Add custom API server endpoint configuration

Copilot · illume · Copilot · commit 01db26c6a3d1 · 2026-02-07T19:41:55.000Z
- Added APIServerEndpoint field to backend config
- Added --api-server-endpoint CLI flag and environment variable support
- Updated GetInClusterContext to accept and use custom endpoint
- Added Helm chart value config.apiServerEndpoint
- Updated deployment template to pass value as argument

Co-authored-by: illume &lt;9541+illume@users.noreply.github.com&gt;
diff --git a/backend/cmd/headlamp.go b/backend/cmd/headlamp.go
@@ -434,7 +434,8 @@ func createHeadlampHandler(config *HeadlampConfig) http.Handler {
 			config.OidcClientID, config.OidcClientSecret,
 			strings.Join(config.OidcScopes, ","),
 			config.OidcSkipTLSVerify,
-			config.OidcCACert)
+			config.OidcCACert,
+			config.APIServerEndpoint)
 		if err != nil {
 			logger.Log(logger.LevelError, nil, err, "Failed to get in-cluster context")
 		}
diff --git a/backend/cmd/server.go b/backend/cmd/server.go
@@ -82,6 +82,7 @@ func buildHeadlampCFG(conf *config.Config, kubeConfigStore kubeconfig.ContextSto
 	return &headlampconfig.HeadlampCFG{
 		UseInCluster:          conf.InCluster,
 		InClusterContextName:  conf.InClusterContextName,
+		APIServerEndpoint:     conf.APIServerEndpoint,
 		KubeConfigPath:        conf.KubeConfigPath,
 		SkippedKubeContexts:   conf.SkippedKubeContexts,
 		ListenAddr:            conf.ListenAddr,
diff --git a/backend/pkg/config/config.go b/backend/pkg/config/config.go
@@ -35,6 +35,7 @@ type Config struct {
 	Version              bool   `koanf:"version"`
 	InCluster            bool   `koanf:"in-cluster"`
 	InClusterContextName string `koanf:"in-cluster-context-name"`
+	APIServerEndpoint    string `koanf:"api-server-endpoint"`
 	DevMode              bool   `koanf:"dev"`
 	InsecureSsl          bool   `koanf:"insecure-ssl"`
 	LogLevel             string `koanf:"log-level"`
@@ -415,6 +416,7 @@ func addGeneralFlags(f *flag.FlagSet) {
 	f.Bool("version", false, "Print version information and exit")
 	f.Bool("in-cluster", false, "Set when running from a k8s cluster")
 	f.String("in-cluster-context-name", "main", "Name to use for the in-cluster Kubernetes context")
+	f.String("api-server-endpoint", "", "Custom Kubernetes API server endpoint (overrides default in-cluster endpoint)")
 	f.Bool("dev", false, "Allow connections from other origins")
 	f.Bool("cache-enabled", false, "K8s cache in backend")
 	f.Bool("no-browser", false, "Disable automatically opening the browser when using embedded frontend")
diff --git a/backend/pkg/headlampconfig/headlampConfig.go b/backend/pkg/headlampconfig/headlampConfig.go
@@ -41,6 +41,7 @@ type HeadlampConfig struct {
 type HeadlampCFG struct {
 	UseInCluster          bool
 	InClusterContextName  string
+	APIServerEndpoint     string
 	ListenAddr            string
 	CacheEnabled          bool
 	DevMode               bool
diff --git a/backend/pkg/kubeconfig/kubeconfig.go b/backend/pkg/kubeconfig/kubeconfig.go
@@ -1009,14 +1009,21 @@ func GetInClusterContext(
 	oidcScopes string,
 	oidcSkipTLSVerify bool,
 	oidcCACert string,
+	customAPIServerEndpoint string,
 ) (*Context, error) {
 	clusterConfig, err := rest.InClusterConfig()
 	if err != nil {
 		return nil, err
 	}
 
+	// Use custom API server endpoint if provided, otherwise use default from in-cluster config
+	apiServerHost := clusterConfig.Host
+	if customAPIServerEndpoint != "" {
+		apiServerHost = customAPIServerEndpoint
+	}
+
 	cluster := &api.Cluster{
-		Server:                   clusterConfig.Host,
+		Server:                   apiServerHost,
 		CertificateAuthority:     clusterConfig.CAFile,
 		CertificateAuthorityData: clusterConfig.CAData,
 	}
diff --git a/charts/headlamp/templates/deployment.yaml b/charts/headlamp/templates/deployment.yaml
@@ -235,6 +235,9 @@ spec:
             {{- if .Values.config.inClusterContextName }}
             - "-in-cluster-context-name={{ .Values.config.inClusterContextName }}"
             {{- end }}
+            {{- if .Values.config.apiServerEndpoint }}
+            - "-api-server-endpoint={{ .Values.config.apiServerEndpoint }}"
+            {{- end }}
             {{- end }}
             {{- with .Values.config.enableHelm }}
             - "-enable-helm"
diff --git a/charts/headlamp/values.yaml b/charts/headlamp/values.yaml
@@ -34,6 +34,10 @@ extraContainers: []
 config:
   inCluster: true
   inClusterContextName: "main"
+  # -- Custom Kubernetes API server endpoint (overrides the default in-cluster endpoint).
+  # Useful when requests need to pass through a proxy (e.g., kube-oidc-proxy).
+  # Example: "https://kube-oidc-proxy.example.com:443"
+  apiServerEndpoint: ""
   # -- base url path at which headlamp should run
   baseURL: ""
   oidc:
