headlamp auth

2025-10-28 07:43:05 +01:00
parent 9c2ca4dd27
commit 7912509c40
1 changed files with 13 additions and 4 deletions
--- a/argocd/apps/headlamp/values-headlamp.yaml
+++ b/argocd/apps/headlamp/values-headlamp.yaml
@@ -15,17 +15,26 @@ spec:
        config:
          inCluster: true
        
-        # Verwende den headlamp-admin ServiceAccount
        serviceAccount:
          create: false
          name: headlamp-admin
        
-        # Keine separate ClusterRoleBinding erstellen
        clusterRoleBinding:
          create: false
        
-        # Wichtig: automountServiceAccountToken muss true sein
-        automountServiceAccountToken: true
+        # Deaktiviere das automatische Token-Mounting
+        automountServiceAccountToken: false
+        
+        # Mounte stattdessen unser langlebiges Token
+        volumes:
+          - name: sa-token
+            secret:
+              secretName: headlamp-admin-token
+        
+        volumeMounts:
+          - name: sa-token
+            mountPath: /var/run/secrets/kubernetes.io/serviceaccount
+            readOnly: true
        
        ingress:
          enabled: true