FIX(headlamp): use ExternalSecret for OIDC config

- Use externalSecret.enabled instead of env - Add template to ExternalSecret with all OIDC fields
2026-01-02 19:33:01 +09:00
parent f17bbe3514
commit 6d19c01bf1
2 changed files with 12 additions and 12 deletions
--- a/headlamp/external-secret.yaml
+++ b/headlamp/external-secret.yaml
@@ -11,6 +11,13 @@ spec:
  target:
    name: headlamp-oidc
    creationPolicy: Owner
+    template:
+      engineVersion: v2
+      data:
+        clientID: headlamp
+        clientSecret: "{{ .clientSecret }}"
+        issuerURL: https://auth0213.kro.kr
+        scopes: "openid profile email groups"
  data:
    - secretKey: clientSecret
      remoteRef:
--- a/headlamp/helm-values.yaml
+++ b/headlamp/helm-values.yaml
@@ -34,15 +34,8 @@ ingress:
 config:
  baseURL: "https://kubernetes0213.kro.kr"
  oidc:
-    clientID: "headlamp"
-    clientSecret: ""
-    issuerURL: "https://auth0213.kro.kr"
-    scopes: "openid profile email groups"
-
-# OIDC client secret from ExternalSecret
-env:
-  - name: HEADLAMP_CONFIG_OIDC_clientSecret
-    valueFrom:
-      secretKeyRef:
+    secret:
+      create: false
+    externalSecret:
+      enabled: true
      name: headlamp-oidc
-        key: clientSecret