Refactor noble cluster configurations by removing deprecated Argo CD application management files and transitioning to a streamlined Ansible-driven installation approach. Update kustomization.yaml files to reflect the new structure, ensuring clarity on resource management. Introduce new namespaces and configurations for cert-manager, external-secrets, and logging components, enhancing the overall deployment process. Add detailed README.md documentation for each component to guide users through the setup and management of the noble lab environment.
This commit is contained in:
Nikholas Pcenicni
35
clusters/noble/bootstrap/headlamp/README.md
Normal file
35
clusters/noble/bootstrap/headlamp/README.md
Normal file
@@ -0,0 +1,35 @@
|
||||
# Headlamp (noble)
|
||||
|
||||
[Headlamp](https://headlamp.dev/) web UI for the cluster. Exposed on **`https://headlamp.apps.noble.lab.pcenicni.dev`** via **Traefik** + **cert-manager** (`letsencrypt-prod`), same pattern as Grafana.
|
||||
|
||||
- **Chart:** `headlamp/headlamp` **0.40.1** (`config.sessionTTL: null` avoids chart/binary mismatch — [issue #4883](https://github.com/kubernetes-sigs/headlamp/issues/4883))
|
||||
- **Namespace:** `headlamp`
|
||||
|
||||
## Install
|
||||
|
||||
```bash
|
||||
helm repo add headlamp https://kubernetes-sigs.github.io/headlamp/
|
||||
helm repo update
|
||||
kubectl apply -f clusters/noble/apps/headlamp/namespace.yaml
|
||||
helm upgrade --install headlamp headlamp/headlamp -n headlamp \
|
||||
--version 0.40.1 -f clusters/noble/apps/headlamp/values.yaml --wait --timeout 10m
|
||||
```
|
||||
|
||||
Sign-in uses a **ServiceAccount token** (Headlamp docs: create a limited SA for day-to-day use). This repo binds the Headlamp workload SA to the built-in **`edit`** ClusterRole (**`clusterRoleBinding.clusterRoleName: edit`** in **`values.yaml`**) — not **`cluster-admin`**. For cluster-scoped admin work, use **`kubectl`** with your admin kubeconfig. Optional **OIDC** in **`config.oidc`** replaces token login for SSO.
|
||||
|
||||
## Sign-in token (ServiceAccount `headlamp`)
|
||||
|
||||
Use a short-lived token (Kubernetes **1.24+**; requires permission to create **TokenRequests**):
|
||||
|
||||
```bash
|
||||
export KUBECONFIG=/path/to/talos/kubeconfig # or your admin kubeconfig
|
||||
kubectl -n headlamp create token headlamp --duration=48h
|
||||
```
|
||||
|
||||
Paste the printed JWT into Headlamp’s token field at **`https://headlamp.apps.noble.lab.pcenicni.dev`**.
|
||||
|
||||
To use another duration (cluster `spec.serviceAccount` / admission limits may cap it):
|
||||
|
||||
```bash
|
||||
kubectl -n headlamp create token headlamp --duration=8760h
|
||||
```
|
||||
Reference in New Issue
Block a user