privilegedescalation/headlamp-intel-gpu-plugin
Archived
12
0
Fork 0
Code Issues 2 Pull Requests 1 Actions Packages Projects Releases 9 Wiki Activity

fix: use headlamp-plugins-e2e namespace, reference shared infra RBAC #69

Closed
privilegedescalation-engineer[bot] wants to merge 11 commits from gandalf/reference-shared-infra-rbac-pri-750 into main
pull from: gandalf/reference-shared-infra-rbac-pri-750
merge into: privilegedescalation:main
Conversation 2 Commits 11 Files Changed 4
+25 -8
4 changed files with 25 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files
.github/workflows/e2e.yaml
+2 -2
View File
@@ -11,7 +11,7 @@ permissions:
contents: read contents: read
# Only one E2E run at a time: the shared E2E_RELEASE (headlamp-e2e) in # Only one E2E run at a time: the shared E2E_RELEASE (headlamp-e2e) in
# privilegedescalation-dev cannot be shared across concurrent runs. # headlamp-dev cannot be shared across concurrent runs.
# cancel-in-progress: false (queue, don't cancel) — cancelling in-flight # cancel-in-progress: false (queue, don't cancel) — cancelling in-flight
# runs may skip the if: always() teardown, leaving dangling cluster resources. # runs may skip the if: always() teardown, leaving dangling cluster resources.
concurrency: concurrency:
@@ -19,7 +19,7 @@ concurrency:
cancel-in-progress: false cancel-in-progress: false
env: env:
E2E_NAMESPACE: privilegedescalation-dev E2E_NAMESPACE: headlamp-dev
E2E_RELEASE: headlamp-e2e E2E_RELEASE: headlamp-e2e
# Pin to a known-good Headlamp version. Using :latest is risky because # Pin to a known-good Headlamp version. Using :latest is risky because
# the tag can change between CI runs, causing flaky failures when a newer # the tag can change between CI runs, causing flaky failures when a newer
deployment/e2e-ci-runner-rbac.yaml
+12
View File
@@ -0,0 +1,12 @@
---
# RBAC for the GitHub Actions CI runner to manage E2E Headlamp instances.
# CI-only test fixture — NOT for production use.
#
# This file is a REFERENCE ONLY. The canonical manifest lives in:
# privilegedescalation/infra/base/rbac/e2e-ci-runner-headlamp-rbac.yaml
#
# The infra repo is managed by Flux GitOps and is the source of truth.
# Do not apply this file directly — it is kept here for developer reference only.
#
# E2E resources run in `privilegedescalation-dev` — nothing persists beyond a test run.
# RBAC is managed via Flux from privilegedescalation/infra — do not apply manually.
scripts/deploy-e2e-headlamp.sh
+9 -4
View File
@@ -5,7 +5,7 @@
# a ConfigMap volume mount. No custom Docker images — the plugin is built # a ConfigMap volume mount. No custom Docker images — the plugin is built
# in CI and injected as a ConfigMap. # in CI and injected as a ConfigMap.
# #
# E2E resources are deployed to the `privilegedescalation-dev` namespace. Nothing # E2E resources are deployed to the `headlamp-dev` namespace. Nothing
# persists beyond the test run — teardown cleans up all created resources. # persists beyond the test run — teardown cleans up all created resources.
