diff --git a/clusters/noble/bootstrap/argocd/app-of-apps/headlamp-application.yaml b/clusters/noble/bootstrap/argocd/app-of-apps/headlamp-application.yaml
index c4a2749..2fb3ec4 100644
--- a/clusters/noble/bootstrap/argocd/app-of-apps/headlamp-application.yaml
+++ b/clusters/noble/bootstrap/argocd/app-of-apps/headlamp-application.yaml
@@ -16,6 +16,9 @@ spec:
         releaseName: headlamp
         valueFiles:
           - $values/clusters/noble/bootstrap/headlamp/values.yaml
+    - repoURL: https://gitea.pcenicni.ca/gsdavidp/home-server.git
+      targetRevision: HEAD
+      path: clusters/noble/bootstrap/headlamp
     - repoURL: https://gitea.pcenicni.ca/gsdavidp/home-server.git
       targetRevision: HEAD
       ref: values
diff --git a/clusters/noble/bootstrap/headlamp/kustomization.yaml b/clusters/noble/bootstrap/headlamp/kustomization.yaml
new file mode 100644
index 0000000..f86d53c
--- /dev/null
+++ b/clusters/noble/bootstrap/headlamp/kustomization.yaml
@@ -0,0 +1,5 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - namespace.yaml
+  - metrics-clusterrolebinding.yaml
diff --git a/clusters/noble/bootstrap/headlamp/metrics-clusterrolebinding.yaml b/clusters/noble/bootstrap/headlamp/metrics-clusterrolebinding.yaml
new file mode 100644
index 0000000..4df6185
--- /dev/null
+++ b/clusters/noble/bootstrap/headlamp/metrics-clusterrolebinding.yaml
@@ -0,0 +1,32 @@
+# Grant Headlamp's ServiceAccount read access to the Kubernetes Metrics API.
+# The chart binds headlamp SA to 'edit' (safe default) but 'edit' does not include
+# metrics.k8s.io — without this, Headlamp shows no CPU/memory/node data on the dashboard.
+# This binding is additive: it does not escalate headlamp beyond 'edit' elsewhere.
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: headlamp-metrics-reader
+  labels:
+    app.kubernetes.io/name: headlamp
+    app.kubernetes.io/managed-by: Helm
+rules:
+  - apiGroups: ["metrics.k8s.io"]
+    resources: ["nodes", "pods"]
+    verbs: ["get", "list"]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: headlamp-metrics-reader
+  labels:
+    app.kubernetes.io/name: headlamp
+    app.kubernetes.io/managed-by: Helm
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: headlamp-metrics-reader
+subjects:
+  - kind: ServiceAccount
+    name: headlamp
+    namespace: headlamp