Refactor noble cluster configurations by removing deprecated Argo CD application management files and transitioning to a streamlined Ansible-driven installation approach. Update kustomization.yaml files to reflect the new structure, ensuring clarity on resource management. Introduce new namespaces and configurations for cert-manager, external-secrets, and logging components, enhancing the overall deployment process. Add detailed README.md documentation for each component to guide users through the setup and management of the noble lab environment.
This commit is contained in:
Nikholas Pcenicni
37
clusters/noble/bootstrap/headlamp/values.yaml
Normal file
37
clusters/noble/bootstrap/headlamp/values.yaml
Normal file
@@ -0,0 +1,37 @@
|
||||
# Headlamp — noble (Kubernetes web UI)
|
||||
#
|
||||
# helm repo add headlamp https://kubernetes-sigs.github.io/headlamp/
|
||||
# helm repo update
|
||||
# kubectl apply -f clusters/noble/apps/headlamp/namespace.yaml
|
||||
# helm upgrade --install headlamp headlamp/headlamp -n headlamp \
|
||||
# --version 0.40.1 -f clusters/noble/apps/headlamp/values.yaml --wait --timeout 10m
|
||||
#
|
||||
# DNS: headlamp.apps.noble.lab.pcenicni.dev → Traefik LB (see talos/CLUSTER-BUILD.md).
|
||||
# Default chart RBAC is broad — restrict for production (Phase G).
|
||||
# Bind Headlamp’s ServiceAccount to the built-in **edit** ClusterRole (not **cluster-admin**).
|
||||
# For break-glass cluster-admin, use kubectl with your admin kubeconfig — not Headlamp.
|
||||
# If changing **clusterRoleName** on an existing install, Kubernetes forbids mutating **roleRef**:
|
||||
# kubectl delete clusterrolebinding headlamp-admin
|
||||
# helm upgrade … (same command as in the header comments)
|
||||
clusterRoleBinding:
|
||||
clusterRoleName: edit
|
||||
#
|
||||
# Chart 0.40.1 passes -session-ttl but the v0.40.1 binary does not define it — omit the flag:
|
||||
# https://github.com/kubernetes-sigs/headlamp/issues/4883
|
||||
config:
|
||||
sessionTTL: null
|
||||
|
||||
ingress:
|
||||
enabled: true
|
||||
ingressClassName: traefik
|
||||
annotations:
|
||||
cert-manager.io/cluster-issuer: letsencrypt-prod
|
||||
hosts:
|
||||
- host: headlamp.apps.noble.lab.pcenicni.dev
|
||||
paths:
|
||||
- path: /
|
||||
type: Prefix
|
||||
tls:
|
||||
- secretName: headlamp-apps-noble-tls
|
||||
hosts:
|
||||
- headlamp.apps.noble.lab.pcenicni.dev
|
||||
Reference in New Issue
Block a user