Alvin Wang
4301877f33
Audited the running cluster and fixed all .md files: - Node info: Fedora 43, Lima (not OrbStack), worker IP 10.0.1.58 - Networking: fixed public/internal hostname tables, all *.dog internals - Storage: removed Longhorn refs (not deployed), documented hostPath/local-path - Services: moved Seerr to media chart, utils is Zerobyte only - Bootstrap: reordered steps, MetalLB/traefik-internal as manual pre-deploy - Headlamp.md/MetalLB.md: added context and explanations Made-with: Cursor
23 lines
742 B
Markdown
23 lines
742 B
Markdown
# Headlamp — Manual Token Access
|
|
|
|
The `charts/headlamp` Helm chart deploys Headlamp with its own in-cluster
|
|
ServiceAccount (`headlamp`) and a `cluster-admin` ClusterRoleBinding. That
|
|
SA is used by the running pod and does not require manual setup.
|
|
|
|
To generate a **bearer token** for logging in to the Headlamp UI (e.g. from
|
|
a browser), create a separate short-lived token:
|
|
|
|
```bash
|
|
kubectl -n apps create token headlamp --duration=48h
|
|
```
|
|
|
|
If you need a dedicated SA for external/long-lived access instead:
|
|
|
|
```bash
|
|
kubectl -n apps create serviceaccount headlamp-admin
|
|
kubectl create clusterrolebinding headlamp-admin \
|
|
--serviceaccount=apps:headlamp-admin \
|
|
--clusterrole=cluster-admin
|
|
kubectl -n apps create token headlamp-admin
|
|
```
|