Headlamp: Runtime Dashboard Guide¶
Headlamp is the new web-based dashboard for managing workloads and resources within your Game Warden Runtime environment. It replaces the legacy Argo UI and provides a secure, read-only view into your deployed applications, using the same identity and access model you already use today.
Headlamp offers a more complete view of your runtime cluster, including workloads, configuration, and status information, while remaining fully compliant with the zero-trust security controls of the Game Warden platform.
Key features¶
| Category | Description |
|---|---|
| Unified Cluster View | Explore your application namespaces, workloads, configuration, and logs from a single interface. |
| Real-Time Status | Live updates for pods, deployments, and jobs without needing to refresh the page. |
| Secure Authentication | Uses the same Keycloak login process as the Argo UI—no new accounts or credentials required. |
| Role-Based Access Control | Headlamp enforces Kubernetes RBAC so users only see what their assigned role allows. |
| Namespace-Scoped Visibility | Customer users see only their organization’s namespaces and deployed resources. |
| Performance and Accessibility | Built-in dark mode, keyboard shortcuts, and accessibility enhancements optimized for daily use. |
| Extensible by Design | Built on an extension framework that enables additional runtime-specific views and features in the future. |
How to access Headlamp¶
Your Headlamp dashboard is available at a dedicated URL in the following format:
https://headlamp-<customerName>.secondfront.com
For example, if your organization name is ACME, your URL would be:
https://headlamp-acme.secondfront.com
Tip
Bookmark your Headlamp URL for quick access. It replaces your previous Argo UI link.
How to authenticate¶
Follow the steps below to access your Headlamp dashboard using your platform credentials (the same ones you use for Argo UI).
- Go to your organization’s Headlamp URL and click Sign In with OIDC.
- Sign in through Keycloak using your platform credentials.
- After successful authentication, you will be redirected to the Headlamp dashboard.
Access and user roles¶
Headlamp uses the same role-based access control (RBAC) model as the underlying runtime cluster. There are two primary personas:
| Persona | Description | Access level |
|---|---|---|
| Administrator | Second Front operators and approved administrators who manage the runtime platform. | Full access across all namespaces and runtime resources. |
| Customer User | Customer personnel with access to their assigned application namespaces. | Read-only access within their organization’s namespaces (for example: view Deployments, Pods, Logs, Events, and ConfigMaps). |
You cannot modify or delete resources through Headlamp. This read-only access model helps ensure platform consistency and security.
Availability¶
- Default Access: Headlamp is automatically deployed for all customer runtimes beginning with version
v0.16and later. - Older Versions: If your runtime has not yet been upgraded, please reach out to your Second Front representative to request enablement.
- Single Sign-On: Headlamp uses your existing Keycloak identity. No separate credentials or manual provisioning are required.
Migration notes: Argo UI → Headlamp¶
Headlamp replaces Argo UI as the primary dashboard for monitoring deployed workloads. GitOps automation continues to run through Flux, no action required from you.
Use the table below to locate Argo UI functions in Headlamp:
| Argo UI Function | Headlamp Location |
|---|---|
| Application sync and status | Workloads → Deployments or GitOps → Flux Status (extension) |
| Pod logs | Workloads → Pods → Logs |
| Events | Workloads → Events |
| Resource health | Status indicators on individual workload pages |
| Namespace visibility | Namespace selector in top navigation bar |
FAQs¶
Do I need to request access to Headlamp?
No. All customers have access by default through their organization’s Headlamp URL.
Can I make changes to my applications in Headlamp?
No. Headlamp is read-only for customers. All changes should continue to be made through your standard processes.
Will my login change from Argo UI?
No. You will sign in using the same Keycloak credentials you already use.
Can administrators view all customer namespaces?
Yes. Platform administrators retain full cluster visibility.
Support and feedback¶
If you encounter issues or would like to request additional visibility features, open a ticket through the Support Ticketing System.