# #
# Prerequisites: # Prerequisites:
@@ -14,7 +14,7 @@
# - RBAC applied: kubectl apply -f deployment/e2e-ci-runner-rbac.yaml # - RBAC applied: kubectl apply -f deployment/e2e-ci-runner-rbac.yaml
# #
# Environment: # Environment:
# E2E_NAMESPACE — namespace for E2E Headlamp (default: privilegedescalation-dev) # E2E_NAMESPACE — namespace for E2E Headlamp (default: headlamp-dev)
# E2E_RELEASE — release/resource name prefix (default: headlamp-e2e) # E2E_RELEASE — release/resource name prefix (default: headlamp-e2e)
# HEADLAMP_VERSION — Headlamp image tag (default: latest) # HEADLAMP_VERSION — Headlamp image tag (default: latest)
set -euo pipefail set -euo pipefail
@@ -22,7 +22,7 @@ set -euo pipefail
REPO_ROOT="$(cd "$(dirname "$0")/.." && pwd)" REPO_ROOT="$(cd "$(dirname "$0")/.." && pwd)"
DIST_DIR="$REPO_ROOT/dist" DIST_DIR="$REPO_ROOT/dist"
E2E_NAMESPACE="${E2E_NAMESPACE:-privilegedescalation-dev}" E2E_NAMESPACE="${E2E_NAMESPACE:-headlamp-dev}"
E2E_RELEASE="${E2E_RELEASE:-headlamp-e2e}" E2E_RELEASE="${E2E_RELEASE:-headlamp-e2e}"
HEADLAMP_VERSION="${HEADLAMP_VERSION:-latest}" HEADLAMP_VERSION="${HEADLAMP_VERSION:-latest}"
@@ -59,10 +59,15 @@ kubectl create configmap headlamp-intel-gpu-plugin \
--from-file=package.json="$REPO_ROOT/package.json" --from-file=package.json="$REPO_ROOT/package.json"
# --- Tear down any existing E2E deployment for a clean start --- # --- Tear down any existing E2E deployment for a clean start ---
# Deleting the Deployment forces a fresh pod (new ReplicaSet) regardless of
# whether the pod spec changed. The ServiceAccount is also deleted for a clean
# token state. The Service is NOT deleted — leaving it in place avoids an
# Endpoints UID race (FailedToUpdateEndpoint) that causes DNS resolution
# failures. kubectl apply below upserts the Service in-place, and the new
# pod's IP is added to the existing Endpoints automatically.
echo "" echo ""
echo "Removing any existing E2E deployment (clean-start)..." echo "Removing any existing E2E deployment (clean-start)..."
kubectl delete deployment "${E2E_RELEASE}" -n "$E2E_NAMESPACE" --ignore-not-found --wait kubectl delete deployment "${E2E_RELEASE}" -n "$E2E_NAMESPACE" --ignore-not-found --wait
kubectl delete service "${E2E_RELEASE}" -n "$E2E_NAMESPACE" --ignore-not-found --wait
kubectl delete serviceaccount "${E2E_RELEASE}" -n "$E2E_NAMESPACE" --ignore-not-found --wait kubectl delete serviceaccount "${E2E_RELEASE}" -n "$E2E_NAMESPACE" --ignore-not-found --wait
# --- Deploy Headlamp via kubectl apply --- # --- Deploy Headlamp via kubectl apply ---
scripts/teardown-e2e-headlamp.sh
+2 -2
View File
@@ -4,13 +4,13 @@
# Tears down the dedicated E2E Headlamp instance deployed by deploy-e2e-headlamp.sh. # Tears down the dedicated E2E Headlamp instance deployed by deploy-e2e-headlamp.sh.
# #
# Environment: # Environment:
# E2E_NAMESPACE — namespace to clean up (default: privilegedescalation-dev) # E2E_NAMESPACE — namespace to clean up (default: headlamp-dev)
# E2E_RELEASE — release/resource name prefix (default: headlamp-e2e) # E2E_RELEASE — release/resource name prefix (default: headlamp-e2e)
set -euo pipefail set -euo pipefail
REPO_ROOT="$(cd "$(dirname "$0")/.." && pwd)" REPO_ROOT="$(cd "$(dirname "$0")/.." && pwd)"
E2E_NAMESPACE="${E2E_NAMESPACE:-privilegedescalation-dev}" E2E_NAMESPACE="${E2E_NAMESPACE:-headlamp-dev}"
E2E_RELEASE="${E2E_RELEASE:-headlamp-e2e}" E2E_RELEASE="${E2E_RELEASE:-headlamp-e2e}"
echo "=== E2E Headlamp Teardown ===" echo "=== E2E Headlamp Teardown ==="