From 362ebd6c7d2318e04c802b38eae8b802387c2312 Mon Sep 17 00:00:00 2001
From: Mayne0213 <bluemayne0213@icloud.com>
Date: Fri, 2 Jan 2026 19:48:55 +0900
Subject: [PATCH] REFACTOR(headlamp): switch to authelia

- Remove OIDC config from helm-values
- Remove ExternalSecret (not needed)
- Add Authelia middleware to ingress
- Headlamp uses ServiceAccount for K8s API access
---
 headlamp/external-secret.yaml | 27 ---------------------------
 headlamp/helm-values.yaml     |  6 ------
 headlamp/ingress.yaml         |  1 +
 headlamp/kustomization.yaml   |  1 -
 homer/config.yml              |  4 ++--
 5 files changed, 3 insertions(+), 36 deletions(-)
 delete mode 100644 headlamp/external-secret.yaml

diff --git a/headlamp/external-secret.yaml b/headlamp/external-secret.yaml
deleted file mode 100644
index cc9c89d..0000000
--- a/headlamp/external-secret.yaml
+++ /dev/null
@@ -1,27 +0,0 @@
-apiVersion: external-secrets.io/v1
-kind: ExternalSecret
-metadata:
-  name: headlamp-oidc
-  namespace: headlamp
-spec:
-  refreshInterval: 1h
-  secretStoreRef:
-    kind: ClusterSecretStore
-    name: vault-backend
-  target:
-    name: headlamp-oidc
-    creationPolicy: Owner
-    template:
-      engineVersion: v2
-      data:
-        OIDC_CLIENT_ID: headlamp
-        OIDC_CLIENT_SECRET: "{{ .clientSecret }}"
-        OIDC_ISSUER_URL: https://auth0213.kro.kr
-        OIDC_SCOPES: "openid profile email groups"
-        OIDC_VALIDATOR_CLIENT_ID: headlamp
-        OIDC_VALIDATOR_ISSUER_URL: https://auth0213.kro.kr
-  data:
-    - secretKey: clientSecret
-      remoteRef:
-        key: cluster-infrastructure/authelia
-        property: HEADLAMP_CLIENT_SECRET
diff --git a/headlamp/helm-values.yaml b/headlamp/helm-values.yaml
index e6f8a05..2eadb1d 100644
--- a/headlamp/helm-values.yaml
+++ b/headlamp/helm-values.yaml
@@ -33,9 +33,3 @@ ingress:
 # Config
 config:
   baseURL: ""
-  oidc:
-    secret:
-      create: false
-    externalSecret:
-      enabled: true
-      name: headlamp-oidc
diff --git a/headlamp/ingress.yaml b/headlamp/ingress.yaml
index e052d71..d111c7e 100644
--- a/headlamp/ingress.yaml
+++ b/headlamp/ingress.yaml
@@ -5,6 +5,7 @@ metadata:
   namespace: headlamp
   annotations:
     cert-manager.io/cluster-issuer: "letsencrypt-prod"
+    traefik.ingress.kubernetes.io/router.middlewares: authelia-authelia-auth@kubernetescrd
 spec:
   ingressClassName: traefik
   tls:
diff --git a/headlamp/kustomization.yaml b/headlamp/kustomization.yaml
index 6c563b1..bd43e8a 100644
--- a/headlamp/kustomization.yaml
+++ b/headlamp/kustomization.yaml
@@ -2,4 +2,3 @@ apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
 - ingress.yaml
-- external-secret.yaml
diff --git a/homer/config.yml b/homer/config.yml
index e9da4d8..aff87fd 100644
--- a/homer/config.yml
+++ b/homer/config.yml
@@ -200,9 +200,9 @@ services:
         target: "_blank"
       - name: "Longhorn"
         logo: "/assets/icons/longhorn.webp"
-        subtitle: "Block Storage Management"
+        subtitle: "Degraded"
         tag: "dev"
-        tagstyle: "is-success"
+        tagstyle: "is-danger"
         keywords: "longhorn storage"
         url: "https://longhorn0213.kro.kr"
         target: "_blank"