

Upgrading the Plugin

To upgrade to a new plugin version, update the url in your values and apply:

helm upgrade headlamp headlamp/headlamp \
  --namespace <your-namespace> \
  -f headlamp-values.yaml

Or update the FluxCD HelmRelease and let Flux reconcile.

Production Checklist

  • Headlamp v0.20+ deployed
  • Plugin installed and sidebar entry visible
  • RBAC ClusterRole and ClusterRoleBinding applied
  • tns-csi driver installed in kube-system with standard labels
  • Controller pod exposes port 8080 for Prometheus metrics
  • Headlamp accessible via HTTPS
  • (Optional) Snapshot CRD installed for Snapshots tab
  • (Optional) Benchmark namespace created and write RBAC applied
Reference in New Issue View Git Blame Copy Permalink