[scalar-manager] Add Headlamp integration support

charts/scalar-manager/README.md

@@ -23,6 +23,20 @@ Current chart version is `3.0.0-SNAPSHOT`
 | scalarManager.api.image.tag | string | `""` |  |
 | scalarManager.api.resources | object | `{}` |  |
 | scalarManager.api.secretName | string | `""` | Secret name that includes sensitive data such as credentials. Each secret key is passed to Pod as environment variables using envFrom. |
+| scalarManager.headlamp | object | `{"enabled":false,"kubernetes":{"serviceLabelName":"app.kubernetes.io/name","serviceLabelValue":"headlamp","servicePortName":"http"},"serviceAccount":{"create":true,"name":"","namespace":""},"web":{"basePath":"/headlamp","namespace":"","serviceInfoCacheTTL":"180000"}}` | Headlamp integration configuration |
+| scalarManager.headlamp.enabled | bool | `false` | Enable Headlamp integration |
+| scalarManager.headlamp.kubernetes | object | `{"serviceLabelName":"app.kubernetes.io/name","serviceLabelValue":"headlamp","servicePortName":"http"}` | Kubernetes service discovery configuration (used by API) |
+| scalarManager.headlamp.kubernetes.serviceLabelName | string | `"app.kubernetes.io/name"` | Label name to identify Headlamp service |
+| scalarManager.headlamp.kubernetes.serviceLabelValue | string | `"headlamp"` | Label value to identify Headlamp service |
+| scalarManager.headlamp.kubernetes.servicePortName | string | `"http"` | Port name of the Headlamp service |
+| scalarManager.headlamp.serviceAccount | object | `{"create":true,"name":"","namespace":""}` | Service account configuration for Headlamp token generation. This SA gets cluster-admin privileges and is used to generate tokens that are used for login into Headlamp. |
+| scalarManager.headlamp.serviceAccount.create | bool | `true` | Create a dedicated ServiceAccount for Headlamp |
+| scalarManager.headlamp.serviceAccount.name | string | `""` | Name of the ServiceAccount. If not set and create is true, defaults to "<release>-headlamp-sa" |
+| scalarManager.headlamp.serviceAccount.namespace | string | `""` | Namespace for the ServiceAccount. Defaults to release namespace |
+| scalarManager.headlamp.web | object | `{"basePath":"/headlamp","namespace":"","serviceInfoCacheTTL":"180000"}` | Web container proxy configuration |
+| scalarManager.headlamp.web.basePath | string | `"/headlamp"` | Headlamp proxy base path (must match Headlamp's -base-url setting) |
+| scalarManager.headlamp.web.namespace | string | `""` | Headlamp namespace filter (optional). If empty, auto-selects if exactly one service found |
+| scalarManager.headlamp.web.serviceInfoCacheTTL | string | `"180000"` | Cache TTL for Headlamp service info (milliseconds) |
 | scalarManager.imagePullSecrets | list | `[]` |  |
 | scalarManager.nodeSelector | object | `{}` |  |
 | scalarManager.podAnnotations | object | `{}` | Pod annotations for the scalar-manager deployment |

charts/scalar-manager/templates/_helpers.tpl

@@ -61,3 +61,25 @@ Create the name of the service account to use
 {{- print (include "scalar-manager.fullname" .) "-sa" | trunc 63 | trimSuffix "-" }}
 {{- end }}
 {{- end }}
+
+{{/*
+Create the name of the Headlamp service account
+*/}}
+{{- define "scalar-manager.headlampServiceAccountName" -}}
+{{- if .Values.scalarManager.headlamp.serviceAccount.name }}
+{{- .Values.scalarManager.headlamp.serviceAccount.name }}
+{{- else }}
+{{- print (include "scalar-manager.fullname" .) "-headlamp-sa" | trunc 63 | trimSuffix "-" }}
+{{- end }}
+{{- end }}
+
+{{/*
+Get the namespace for Headlamp service account
+*/}}
+{{- define "scalar-manager.headlampServiceAccountNamespace" -}}
+{{- if .Values.scalarManager.headlamp.serviceAccount.namespace }}
+{{- .Values.scalarManager.headlamp.serviceAccount.namespace }}
+{{- else }}
+{{- .Release.Namespace }}
+{{- end }}
+{{- end }}

charts/scalar-manager/templates/scalar-manager/clusterrole.yaml

@@ -11,3 +11,10 @@ rules:
   - apiGroups: ["apps"]
     resources: ["deployments"]
     verbs: ["get", "list"]
+{{- if .Values.scalarManager.headlamp.enabled }}
+  # Permission to create tokens for Headlamp ServiceAccount
+  - apiGroups: [""]
+    resources: ["serviceaccounts/token"]
+    verbs: ["create"]
+    resourceNames: ["{{ include "scalar-manager.headlampServiceAccountName" . }}"]
+{{- end }}

charts/scalar-manager/templates/scalar-manager/clusterrolebinding.yaml

@@ -13,3 +13,22 @@ roleRef:
   kind: ClusterRole
   name: {{ include "scalar-manager.fullname" . }}
   apiGroup: rbac.authorization.k8s.io
+
+{{- if and .Values.scalarManager.headlamp.enabled .Values.scalarManager.headlamp.serviceAccount.create }}
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ include "scalar-manager.fullname" . }}-headlamp-cluster-admin
+  labels:
+    {{- include "scalar-manager.labels" . | nindent 4 }}
+    app.kubernetes.io/component: headlamp
+subjects:
+  - kind: ServiceAccount
+    name: {{ include "scalar-manager.headlampServiceAccountName" . }}
+    namespace: {{ include "scalar-manager.headlampServiceAccountNamespace" . }}
+roleRef:
+  kind: ClusterRole
+  name: cluster-admin
+  apiGroup: rbac.authorization.k8s.io
+{{- end }}

