feat: refactor apps (#5277)

Reviewed-on: #5277
2026-03-30 01:43:26 +00:00
parent 6f9d893d4a
commit 4130942c87
10 changed files with 48 additions and 154 deletions
--- a/clusters/cl01tl/helm/headlamp/Chart.yaml
+++ b/clusters/cl01tl/helm/headlamp/Chart.yaml
@@ -5,8 +5,7 @@ description: Headlamp
 keywords:
  - headlamp
  - dashboard
-  - kubernetes
-home: https://wiki.alexlebens.dev/s/6cc43960-78df-459d-aab6-433844249243
+home: https://docs.alexlebens.dev/applications/headlamp/
 sources:
  - https://github.com/headlamp-k8s/headlamp
  - https://github.com/headlamp-k8s/headlamp/tree/main/charts/headlamp
--- a/clusters/cl01tl/helm/headlamp/templates/external-secret.yaml
+++ b/clusters/cl01tl/helm/headlamp/templates/external-secret.yaml
@@ -14,43 +14,25 @@ spec:
  data:
    - secretKey: OIDC_CLIENT_ID
      remoteRef:
-        conversionStrategy: Default
-        decodingStrategy: None
        key: /authentik/oidc/headlamp
-        metadataPolicy: None
        property: client
    - secretKey: OIDC_CLIENT_SECRET
      remoteRef:
-        conversionStrategy: Default
-        decodingStrategy: None
        key: /authentik/oidc/headlamp
-        metadataPolicy: None
        property: secret
    - secretKey: OIDC_ISSUER_URL
      remoteRef:
-        conversionStrategy: Default
-        decodingStrategy: None
        key: /authentik/oidc/headlamp
-        metadataPolicy: None
        property: issuer
    - secretKey: OIDC_SCOPES
      remoteRef:
-        conversionStrategy: Default
-        decodingStrategy: None
        key: /authentik/oidc/headlamp
-        metadataPolicy: None
        property: scopes
    - secretKey: HEADLAMP_CONFIG_OIDC_VALIDATOR_IDP_ISSUER_URL
      remoteRef:
-        conversionStrategy: Default
-        decodingStrategy: None
        key: /authentik/oidc/headlamp
-        metadataPolicy: None
        property: validator-issuer-url
    - secretKey: HEADLAMP_CONFIG_OIDC_VALIDATOR_CLIENT_ID
      remoteRef:
-        conversionStrategy: Default
-        decodingStrategy: None
        key: /authentik/oidc/headlamp
-        metadataPolicy: None
        property: validator-client-id
--- a/clusters/cl01tl/helm/headlamp/templates/http-route.yaml
+++ b/clusters/cl01tl/helm/headlamp/templates/http-route.yaml
@@ -1,28 +0,0 @@
-apiVersion: gateway.networking.k8s.io/v1
-kind: HTTPRoute
-metadata:
-  name: headlamp
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: headlamp
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/part-of: {{ .Release.Name }}
-spec:
-  parentRefs:
-    - group: gateway.networking.k8s.io
-      kind: Gateway
-      name: traefik-gateway
-      namespace: traefik
-  hostnames:
-    - headlamp.alexlebens.net
-  rules:
-    - matches:
-      - path:
-          type: PathPrefix
-          value: /
-      backendRefs:
-        - group: ''
-          kind: Service
-          name: headlamp
-          port: 80
-          weight: 100
--- a/clusters/cl01tl/helm/headlamp/values.yaml
+++ b/clusters/cl01tl/helm/headlamp/values.yaml
@@ -1,5 +1,9 @@
 headlamp:
  replicaCount: 2
+  image:
+    registry: ghcr.io
+    repository: headlamp-k8s/headlamp
+    tag: v0.41.0@sha256:89c6c65810bfde61796483c93c70d659104355593792bf55cab680d685da8eeb
  config:
    oidc:
      secret:
@@ -10,10 +14,30 @@ headlamp:
    watchPlugins: true
    # Bypasses: https://github.com/kubernetes-sigs/headlamp/issues/4883
    sessionTTL: null
+  httpRoute:
+    enabled: true
+    parentRefs:
+      - group: gateway.networking.k8s.io
+        kind: Gateway
+        name: traefik-gateway
+        namespace: traefik
+    hostnames:
+      - headlamp.alexlebens.net
+    rules:
+      - matches:
+        - path:
+            type: PathPrefix
+            value: /
+        backendRefs:
+          - group: ''
+            kind: Service
+            name: headlamp
+            port: 80
+            weight: 100
  resources:
    requests:
-      cpu: 10m
-      memory: 128Mi
+      cpu: 1m
+      memory: 80Mi
  pluginsManager:
    enabled: true
    securityContext: