FIX(headlamp): use ExternalSecret for OIDC config

- Use externalSecret.enabled instead of env
- Add template to ExternalSecret with all OIDC fields

headlamp/external-secret.yaml

@@ -11,6 +11,13 @@ spec:
   target:
     name: headlamp-oidc
     creationPolicy: Owner
+    template:
+      engineVersion: v2
+      data:
+        clientID: headlamp
+        clientSecret: "{{ .clientSecret }}"
+        issuerURL: https://auth0213.kro.kr
+        scopes: "openid profile email groups"
   data:
     - secretKey: clientSecret
       remoteRef:

headlamp/helm-values.yaml

@@ -34,15 +34,8 @@ ingress:
 config:
   baseURL: "https://kubernetes0213.kro.kr"
   oidc:
-    clientID: "headlamp"
+    secret:
-    clientSecret: ""
+      create: false
-    issuerURL: "https://auth0213.kro.kr"
+    externalSecret:
-    scopes: "openid profile email groups"
+      enabled: true
-
+      name: headlamp-oidc
-# OIDC client secret from ExternalSecret
-env:
-  - name: HEADLAMP_CONFIG_OIDC_clientSecret
-    valueFrom:
-      secretKeyRef:
-        name: headlamp-oidc
-        key: clientSecret