Add support for Headlamp dashboard for kubernetes; deprecate legacy kubernetes dashboard by Pearl1594 · Pull Request #12776 · apache/cloudstack

Pearl1594 · 2026-03-10T04:16:50Z

Description

This PR fixes: #12728

Types of changes

Breaking change (fix or feature that would cause existing functionality to change)
New feature (non-breaking change which adds functionality)
Bug fix (non-breaking change which fixes an issue)
Enhancement (improves an existing feature and functionality)
Cleanup (Code refactoring and cleanup, that may add test cases)
Build/CI
Test (unit or integration test code)

Feature/Enhancement Scale or Bug Severity

Feature/Enhancement Scale

Major
Minor

Screenshots (if appropriate):

How Has This Been Tested?

How did you try to break this feature and the system with this change?

…ubernetes dashboard

codecov · 2026-03-10T04:21:11Z

Codecov Report

❌ Patch coverage is 0% with 7 lines in your changes missing coverage. Please review.
✅ Project coverage is 17.92%. Comparing base (74af9b9) to head (887317e).
⚠️ Report is 29 commits behind head on main.

Files with missing lines	Patch %	Lines
...ubernetes/cluster/utils/KubernetesClusterUtil.java	0.00%	7 Missing ⚠️

Additional details and impacted files

@@            Coverage Diff            @@
##               main   #12776   +/-   ##
=========================================
  Coverage     17.92%   17.92%           
- Complexity    16176    16179    +3     
=========================================
  Files          5949     5949           
  Lines        534058   534063    +5     
  Branches      65301    65303    +2     
=========================================
+ Hits          95742    95751    +9     
+ Misses       427560   427555    -5     
- Partials      10756    10757    +1

Flag	Coverage Δ
uitests	`3.66% <ø> (ø)`
unittests	`19.03% <0.00%> (+<0.01%)`	⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

weizhouapache · 2026-03-10T07:34:06Z

Hi @Pearl1594
do we need to change the access tab on UI ?

it mentions the creation of token for Kubernetes dashboard
will we create token during k8s setup (if so, UI needs to be updated) , or leave to user to do (if so, scripts needs to be updated) ?

kiranchavala · 2026-03-10T10:57:52Z

Hi @Pearl1594 do we need to change the access tab on UI ?

it mentions the creation of token for Kubernetes dashboard will we create token during k8s setup (if so, UI needs to be updated) , or leave to user to do (if so, scripts needs to be updated) ?

yes the text needs to be updated

https://headlamp.dev/docs/latest/installation/

cc @Pearl1594

Pearl1594 · 2026-03-10T11:08:56Z

Hi @Pearl1594 do we need to change the access tab on UI ?

it mentions the creation of token for Kubernetes dashboard will we create token during k8s setup (if so, UI needs to be updated) , or leave to user to do (if so, scripts needs to be updated) ?

Yes @weizhouapache it requires change in text, this PR isn't ready yet for review - work in progress.

weizhouapache · 2026-03-10T11:14:40Z

Hi @Pearl1594 do we need to change the access tab on UI ?
it mentions the creation of token for Kubernetes dashboard will we create token during k8s setup (if so, UI needs to be updated) , or leave to user to do (if so, scripts needs to be updated) ?

Yes @weizhouapache it requires change in text, this PR isn't ready yet for review - work in progress.

thanks @Pearl1594

it would be better consider that some users still use the old CKS ISOs which have old kubernetes dashboard bundled.

Pearl1594 · 2026-03-10T17:24:36Z

@weizhouapache @kiranchavala

Updated Access details:

sonarqubecloud · 2026-03-10T18:26:57Z

Quality Gate passed

Issues
1 New issue
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

kiranchavala · 2026-03-16T05:37:15Z

@blueorangutan package

blueorangutan · 2026-03-16T05:38:04Z

@kiranchavala a [SL] Jenkins job has been kicked to build packages. It will be bundled with no SystemVM templates. I'll keep you posted as I make progress.

blueorangutan · 2026-03-16T06:33:18Z

Packaging result [SF]: ✔️ el8 ✔️ el9 ✔️ el10 ✔️ debian ✔️ suse15. SL-JID 17151

sureshanaparti · 2026-03-17T18:05:18Z

@Pearl1594 is it good for 4.22.1? if so, can you re-target this to 4.22.

