Run Headlamp in a webserver

[dmalagoli-dylog]

Is your feature request related to a problem? Please describe the impact that the lack of the feature requested is creating.

Our company have multiple clusters,
and we are exploring the opportunity
to place Headlamp in a separate on-prem VM instead of the cloud.
It would be great, beacause OIDC login is already implemented,
to run the application in a web server,
to secure the kubeconfig file,
so no one could have direct access to the cluster.

Describe the solution you'd like

If possible, just some pages in the docs for the web server install

What users will benefit from this feature?

I think anyone who has corporate cluster and need to avoid credential and sensitive
data to leak outside of the corporate perimenter

Are you able to implement this feature?

I can try, if feasible

Additional context

[joaquimrocha]

Hi @dmalagoli-dylog , I think this use-case is possible with Headlamp's container image.
You can indeed run that image (the healdamp-server binary in it), and pass it the -kubeconfig CLI option to point to your desired clusters (which would be available for all users who connect, though the role / RBAC is still per user). Take into account that Headlamp has no authentication layer, and it proxies API calls directly to the API server, so having that web service access behind some firewall or auth system is recommendable.

There are multiple ways to run Headlamp in a VM, we should probably document a basic one. Maybe you could help us with this if you are going to try it out?