privilegedescalation/headlamp-intel-gpu-plugin
12
0
Fork 0
Code Issues 2 Pull Requests 1 Actions Packages Projects Releases 9 Wiki Activity

Promote uat to main #81

Merged
privilegedescalation-cto[bot] merged 10 commits from uat into main 2026-05-14 04:31:19 +00:00
Conversation 4 Commits 10 Files Changed -

10 Commits

Author SHA1 Message Date
Chris Farhood 2eea2dc348 chore: remove dead E2E infrastructure per CTO decision (aff63c4) 
E2E approach is dead — removed from main in aff63c4. These files
re-introduced broken E2E infrastructure that will fail CI on every
uat→main promotion.

Removing:
- .github/workflows/e2e.yaml
- deployment/e2e-ci-runner-rbac.yaml
- scripts/deploy-e2e-headlamp.sh
- scripts/teardown-e2e-headlamp.sh

Co-Authored-By: Paperclip <noreply@paperclip.ing>
 2026-05-14 04:29:07 +00:00
Chris Farhood 9fe4a8e5c5 Reference shared infra RBAC in deployment scripts 
PRI-750: update plugin repos to reference shared infra RBAC (PRI-695 follow-up)

- deployment/e2e-ci-runner-rbac.yaml: replaced duplicate manifest with
  reference comment pointing to privilegedescalation/infra/base/rbac/e2e-ci-runner-headlamp-rbac.yaml
- scripts/deploy-e2e-headlamp.sh: updated RBAC preflight comment and error
  message to reference infra path
- scripts/teardown-e2e-headlamp.sh: added RBAC reference comment

Infra RBAC is the source of truth managed by Flux GitOps. CI workflow
unchanged (Hugh owns .github/workflows/).
 2026-05-14 03:33:57 +00:00
Chris Farhood dc77d6a4ba fix: use headlamp-plugins-e2e namespace for E2E tests, revert workflow 
headlamp-dev is Flux-managed (kustomization/headlamp-dev reconciles), causing
E2E deployment conflicts and test failures. Use a dedicated headlamp-plugins-e2e
namespace instead. Reverted .github/workflows/e2e.yaml — Hugh owns CI/CD; will
file a child issue to update the workflow namespace.
 2026-05-14 03:33:57 +00:00
Chris Farhood 4622cdef46 Replace privilegedescalation-dev with headlamp-dev namespace 
Co-Authored-By: Paperclip <noreply@paperclip.ing>
 2026-05-14 03:33:09 +00:00
Chris Farhood 2e40e6b774 docs: mark RBAC manifest as Flux-managed reference copy 2026-05-14 03:33:03 +00:00
Chris Farhood 7c974a26a9 Fix RBAC manifest per QA review (PRI-554) 
- Remove rbac.authorization.k8s.io rule (create/delete on rolebindings
  was privilege escalation; no RBAC self-management needed)
- Remove self-applying kubectl apply step from e2e workflow
  (runner cannot grant its own permissions; RBAC must be pre-applied
  via Flux from infra repo)

Reviewed-by: Hugh Hackman
 2026-05-14 03:33:03 +00:00
Chris Farhood 75464036e4 fix: remove create/delete on roles/rolebindings per QA review 
Removes privilege-escalation permissions from RBAC manifest per PRI-554
QA review. The rbac.authorization.k8s.io rule now grants only
get/list/watch on rolebindings (needed for deploy script to verify
existing bindings exist).

Co-Authored-By: Paperclip <noreply@paperclip.ing>
 2026-05-14 03:32:43 +00:00
Chris Farhood 70ffaa4920 chore: re-trigger E2E with updated infra RBAC (infra fix applied) 2026-05-14 03:32:43 +00:00
Chris Farhood 9b5734a5a2 fix: add roles/rolebindings permissions to RBAC manifest (PRI-550) 
kubectl apply requires get/list/watch on roles/rolebindings to check
existing state before patching. Without these, apply fails with
Forbidden on the GET call itself.

Co-Authored-By: Paperclip <noreply@paperclip.ing>
 2026-05-14 03:32:43 +00:00
Chris Farhood 3c55253e8d Add RBAC manifest for E2E CI runner 
Adds deployment/e2e-ci-runner-rbac.yaml which grants the Arc Runners
service account the minimum permissions needed to deploy/teardown an
E2E Headlamp instance in privilegedescalation-dev.

Fixes PRI-550.
Co-Authored-By: Paperclip <noreply@paperclip.ing>
 2026-05-14 03:32:19 +00:00