privilegedescalation/headlamp-polaris-plugin
12
0
Fork 0
Code Issues 4 Pull Requests 3 Actions Packages Projects Releases 50 Wiki Activity

fix: remove namespace create/delete from E2E scripts

Browse Source 
The CI runner SA only has namespace-scoped RBAC in headlamp-e2e — it
cannot create or delete namespaces at the cluster level. Deploy now
verifies the namespace exists (with a clear error if not), and teardown
cleans up resources without deleting the namespace itself.

Co-Authored-By: Paperclip <noreply@paperclip.ing>
This commit is contained in:
Hugh Hackman
2026-03-20 01:13:02 +00:00
parent 902f206e32
commit 0a52a8effa
2 changed files with 17 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files
scripts/deploy-e2e-headlamp.sh
+9 -3
View File
@@ -9,6 +9,7 @@
# - Plugin built (dist/ exists with plugin-main.js + package.json)
# - kubectl configured with cluster access
# - Helm 3 installed
# - E2E namespace pre-created by cluster admin (see deployment/e2e-ci-runner-rbac.yaml)
#
# Environment:
# E2E_NAMESPACE — namespace for E2E Headlamp (default: headlamp-e2e)
@@ -33,10 +34,15 @@ echo " Image: ghcr.io/headlamp-k8s/headlamp:${HEADLAMP_VERSION}"
echo " Namespace: $E2E_NAMESPACE"
echo " Release: $E2E_RELEASE"
# --- Create namespace ---
# --- Verify namespace exists (must be pre-created by cluster admin) ---
echo ""
echo "Creating namespace ${E2E_NAMESPACE} (if needed)..."
kubectl create namespace "$E2E_NAMESPACE" --dry-run=client -o yaml | kubectl apply -f -
echo "Verifying namespace ${E2E_NAMESPACE} exists..."
if ! kubectl get namespace "$E2E_NAMESPACE" >/dev/null 2>&1; then
echo "ERROR: Namespace ${E2E_NAMESPACE} does not exist." >&2
echo "A cluster admin must create it first: kubectl create namespace ${E2E_NAMESPACE}" >&2
echo "Then apply RBAC: kubectl apply -f deployment/e2e-ci-runner-rbac.yaml" >&2
exit 1
fi
# --- Create ConfigMap from built plugin ---
echo ""
scripts/teardown-e2e-headlamp.sh
+8 -2
View File
@@ -20,8 +20,14 @@ echo " Release: $E2E_RELEASE"
echo "Uninstalling Helm release..."
helm uninstall "$E2E_RELEASE" -n "$E2E_NAMESPACE" 2>/dev/null || echo "Release not found (already removed?)"
echo "Deleting namespace..."
kubectl delete namespace "$E2E_NAMESPACE" --ignore-not-found --wait=false
echo "Cleaning up ConfigMap..."
kubectl delete configmap headlamp-polaris-plugin -n "$E2E_NAMESPACE" --ignore-not-found
echo "Cleaning up service account..."
kubectl delete serviceaccount headlamp-e2e-test -n "$E2E_NAMESPACE" --ignore-not-found
# Note: namespace is NOT deleted — it is managed by a cluster admin.
# The runner SA only has namespace-scoped permissions (see deployment/e2e-ci-runner-rbac.yaml).
# Clean up local env file
rm -f "$REPO_ROOT/.env.e2e"