Add CA certificates bundle and update Headlamp configuration for OIDC

clusters/noble/bootstrap/headlamp/values.yaml

@@ -19,6 +19,19 @@ clusterRoleBinding:
 # Optional: set **config.sessionTTL** (seconds) or **null** to omit **-session-ttl** (see headlamp#4883 for older chart/binary mismatches).
 config:
   sessionTTL: null
+  extraArgs:
+    # PEM pool from ConfigMap **headlamp-oidc-ca-bundle** (see **kustomization.yaml** + **cacert.pem**).
+    - "-oidc-ca-file=/etc/ssl/headlamp/oidc-ca-bundle.pem"
+
+volumeMounts:
+  - name: oidc-ca-bundle
+    mountPath: /etc/ssl/headlamp
+    readOnly: true
+
+volumes:
+  - name: oidc-ca-bundle
+    configMap:
+      name: headlamp-oidc-ca-bundle
 
 ingress:
   enabled: true