charts: update docs and tests for reduced permissions

Update README.md to reflect new default clusterRoleName of "view"
instead of "cluster-admin". Update all test expected templates
to use the new ClusterRoleBinding name "headlamp" (removed -admin
suffix) and roleRef name "view" instead of "cluster-admin".

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>

Author: cacarico

charts/headlamp/README.md

@@ -148,7 +148,7 @@ config:
 | serviceAccount.name | string | `""` | Service account name |
 | serviceAccount.annotations | object | `{}` | Service account annotations |
 | clusterRoleBinding.create | bool | `true` | Create cluster role binding |
-| clusterRoleBinding.clusterRoleName | string | `"cluster-admin"` | Kubernetes ClusterRole name |
+| clusterRoleBinding.clusterRoleName | string | `"view"` | Kubernetes ClusterRole name |
 | clusterRoleBinding.annotations | object | `{}` | Cluster role binding annotations |
 | podSecurityContext | object | `{}` | Pod security context (e.g., fsGroup: 2000) |
 | securityContext.runAsNonRoot | bool | `true` | Run container as non-root |

charts/headlamp/tests/expected_templates/azure-oidc-with-validators.yaml

@@ -16,7 +16,7 @@ metadata:
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
-  name: headlamp-admin
+  name: headlamp
   labels:
     helm.sh/chart: headlamp-0.39.0
     app.kubernetes.io/name: headlamp
@@ -26,7 +26,7 @@ metadata:
 roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: ClusterRole
-  name: cluster-admin
+  name: view
 subjects:
 - kind: ServiceAccount
   name: headlamp

charts/headlamp/tests/expected_templates/default.yaml

@@ -25,7 +25,7 @@ data:
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
-  name: headlamp-admin
+  name: headlamp
   labels:
     helm.sh/chart: headlamp-0.39.0
     app.kubernetes.io/name: headlamp
@@ -35,7 +35,7 @@ metadata:
 roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: ClusterRole
-  name: cluster-admin
+  name: view
 subjects:
 - kind: ServiceAccount
   name: headlamp

charts/headlamp/tests/expected_templates/extra-args.yaml

@@ -25,7 +25,7 @@ data:
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
-  name: headlamp-admin
+  name: headlamp
   labels:
     helm.sh/chart: headlamp-0.39.0
     app.kubernetes.io/name: headlamp
@@ -35,7 +35,7 @@ metadata:
 roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: ClusterRole
-  name: cluster-admin
+  name: view
 subjects:
 - kind: ServiceAccount
   name: headlamp

charts/headlamp/tests/expected_templates/extra-manifests.yaml

@@ -42,7 +42,7 @@ data:
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
-  name: headlamp-admin
+  name: headlamp
   labels:
     helm.sh/chart: headlamp-0.39.0
     app.kubernetes.io/name: headlamp
@@ -52,7 +52,7 @@ metadata:
 roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: ClusterRole
-  name: cluster-admin
+  name: view
 subjects:
 - kind: ServiceAccount
   name: headlamp

charts/headlamp/tests/expected_templates/me-user-info-url-directly.yaml

@@ -25,7 +25,7 @@ data:
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
-  name: headlamp-admin
+  name: headlamp
   labels:
     helm.sh/chart: headlamp-0.39.0
     app.kubernetes.io/name: headlamp
@@ -35,7 +35,7 @@ metadata:
 roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: ClusterRole
-  name: cluster-admin
+  name: view
 subjects:
 - kind: ServiceAccount
   name: headlamp

charts/headlamp/tests/expected_templates/me-user-info-url.yaml

@@ -25,7 +25,7 @@ data:
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
-  name: headlamp-admin
+  name: headlamp
   labels:
     helm.sh/chart: headlamp-0.39.0
     app.kubernetes.io/name: headlamp
@@ -35,7 +35,7 @@ metadata:
 roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: ClusterRole
-  name: cluster-admin
+  name: view
 subjects:
 - kind: ServiceAccount
   name: headlamp

charts/headlamp/tests/expected_templates/namespace-override-oidc-create-secret.yaml

@@ -29,7 +29,7 @@ data:
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
-  name: headlamp-admin
+  name: headlamp
   labels:
     helm.sh/chart: headlamp-0.39.0
     app.kubernetes.io/name: headlamp
@@ -39,7 +39,7 @@ metadata:
 roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: ClusterRole
-  name: cluster-admin
+  name: view
 subjects:
 - kind: ServiceAccount
   name: headlamp

charts/headlamp/tests/expected_templates/namespace-override.yaml

@@ -25,7 +25,7 @@ data:
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
-  name: headlamp-admin
+  name: headlamp
   labels:
     helm.sh/chart: headlamp-0.39.0
     app.kubernetes.io/name: headlamp
@@ -35,7 +35,7 @@ metadata:
 roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: ClusterRole
-  name: cluster-admin
+  name: view
 subjects:
 - kind: ServiceAccount
   name: headlamp

charts/headlamp/tests/expected_templates/non-azure-oidc.yaml

@@ -16,7 +16,7 @@ metadata:
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
-  name: headlamp-admin
+  name: headlamp
   labels:
     helm.sh/chart: headlamp-0.39.0
     app.kubernetes.io/name: headlamp
@@ -26,7 +26,7 @@ metadata:
 roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: ClusterRole
-  name: cluster-admin
+  name: view
 subjects:
 - kind: ServiceAccount
   name: headlamp