Copilot

Pull request overview

This PR updates CloudStack’s Kubernetes integration and UI guidance to prefer the Headlamp dashboard for newly provisioned Kubernetes clusters, while retaining compatibility with the legacy Kubernetes Dashboard for older clusters.

Changes:

Update the Kubernetes cluster UI “Dashboard” instructions to include Headlamp access/token creation steps and keep legacy dashboard steps.
Update the Kubernetes binaries ISO creation script to fetch the Headlamp manifest (by version) and include it in the ISO image list processing.
Update control-node provisioning and server-side readiness checks to install/recognize Headlamp (with fallback to legacy Kubernetes Dashboard).

Reviewed changes

Copilot reviewed 4 out of 4 changed files in this pull request and generated 4 comments.

File	Description
ui/src/views/compute/KubernetesServiceTab.vue	Adds Headlamp + legacy dashboard access/token guidance in the Kubernetes cluster UI tab.
scripts/util/create-kubernetes-binaries-iso.sh	Switches ISO dashboard asset from a Dashboard YAML URL to a Headlamp manifest version and bundles headlamp.yaml.
plugins/integrations/kubernetes-service/src/main/resources/conf/k8s-control-node.yml	Installs headlamp.yaml when present (fallback to dashboard.yaml) and uses Headlamp by default for online installs.
plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/utils/KubernetesClusterUtil.java	Extends dashboard readiness checks to detect Headlamp first, then legacy dashboard.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

You can also share your feedback on Copilot code review. Take the survey.

plugins/integrations/kubernetes-service/src/main/resources/conf/k8s-control-node.yml

+          /opt/bin/kubectl create rolebinding admin-binding --role=admin --user=admin || true
+          /opt/bin/kubectl create clusterrolebinding cluster-admin-binding --clusterrole=cluster-admin --user=admin || true


plugins/integrations/kubernetes-service/src/main/resources/conf/k8s-control-node.yml

+        /opt/bin/kubectl create serviceaccount headlamp-admin -n kube-system || true
+        /opt/bin/kubectl create clusterrolebinding headlamp-admin --clusterrole=cluster-admin --serviceaccount=kube-system:headlamp-admin || true


