apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
# namespace.yaml is owned by noble-bootstrap-root (clusters/noble/bootstrap/kustomization.yaml).
# Do not include it here — two Applications owning the same Namespace causes SharedResourceWarning.
generatorOptions:
  disableNameSuffixHash: true
configMapGenerator:
  # Mozilla CA bundle (https://curl.se/ca/cacert.pem) — mounted for **-oidc-ca-file** so Headlamp’s OIDC
  # client uses a non-empty PEM pool (avoids spurious “failed to append ca cert to pool” when IdP TLS is public PKI).
  - name: headlamp-oidc-ca-bundle
    files:
      - oidc-ca-bundle.pem=cacert.pem
resources:
  - metrics-clusterrolebinding.yaml
  - oidc-noble-admins-clusterrolebinding.yaml
  - middleware-https-proto.yaml