fix(headplane): Wrong namespace

eaglesemanation · eaglesemanation · commit 76f28a92ffec · 2026-02-22T02:46:30.000-05:00
diff --git a/k8s/apps/network/headscale/deployment.k8s.yaml b/k8s/apps/network/headscale/deployment.k8s.yaml
@@ -86,11 +86,13 @@ apiVersion: apps/v1
 kind: Deployment
 metadata:
   name: headplane
-  namespace: headplane
+  namespace: headscale
   labels:
     app.kubernetes.io/name: headplane
     app.kubernetes.io/instance: headplane
 spec:
+  strategy:
+    type: Recreate
   replicas: 1
   selector:
     matchLabels:
@@ -105,6 +107,15 @@ spec:
       containers:
         - name: headplane
           image: ghcr.io/tale/headplane:0.6.1
+          startupProbe:
+            exec:
+              command: ["/bin/hp_healthcheck"]
+          livenessProbe:
+            exec:
+              command: ["/bin/hp_healthcheck"]
+          readinessProbe:
+            exec:
+              command: ["/bin/hp_healthcheck"]
           resources:
             requests:
               cpu: 10m
@@ -114,6 +125,12 @@ spec:
           ports:
             - name: web
               containerPort: 3000
+          env:
+            - name: HEADPLANE_OIDC__CLIENT_ID
+              valueFrom:
+                secretKeyRef:
+                  key: oidc_client_id
+                  name: headscale
           volumeMounts:
             - name: data
               mountPath: /var/lib/headplane
@@ -127,7 +144,7 @@ spec:
             - name: secrets
               readOnly: true
               mountPath: /etc/headplane-secrets
-            - name: headplane-cookie-secret
+            - name: cookie-secret
               readOnly: true
               mountPath: /etc/headplane-secrets/cookies
             - name: headscale-secrets
diff --git a/k8s/apps/network/headscale/headplane-config.yaml b/k8s/apps/network/headscale/headplane-config.yaml
@@ -188,12 +188,12 @@ oidc:
   # The authentication method to use when communicating with the token endpoint.
   # This is fully optional and Headplane will attempt to auto-detect the best
   # method and fall back to `client_secret_basic` if unsure.
-  # token_endpoint_auth_method: "client_secret_post"
+  token_endpoint_auth_method: "client_secret_basic"
 
   # The client ID for the OIDC client
   # For the best experience please ensure this is *identical* to the client_id
   # you are using for Headscale. because
-  client_id_path: /etc/headscale-secrets/oidc_client_id
+  #client_id: <specified through env>
 
   # The client secret for the OIDC client
   # You may also provide `client_secret_path` instead to read a value from disk.