ui/src/views/compute/KubernetesServiceTab.vue

+          <p><strong>Note:</strong> CloudStack Kubernetes clusters use <strong>Headlamp</strong> dashboard (deployed in <code>kube-system</code> namespace). For backward compatibility with older clusters using Kubernetes Dashboard, please check your cluster configuration.</p>
          <a-timeline>
            <a-timeline-item>
              <p>
-                {{ $t('label.run.proxy.locally') }}<br><br>
-                <code><b>kubectl --kubeconfig /custom/path/kube.conf proxy</b></code>
+                <strong>Access Headlamp Dashboard (new clusters)</strong><br><br>
+                <strong>Step 1:</strong> Run port-forward command:<br>
+                <code><b>kubectl --kubeconfig /custom/path/kube.conf port-forward -n kube-system service/headlamp 8080:80</b></code><br><br>
+                <strong>Step 2:</strong> Open in your browser:<br>
+                <a href="http://localhost:8080"><code>http://localhost:8080</code></a>
              </p>
            </a-timeline-item>
            <a-timeline-item>
              <p>
-                {{ $t('label.open.url') }}<br><br>
+                <strong>Access Kubernetes Dashboard (legacy clusters)</strong><br><br>
+                <strong>Step 1:</strong> {{ $t('label.run.proxy.locally') }}<br>
+                <code><b>kubectl --kubeconfig /custom/path/kube.conf proxy</b></code><br><br>
+                <strong>Step 2:</strong> {{ $t('label.open.url') }}<br>
                <a href="http://localhost:8001/api/v1/namespaces/kubernetes-dashboard/services/https:kubernetes-dashboard:/proxy/"><code>http://localhost:8001/api/v1/namespaces/kubernetes-dashboard/services/https:kubernetes-dashboard:/proxy/</code></a>
              </p>
            </a-timeline-item>
            <a-timeline-item>
+              <p>
+                <strong>Create Access Token for Headlamp (new clusters)</strong>
+              </p>
              <p v-html="$t('label.kubernetes.dashboard.create.token')"></p>
              <p v-html="$t('label.kubernetes.dashboard.create.token.desc')"></p>
-              <a-textarea :value="'kubectl --kubeconfig /custom/path/kube.conf apply -f - <<EOF\napiVersion: v1\nkind: ServiceAccount\nmetadata:\n  name: kubernetes-dashboard-admin-user\n  namespace: kubernetes-dashboard\n---\napiVersion: rbac.authorization.k8s.io/v1\nkind: ClusterRoleBinding\nmetadata:\n  name: kubernetes-dashboard-admin-user\nroleRef:\n  apiGroup: rbac.authorization.k8s.io\n  kind: ClusterRole\n  name: cluster-admin\nsubjects:\n- kind: ServiceAccount\n  name: kubernetes-dashboard-admin-user\n  namespace: kubernetes-dashboard\n---\napiVersion: v1\nkind: Secret\ntype: kubernetes.io/service-account-token\nmetadata:\n  name: kubernetes-dashboard-token\n  namespace: kubernetes-dashboard\n  annotations:\n    kubernetes.io/service-account.name: kubernetes-dashboard-admin-user\nEOF'" :rows="10" readonly />
+              <a-textarea :value="'kubectl --kubeconfig /custom/path/kube.conf apply -f - <<EOF\napiVersion: v1\nkind: ServiceAccount\nmetadata:\n  name: headlamp-admin\n  namespace: kube-system\n---\napiVersion: rbac.authorization.k8s.io/v1\nkind: ClusterRoleBinding\nmetadata:\n  name: headlamp-admin\nroleRef:\n  apiGroup: rbac.authorization.k8s.io\n  kind: ClusterRole\n  name: cluster-admin\nsubjects:\n- kind: ServiceAccount\n  name: headlamp-admin\n  namespace: kube-system\n---\napiVersion: v1\nkind: Secret\ntype: kubernetes.io/service-account-token\nmetadata:\n  name: headlamp-admin-token\n  namespace: kube-system\n  annotations:\n    kubernetes.io/service-account.name: headlamp-admin\nEOF'" :rows="12" readonly />


scripts/util/create-kubernetes-binaries-iso.sh

+HEADLAMP_DASHBOARD_URL="https://raw.githubusercontent.com/kubernetes-sigs/headlamp/v${HEADLAMP_DASHBOARD_VERSION}/kubernetes-headlamp.yaml"
+echo "Downloading Headlamp manifest from ${HEADLAMP_DASHBOARD_URL}"
+headlamp_conf_file="${working_dir}/headlamp.yaml"
+curl -sSL ${HEADLAMP_DASHBOARD_URL} -o ${headlamp_conf_file}


kiranchavala

LGTM

Generated a CKS iso with headlamp

./create-kubernetes-binaries-iso.sh ./ 1.33.1 1.7.1 1.33.0 https://raw.githubusercontent.com/projectcalico/calico/v3.30.0/manifests/calico.yaml 0.40.1 setupheadlamp-v1.33.1 amd64

Registered the iso
Created a cks cluster with the iso
CKS Cluster deployed successfull with text containing headlamp

