REFACTOR(headlamp): switch to authelia

- Remove OIDC config from helm-values - Remove ExternalSecret (not needed) - Add Authelia middleware to ingress - Headlamp uses ServiceAccount for K8s API access
2026-01-02 19:48:55 +09:00
parent 4a439f8b1d
commit 362ebd6c7d
5 changed files with 3 additions and 36 deletions
--- a/headlamp/external-secret.yaml
+++ b/headlamp/external-secret.yaml
@@ -1,27 +0,0 @@
-apiVersion: external-secrets.io/v1
-kind: ExternalSecret
-metadata:
-  name: headlamp-oidc
-  namespace: headlamp
-spec:
-  refreshInterval: 1h
-  secretStoreRef:
-    kind: ClusterSecretStore
-    name: vault-backend
-  target:
-    name: headlamp-oidc
-    creationPolicy: Owner
-    template:
-      engineVersion: v2
-      data:
-        OIDC_CLIENT_ID: headlamp
-        OIDC_CLIENT_SECRET: "{{ .clientSecret }}"
-        OIDC_ISSUER_URL: https://auth0213.kro.kr
-        OIDC_SCOPES: "openid profile email groups"
-        OIDC_VALIDATOR_CLIENT_ID: headlamp
-        OIDC_VALIDATOR_ISSUER_URL: https://auth0213.kro.kr
-  data:
-    - secretKey: clientSecret
-      remoteRef:
-        key: cluster-infrastructure/authelia
-        property: HEADLAMP_CLIENT_SECRET
--- a/headlamp/helm-values.yaml
+++ b/headlamp/helm-values.yaml
@@ -33,9 +33,3 @@ ingress:
 # Config
 config:
  baseURL: ""
-  oidc:
-    secret:
-      create: false
-    externalSecret:
-      enabled: true
-      name: headlamp-oidc
--- a/headlamp/ingress.yaml
+++ b/headlamp/ingress.yaml
@@ -5,6 +5,7 @@ metadata:
  namespace: headlamp
  annotations:
    cert-manager.io/cluster-issuer: "letsencrypt-prod"
+    traefik.ingress.kubernetes.io/router.middlewares: authelia-authelia-auth@kubernetescrd
 spec:
  ingressClassName: traefik
  tls:
--- a/headlamp/kustomization.yaml
+++ b/headlamp/kustomization.yaml
@@ -2,4 +2,3 @@ apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
 - ingress.yaml
- external-secret.yaml
--- a/homer/config.yml
+++ b/homer/config.yml
@@ -200,9 +200,9 @@ services:
        target: "_blank"
      - name: "Longhorn"
        logo: "/assets/icons/longhorn.webp"
-        subtitle: "Block Storage Management"
+        subtitle: "Degraded"
        tag: "dev"
-        tagstyle: "is-success"
+        tagstyle: "is-danger"
        keywords: "longhorn storage"
        url: "https://longhorn0213.kro.kr"
        target: "_blank"