privilegedescalation/headlamp-intel-gpu-plugin
12
0
Fork 0
Code Issues 2 Pull Requests 1 Actions Packages Projects Releases 9 Wiki Activity
74 Commits 28 Branches 9 Tags
c43e006c643c2d371af70d03daeecb3a9e467d45
Commit Graph

3 Commits

Author SHA1 Message Date
Chris Farhood c43e006c64 fix: remove create/delete on roles/rolebindings per QA review 
Removes privilege-escalation permissions from RBAC manifest per PRI-554
QA review. The rbac.authorization.k8s.io rule now grants only
get/list/watch on rolebindings (needed for deploy script to verify
existing bindings exist).

Co-Authored-By: Paperclip <noreply@paperclip.ing>
 2026-05-05 18:10:00 +00:00
Chris Farhood c1ad0063cc fix: add roles/rolebindings permissions to RBAC manifest (PRI-550) 
kubectl apply requires get/list/watch on roles/rolebindings to check
existing state before patching. Without these, apply fails with
Forbidden on the GET call itself.

Co-Authored-By: Paperclip <noreply@paperclip.ing>
 2026-05-05 18:10:00 +00:00
Chris Farhood c8242599f9 Add RBAC manifest for E2E CI runner 
Adds deployment/e2e-ci-runner-rbac.yaml which grants the Arc Runners
service account the minimum permissions needed to deploy/teardown an
E2E Headlamp instance in privilegedescalation-dev.

Fixes PRI-550.
Co-Authored-By: Paperclip <noreply@paperclip.ing>
 2026-05-05 18:10:00 +00:00