headlamp-dev is Flux-managed (kustomization/headlamp-dev reconciles), causing
E2E deployment conflicts and test failures. Use a dedicated headlamp-plugins-e2e
namespace instead. Reverted .github/workflows/e2e.yaml — Hugh owns CI/CD; will
file a child issue to update the workflow namespace.
- Remove rbac.authorization.k8s.io rule (create/delete on rolebindings
was privilege escalation; no RBAC self-management needed)
- Remove self-applying kubectl apply step from e2e workflow
(runner cannot grant its own permissions; RBAC must be pre-applied
via Flux from infra repo)
Reviewed-by: Hugh Hackman
Adds 'kubectl apply -f deployment/e2e-ci-runner-rbac.yaml' step
to the E2E workflow before the deploy script runs.
Co-Authored-By: Paperclip <noreply@paperclip.ing>
Adds `.github/workflows/e2e.yaml` to run Playwright E2E smoke tests
against a deployed Headlamp instance in `privilegedescalation-dev`.
Follows the headlamp-polaris-plugin pattern:
- Builds the plugin, deploys via scripts/deploy-e2e-headlamp.sh
- Runs tests with `npm run e2e` (intel-gpu uses npm, not pnpm)
- Uploads Playwright report and test results on failure
- Cleans up via scripts/teardown-e2e-headlamp.sh (if: always())
- Concurrency group prevents concurrent runs sharing E2E resources
- Uses runs-on: runners-privilegedescalation (self-hosted ARC)
Depends on Gandalf's E2E test implementation in PR #25.
Co-Authored-By: Paperclip <noreply@paperclip.ing>
Chris Farhood
privilegedescalation-engineer[bot]