Add CA certificates bundle and update Headlamp configuration for OIDC

clusters/noble/bootstrap/headlamp/kustomization.yaml

@@ -2,6 +2,14 @@ apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 # namespace.yaml is owned by noble-bootstrap-root (clusters/noble/bootstrap/kustomization.yaml).
 # Do not include it here — two Applications owning the same Namespace causes SharedResourceWarning.
+generatorOptions:
+  disableNameSuffixHash: true
+configMapGenerator:
+  # Mozilla CA bundle (https://curl.se/ca/cacert.pem) — mounted for **-oidc-ca-file** so Headlamp’s OIDC
+  # client uses a non-empty PEM pool (avoids spurious “failed to append ca cert to pool” when IdP TLS is public PKI).
+  - name: headlamp-oidc-ca-bundle
+    files:
+      - oidc-ca-bundle.pem=cacert.pem
 resources:
   - metrics-clusterrolebinding.yaml
   - oidc-noble-admins-clusterrolebinding.yaml