Access the Headlamp dashboard via token

╰─ k --kubeconfig /Users/kiranchavala/Desktop/kube.conf get deployments.apps -A
NAMESPACE     NAME                       READY   UP-TO-DATE   AVAILABLE   AGE
kube-system   calico-kube-controllers    1/1     1            1           43m
kube-system   cloud-controller-manager   1/1     1            1           43m
kube-system   coredns                    2/2     2            2           43m
kube-system   headlamp                   1/1     1            1           43m
╭─ ~                                                                                                                                        ✔ ╱ kubernetes-admin@kubernetes 󱃾 ╱ 04:01:14 PM
╰─ k --kubeconfig /Users/kiranchavala/Desktop/kube.conf get pods -A
NAMESPACE     NAME                                                        READY   STATUS    RESTARTS   AGE
kube-system   calico-kube-controllers-7bfdc5b57c-855xd                    1/1     Running   0          43m
kube-system   calico-node-57mvt                                           1/1     Running   0          43m
kube-system   calico-node-c4sz8                                           1/1     Running   0          43m
kube-system   cloud-controller-manager-6887fc69c8-l7bld                   1/1     Running   0          43m
kube-system   coredns-674b8bbfcf-dz86k                                    1/1     Running   0          43m
kube-system   coredns-674b8bbfcf-sdtml                                    1/1     Running   0          43m
kube-system   etcd-test-headlamp-control-19d1a14b04a                      1/1     Running   0          44m
kube-system   headlamp-747b5f4d5-vgq64                                    1/1     Running   0          43m
kube-system   kube-apiserver-test-headlamp-control-19d1a14b04a            1/1     Running   0          43m
kube-system   kube-controller-manager-test-headlamp-control-19d1a14b04a   1/1     Running   0          43m
kube-system   kube-proxy-kq2gw                                            1/1     Running   0          43m
kube-system   kube-proxy-srkpd                                            1/1     Running   0          43m
kube-system   kube-scheduler-test-headlamp-control-19d1a14b04a            1/1     Running   0          43m

kiranchavala · 2026-03-23T10:06:49Z

@blueorangutan test

blueorangutan · 2026-03-23T10:08:04Z

@kiranchavala a [SL] Trillian-Jenkins test job (ol8 mgmt + kvm-ol8) has been kicked to run smoke tests

weizhouapache

code lgtm

blueorangutan · 2026-03-24T02:11:13Z

[SF] Trillian test result (tid-15715)
Environment: kvm-ol8 (x2), zone: Advanced Networking with Mgmt server ol8
Total time taken: 54793 seconds
Marvin logs: https://github.com/blueorangutan/acs-prs/releases/download/trillian/pr12776-t15715-kvm-ol8.zip
Smoke tests completed. 146 look OK, 4 have errors, 0 did not run
Only failed and skipped tests results shown below:

Test	Result	Time (s)	Test File
ContextSuite context=TestListIdsParams>:teardown	`Error`	1.17	test_list_ids_parameter.py
test_01_snapshot_root_disk	`Error`	4.21	test_snapshots.py
test_02_list_snapshots_with_removed_data_store	`Error`	47.11	test_snapshots.py
test_02_list_snapshots_with_removed_data_store	`Error`	47.11	test_snapshots.py
ContextSuite context=TestSnapshotStandaloneBackup>:teardown	`Error`	29.30	test_snapshots.py
test_01_snapshot_usage	`Error`	22.91	test_usage.py
test_01_vpn_usage	`Error`	1.10	test_usage.py
test_01_redundant_vpc_site2site_vpn	`Failure`	394.14	test_vpc_vpn.py

DaanHoogland · 2026-03-25T16:23:40Z

@Pearl1594 is this ready?

Pearl1594 · 2026-03-25T16:26:59Z

I believe it's ready @DaanHoogland - however, personally, I only tested it with headlamp, but didn't test backward compatibility, i.e., for existing isos with legacy k8s dashboard if it works correctly.
@kiranchavala did you test this as part of verification, or I can test it.

kiranchavala · 2026-03-30T11:07:39Z

I believe it's ready @DaanHoogland - however, personally, I only tested it with headlamp, but didn't test backward compatibility, i.e., for existing isos with legacy k8s dashboard if it works correctly. @kiranchavala did you test this as part of verification, or I can test it.

