From 7912509c40209711f0b19ee6c7ad6f69e2852e38 Mon Sep 17 00:00:00 2001
From: titver968 <vermesan@hotmail.com>
Date: Tue, 28 Oct 2025 07:43:05 +0100
Subject: [PATCH] headlamp auth

---
 argocd/apps/headlamp/values-headlamp.yaml | 17 +++++++++++++----
 1 file changed, 13 insertions(+), 4 deletions(-)

diff --git a/argocd/apps/headlamp/values-headlamp.yaml b/argocd/apps/headlamp/values-headlamp.yaml
index 3d1857f..eca9e47 100644
--- a/argocd/apps/headlamp/values-headlamp.yaml
+++ b/argocd/apps/headlamp/values-headlamp.yaml
@@ -15,17 +15,26 @@ spec:
         config:
           inCluster: true
         
-        # Verwende den headlamp-admin ServiceAccount
         serviceAccount:
           create: false
           name: headlamp-admin
         
-        # Keine separate ClusterRoleBinding erstellen
         clusterRoleBinding:
           create: false
         
-        # Wichtig: automountServiceAccountToken muss true sein
-        automountServiceAccountToken: true
+        # Deaktiviere das automatische Token-Mounting
+        automountServiceAccountToken: false
+        
+        # Mounte stattdessen unser langlebiges Token
+        volumes:
+          - name: sa-token
+            secret:
+              secretName: headlamp-admin-token
+        
+        volumeMounts:
+          - name: sa-token
+            mountPath: /var/run/secrets/kubernetes.io/serviceaccount
+            readOnly: true
         
         ingress:
           enabled: true