charts/scalar-manager/templates/scalar-manager/deployment.yaml

@@ -107,6 +107,19 @@ spec:
             {{- end }}
             {{- end }}
             {{- end }}
+            {{- if .Values.scalarManager.headlamp.enabled }}
+            # Headlamp discovery configuration
+            - name: HEADLAMP_KUBERNETES_SERVICE_LABEL_NAME
+              value: "{{ .Values.scalarManager.headlamp.kubernetes.serviceLabelName }}"
+            - name: HEADLAMP_KUBERNETES_SERVICE_LABEL_VALUE
+              value: "{{ .Values.scalarManager.headlamp.kubernetes.serviceLabelValue }}"
+            - name: HEADLAMP_KUBERNETES_SERVICE_PORT_NAME
+              value: "{{ .Values.scalarManager.headlamp.kubernetes.servicePortName }}"
+            - name: HEADLAMP_SERVICE_ACCOUNT_NAME
+              value: "{{ include "scalar-manager.headlampServiceAccountName" . }}"
+            - name: HEADLAMP_SERVICE_ACCOUNT_NAMESPACE
+              value: "{{ include "scalar-manager.headlampServiceAccountNamespace" . }}"
+            {{- end }}
           {{- if .Values.scalarManager.api.secretName }}
           envFrom:
           - secretRef:
@@ -196,6 +209,17 @@ spec:
             {{- end }}
             {{- end }}
             {{- end }}
+            {{- if .Values.scalarManager.headlamp.enabled }}
+            # Headlamp proxy configuration
+            - name: HEADLAMP_BASE_PATH
+              value: "{{ .Values.scalarManager.headlamp.web.basePath }}"
+            {{- if .Values.scalarManager.headlamp.web.namespace }}
+            - name: HEADLAMP_NAMESPACE
+              value: "{{ .Values.scalarManager.headlamp.web.namespace }}"
+            {{- end }}
+            - name: HEADLAMP_SERVICE_INFO_CACHE_TTL
+              value: "{{ .Values.scalarManager.headlamp.web.serviceInfoCacheTTL }}"
+            {{- end }}
           ports:
             - containerPort: {{ .Values.scalarManager.web.service.ports.web.targetPort }}
           imagePullPolicy: {{ .Values.scalarManager.web.image.pullPolicy }}

charts/scalar-manager/templates/scalar-manager/serviceaccount.yaml

@@ -7,3 +7,14 @@ metadata:
   labels:
     {{- include "scalar-manager.labels" . | nindent 4 }}
 {{- end }}
+{{- if and .Values.scalarManager.headlamp.enabled .Values.scalarManager.headlamp.serviceAccount.create }}
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ include "scalar-manager.headlampServiceAccountName" . }}
+  namespace: {{ include "scalar-manager.headlampServiceAccountNamespace" . }}
+  labels:
+    {{- include "scalar-manager.labels" . | nindent 4 }}
+    app.kubernetes.io/component: headlamp
+{{- end }}

charts/scalar-manager/values.schema.json

@@ -112,6 +112,56 @@
                         }
                     }
                 },
+                "headlamp": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "kubernetes": {
+                            "type": "object",
+                            "properties": {
+                                "serviceLabelName": {
+                                    "type": "string"
+                                },
+                                "serviceLabelValue": {
+                                    "type": "string"
+                                },
+                                "servicePortName": {
+                                    "type": "string"
+                                }
+                            }
+                        },
+                        "serviceAccount": {
+                            "type": "object",
+                            "properties": {
+                                "create": {
+                                    "type": "boolean"
+                                },
+                                "name": {
+                                    "type": "string"
+                                },
+                                "namespace": {
+                                    "type": "string"
+                                }
+                            }
+                        },
+                        "web": {
+                            "type": "object",
+                            "properties": {
+                                "basePath": {
+                                    "type": "string"
+                                },
+                                "namespace": {
+                                    "type": "string"
+                                },
+                                "serviceInfoCacheTTL": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
                 "imagePullSecrets": {
                     "type": "array"
                 },

charts/scalar-manager/values.yaml

@@ -192,6 +192,40 @@ scalarManager:
       #   cpu: 100m
       #   memory: 128Mi
 
+  # -- Headlamp integration configuration
+  headlamp:
+    # -- Enable Headlamp integration
+    enabled: false
+
+    # -- Kubernetes service discovery configuration (used by API)
+    kubernetes:
+      # -- Label name to identify Headlamp service
+      serviceLabelName: "app.kubernetes.io/name"
+      # -- Label value to identify Headlamp service
+      serviceLabelValue: "headlamp"
+      # -- Port name of the Headlamp service
+      servicePortName: "http"
+
+    # -- Service account configuration for Headlamp token generation.
+    # This SA gets cluster-admin privileges and is used to generate tokens
+    # that are used for login into Headlamp.
+    serviceAccount:
+      # -- Create a dedicated ServiceAccount for Headlamp
+      create: true
+      # -- Name of the ServiceAccount. If not set and create is true, defaults to "<release>-headlamp-sa"
+      name: ""
+      # -- Namespace for the ServiceAccount. Defaults to release namespace
+      namespace: ""
+
+    # -- Web container proxy configuration
+    web:
+      # -- Headlamp proxy base path (must match Headlamp's -base-url setting)
+      basePath: "/headlamp"
+      # -- Headlamp namespace filter (optional). If empty, auto-selects if exactly one service found
+      namespace: ""
+      # -- Cache TTL for Headlamp service info (milliseconds)
+      serviceInfoCacheTTL: "180000"
+
   imagePullSecrets: []
 
   # -- Unified TLS configuration for both API and Web components.