@Pearl1594 @DaanHoogland

Tested the old legacy dashboard with the iso https://download.cloudstack.org/cks/setup-v1.33.1-calico-x86_64.iso

The old dashboard works fine

Also deployed headlamp dashboard on cks cluster deployed with old iso (https://download.cloudstack.org/cks/setup-v1.33.1-calico-x86_64.iso) >> works fine

DaanHoogland · 2026-03-30T11:52:28Z

@Pearl1594 , will you allow us to merge now ;)

Pearl1594 · 2026-03-30T13:51:32Z

Thanks @kiranchavala - all good @DaanHoogland ready to merge

Add support for Headlamp dashboard for kubernetes; deprecate legacy k…

7db663b

…ubernetes dashboard

boring-cyborg bot added component:kubernetes component:UI labels Mar 10, 2026

kiranchavala self-assigned this Mar 10, 2026

follow similar steps to legacy k8s dashboard and update access notes

887317e

Pearl1594 changed the title ~~[WIP] Add support for Headlamp dashboard for kubernetes; deprecate legacy kubernetes dashboard~~ Add support for Headlamp dashboard for kubernetes; deprecate legacy kubernetes dashboard Mar 10, 2026

sureshanaparti added the status:needs-testing label Mar 17, 2026

sureshanaparti requested a review from Copilot March 17, 2026 18:05

Copilot started reviewing on behalf of sureshanaparti March 17, 2026 18:06 View session

Copilot AI reviewed Mar 17, 2026

View reviewed changes

kiranchavala approved these changes Mar 23, 2026

View reviewed changes

kiranchavala removed the status:needs-testing label Mar 23, 2026

weizhouapache approved these changes Mar 23, 2026

View reviewed changes

Pearl1594 marked this pull request as ready for review March 30, 2026 13:51

DaanHoogland merged commit 18075ae into main Mar 30, 2026
41 of 56 checks passed

DaanHoogland deleted the ghi12728-headlamp-k8s branch March 30, 2026 14:04

DaanHoogland added this to the 4.23.0 milestone Mar 30, 2026

		/opt/bin/kubectl create rolebinding admin-binding --role=admin --user=admin \|\| true
		/opt/bin/kubectl create clusterrolebinding cluster-admin-binding --clusterrole=cluster-admin --user=admin \|\| true

		/opt/bin/kubectl create serviceaccount headlamp-admin -n kube-system \|\| true
		/opt/bin/kubectl create clusterrolebinding headlamp-admin --clusterrole=cluster-admin --serviceaccount=kube-system:headlamp-admin \|\| true

Conversation

Pearl1594 commented Mar 10, 2026

Description

Types of changes

Feature/Enhancement Scale or Bug Severity

Feature/Enhancement Scale

Screenshots (if appropriate):

How Has This Been Tested?

How did you try to break this feature and the system with this change?

Uh oh!

codecov bot commented Mar 10, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Codecov Report

Uh oh!

weizhouapache commented Mar 10, 2026

Uh oh!

kiranchavala commented Mar 10, 2026

Uh oh!

Pearl1594 commented Mar 10, 2026

Uh oh!

weizhouapache commented Mar 10, 2026

Uh oh!

Pearl1594 commented Mar 10, 2026

Uh oh!

sonarqubecloud bot commented Mar 10, 2026

Quality Gate passed

Uh oh!

kiranchavala commented Mar 16, 2026

Uh oh!

blueorangutan commented Mar 16, 2026

Uh oh!

blueorangutan commented Mar 16, 2026

Uh oh!

sureshanaparti commented Mar 17, 2026

Uh oh!

Copilot AI left a comment

Choose a reason for hiding this comment

Pull request overview

Reviewed changes

Uh oh!

kiranchavala left a comment • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Choose a reason for hiding this comment

Uh oh!

kiranchavala commented Mar 23, 2026

Uh oh!

blueorangutan commented Mar 23, 2026

Uh oh!

weizhouapache left a comment

Choose a reason for hiding this comment

Uh oh!

blueorangutan commented Mar 24, 2026

Uh oh!

DaanHoogland commented Mar 25, 2026

Uh oh!

Pearl1594 commented Mar 25, 2026

Uh oh!

kiranchavala commented Mar 30, 2026

Uh oh!

DaanHoogland commented Mar 30, 2026

Uh oh!

Pearl1594 commented Mar 30, 2026

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

7 participants

codecov bot commented Mar 10, 2026 •

edited

Loading

kiranchavala left a comment •

edited

Loading