We're thrilled to announce the release of OpenUnison 1.0.44. This release has some major updates that really make it a big splash:

• Kubernetes Authentication Portal - Moving from the Kubernetes Dashboard to Headlamp
• OpenID Connect - More functions to make it easier to use OpenUnison with your single page applications
• SCIM 2.0 Gateway - Make it easier to integrate CRUD APIs and smaller applications into enterprise identity systems

We're going to write some blog posts about our new application focussed OpenID Connect features and our SCIM gateway, so we're going to focus on Headlamp support int his post.

If you've never worked with it, Headlamp is a project to build a Kubernetes GUI that started as a local dashboard that ran in electron, but later added in-cluster support similar to the Kubernetes Dashboard project. In addition to having a great plugin interface for extensibility and a wonderful interface for navigating your cluster, one of my favorite features is that its log view uses streaming data over websockets instead of just constantly refreshing. It really makes for a great experience!

We were already planning to support Headlamp, then the Kubernetes SIG UI group announced they were deprecating the Kubernetes Dashboard. While the Dashboard was a great project, it didn't have the contributions to keep it moving forward. So that certainly gave us more incentive to support Headlamp!

With this release, we decided to integrate Headlamp directly into our charts instead of making you deploy it on your own. We wanted to give you a simplified deployment experience and tailor the deployment to working with OpenUnison. To that end, we added several features:

• ServiceAccount with No Permissions - Headlamp's dedicated ServiceAccount has no RBAC bindings, so a lost ServiceAccount token is not a danger to your cluster
• End-to-End TLS - OpenUnison has its own built in certificate automation, making sure that your sessions are encrypted from your Ingress, through OpenUnison's reverse proxy, to Headlamp and makes sure that the certificate is rotated as needed
• Hardened Deployment - OpenUnison's Headlamp Deployment removes all capabilities, marks the container as read-only, and creates emptyDir volumes where writes are needed
• Who Am I? - When you're logged into Headlamp, under the cluster there's now a link for a who-am-i feature that shows you who the cluster thinks you are, this is the same information provided by kubectl auth whoami
• Namespace Listing - OpenUnison can manage which namespaces are listed by Headlamp either by listing all namespaces, testing which namespaces you have access to, or letting you write your own service to map from your user's identity to available namespaces

If you're already using OpenUnison, you can switch to using Headlamp by making two updates to your values.yaml:

# disable the Kubernetes Dashboard
dashboard:
  enabled: false

# enable the dashboard
headlamp:
  enabled: true

Once deployed, you can remove your old Dashboard deployment. If you're not using OpenUnison, check out how to get started! If you want the details of what's changed, check out the release notes.