apiVersion: v1
kind: Service
metadata:
  name: headlamp
  namespace: kube-system
spec:
  ports:
    - name: https
      port: 4466
      targetPort: 4466
  selector:
    k8s-app: headlamp
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: headlamp
  namespace: kube-system
spec:
  replicas: 1
  selector:
    matchLabels:
      k8s-app: headlamp
  template:
    metadata:
      labels:
        k8s-app: headlamp
    spec:
      containers:
        - name: headlamp
          image: ghcr.io/headlamp-k8s/headlamp:v0.40.1
          args:
            - "-in-cluster"
            - "-plugins-dir=/headlamp/plugins"
            - "-tls-cert-path=/headlamp-cert/tls.crt"
            - "-tls-key-path=/headlamp-cert/tls.key"
            - "-kubeconfig="
          ports:
            - containerPort: 4466
              name: https
          volumeMounts:
            - name: headlamp-tls
              mountPath: /headlamp-cert
              readOnly: true
          readinessProbe:
            httpGet:
              scheme: HTTPS
              path: /
              port: 4466
            initialDelaySeconds: 10
            timeoutSeconds: 5
          livenessProbe:
            httpGet:
              scheme: HTTPS
              path: /
              port: 4466
            initialDelaySeconds: 10
            timeoutSeconds: 5
      volumes:
        - name: headlamp-tls
          secret:
            secretName: headlamp-tls
      nodeSelector:
        kubernetes.io/os: linux
---
apiVersion: v1
kind: Secret
metadata:
  name: headlamp-admin
  namespace: kube-system
  annotations:
    kubernetes.io/service-account.name: "headlamp-admin"
type: kubernetes.io/service-account-token