alexlebens/infrastructure
1
0
Fork 0
Code Issues 1 Pull Requests 8 Actions Activity

feat: convert many
Some checks failed
lint-test-helm / lint-helm (pull_request) Successful in 9m13s
Details
lint-test-helm / validate-kubeconform (pull_request) Failing after 10m43s
Details

Browse Source
This commit is contained in:
Alex Lebens
2026-04-21 20:47:16 -05:00
parent 9918eb6363
commit e104eae55e
294 changed files with 2095 additions and 1121 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
clusters/cl01tl/helm/headlamp/templates/_helpers.tpl Normal file
View File

@@ -0,0 +1,21 @@
{{/*
Common labels
*/}}
{{- define "custom.labels" -}}
{{ include "custom.selectorLabels" $ }}
{{- end }}
{{/*
Selector labels
*/}}
{{- define "custom.selectorLabels" -}}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
{{- end }}
{{/*
ServiceAccount name
*/}}
{{- define "custom.serviceAccountName" -}}
headlamp-admin
{{- end -}}

13
clusters/cl01tl/helm/headlamp/templates/cluster-role-binding.yaml
View File

@@ -5,16 +5,15 @@ metadata:
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: cluster-admin-oidc
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
{{- include "custom.labels" . | nindent 4 }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
apiGroup: rbac.authorization.k8s.io
subjects:
- kind: User
- apiGroup: rbac.authorization.k8s.io
kind: User
name: https://authentik.alexlebens.net/application/o/headlamp/#alexanderlebens@gmail.com
apiGroup: rbac.authorization.k8s.io
- kind: ServiceAccount
name: headlamp-admin
namespace: headlamp
name: {{ include "custom.serviceAccountName" . }}
namespace: {{ .Release.Namespace }}

25
clusters/cl01tl/helm/headlamp/templates/external-secret.yaml
View File

@@ -1,38 +1,37 @@
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: headlamp-oidc-secret
name: headlamp-oidc-authentik
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: headlamp-oidc-secret
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
app.kubernetes.io/name: headlamp-oidc-authentik
{{- include "custom.labels" . | nindent 4 }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
name: openbao
data:
- secretKey: OIDC_CLIENT_ID
remoteRef:
key: /authentik/oidc/headlamp
key: /cl01tl/authentik/oidc/headlamp
property: client
- secretKey: OIDC_CLIENT_SECRET
remoteRef:
key: /authentik/oidc/headlamp
key: /cl01tl/authentik/oidc/headlamp
property: secret
- secretKey: OIDC_ISSUER_URL
remoteRef:
key: /authentik/oidc/headlamp
key: /cl01tl/authentik/oidc/headlamp
property: issuer
- secretKey: OIDC_SCOPES
remoteRef:
key: /authentik/oidc/headlamp
key: /cl01tl/authentik/oidc/headlamp
property: scopes
- secretKey: HEADLAMP_CONFIG_OIDC_VALIDATOR_IDP_ISSUER_URL
remoteRef:
key: /authentik/oidc/headlamp
property: validator-issuer-url
key: /cl01tl/authentik/oidc/headlamp
property: issuer
- secretKey: HEADLAMP_CONFIG_OIDC_VALIDATOR_CLIENT_ID
remoteRef:
key: /authentik/oidc/headlamp
property: validator-client-id
key: /cl01tl/authentik/oidc/headlamp
property: client

7
clusters/cl01tl/helm/headlamp/templates/service-account.yaml
View File

@@ -1,9 +1,8 @@
apiVersion: v1
kind: ServiceAccount
metadata:
name: headlamp-admin
name: {{ include "custom.serviceAccountName" . }}
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: headlamp-admin
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
app.kubernetes.io/name: {{ include "custom.serviceAccountName" . }}
{{- include "custom.labels" . | nindent 4 }}

6
clusters/cl01tl/helm/headlamp/values.yaml
View File

@@ -10,7 +10,7 @@ headlamp:
create: false
externalSecret:
enabled: true
name: headlamp-oidc-secret
name: headlamp-oidc-authentik
watchPlugins: true
httpRoute:
enabled: true
@@ -27,11 +27,9 @@ headlamp:
type: PathPrefix
value: /
backendRefs:
- group: ''
kind: Service
- kind: Service
name: headlamp
port: 80
weight: 100
resources:
requests:
cpu: 1m