You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Is your feature request related to a problem? Please describe the impact that the lack of the feature requested is creating.
Currently, the default image and namespace for the Node Shell and Pod Debug features are hardcoded in the frontend source code DEFAULT_NODE_SHELL_LINUX_IMAGE = 'docker.io/library/busybox:latest', DEFAULT_NODE_SHELL_NAMESPACE = 'default'.
While users can change these defaults in the UI Settings. This may create other problems for enterprise and air-gapped environments:
Air-gapped / Restricted Networks: Clusters without access to docker.io will fail to spawn debug pods by default.
Poor User Experience at Scale: Because the UI setting is per-browser, every new developer/user accessing the Headlamp dashboard has to manually change the image in their settings. Otherwise, their first debug attempt will fail or violate corporate registry allowlists.
Security Compliance: Defaulting to the default namespace for highly privileged debug pods (hostPID, hostNetwork, etc.) is an anti-pattern under Kubernetes Pod Security Standards (PSS). Administrators are forced to compromise the security of the default namespace to make it work. (I have raised another bug about this [BUG] Node debug pods accumulate indefinitely on close and default namespace poses security risks #5751)
Describe the solution you'd like
I would like cluster administrators to be able to configure the default debug image and namespace globally at deployment time (e.g., via backend environment variables or CLI flags in the Helm chart), rather than relying on hardcoded frontend strings.
What users will benefit from this feature?
In-Cluster users & Helm chart users: Admins can provide a unified, out-of-the-box working experience for all their developers.
Enterprise / Air-gapped users: Can seamlessly point to their internal private registries.
Security-conscious users: Can globally default debug pods to a dedicated, restricted namespace.
Is your feature request related to a problem? Please describe the impact that the lack of the feature requested is creating.
Currently, the default image and namespace for the Node Shell and Pod Debug features are hardcoded in the frontend source code
DEFAULT_NODE_SHELL_LINUX_IMAGE = 'docker.io/library/busybox:latest', DEFAULT_NODE_SHELL_NAMESPACE = 'default'.While users can change these defaults in the UI Settings. This may create other problems for enterprise and air-gapped environments:
Describe the solution you'd like
I would like cluster administrators to be able to configure the default debug image and namespace globally at deployment time (e.g., via backend environment variables or CLI flags in the Helm chart), rather than relying on hardcoded frontend strings.
What users will benefit from this feature?
In-Cluster users & Helm chart users: Admins can provide a unified, out-of-the-box working experience for all their developers.
Enterprise / Air-gapped users: Can seamlessly point to their internal private registries.
Security-conscious users: Can globally default debug pods to a dedicated, restricted namespace.
Are you able to implement this feature?
Yes (I will try).