FEAT(headlamp): configure Headlamp OIDC with Authelia

- Add OIDC configuration (clientID, issuerURL, scopes)
- Add ExternalSecret for OIDC client secret from Vault
- Remove Authelia middleware (using direct OIDC auth)

headlamp/external-secret.yaml

@@ -0,0 +1,18 @@
+apiVersion: external-secrets.io/v1
+kind: ExternalSecret
+metadata:
+  name: headlamp-oidc
+  namespace: headlamp
+spec:
+  refreshInterval: 1h
+  secretStoreRef:
+    kind: ClusterSecretStore
+    name: vault-backend
+  target:
+    name: headlamp-oidc
+    creationPolicy: Owner
+  data:
+    - secretKey: clientSecret
+      remoteRef:
+        key: cluster-infrastructure/authelia
+        property: HEADLAMP_CLIENT_SECRET

headlamp/helm-values.yaml

@@ -32,9 +32,17 @@ ingress:
 
 # Config
 config:
-  baseURL: ""
+  baseURL: "https://kubernetes0213.kro.kr"
   oidc:
-    clientID: ""
+    clientID: "headlamp"
     clientSecret: ""
-    issuerURL: ""
+    issuerURL: "https://auth0213.kro.kr"
-    scopes: ""
+    scopes: "openid profile email groups"
+
+# OIDC client secret from ExternalSecret
+env:
+  - name: HEADLAMP_CONFIG_OIDC_clientSecret
+    valueFrom:
+      secretKeyRef:
+        name: headlamp-oidc
+        key: clientSecret

headlamp/kustomization.yaml

@@ -2,3 +2,4 @@ apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
 - ingress.yaml
+- external-secret.yaml