From 0a52a8effaefc0d647b3950d4fb9c6c0feb0289e Mon Sep 17 00:00:00 2001 From: Hugh Hackman Date: Fri, 20 Mar 2026 01:13:02 +0000 Subject: [PATCH] fix: remove namespace create/delete from E2E scripts MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The CI runner SA only has namespace-scoped RBAC in headlamp-e2e — it cannot create or delete namespaces at the cluster level. Deploy now verifies the namespace exists (with a clear error if not), and teardown cleans up resources without deleting the namespace itself. Co-Authored-By: Paperclip --- scripts/deploy-e2e-headlamp.sh | 12 +++++++++--- scripts/teardown-e2e-headlamp.sh | 10 ++++++++-- 2 files changed, 17 insertions(+), 5 deletions(-) diff --git a/scripts/deploy-e2e-headlamp.sh b/scripts/deploy-e2e-headlamp.sh index 461cd60..5599aa1 100755 --- a/scripts/deploy-e2e-headlamp.sh +++ b/scripts/deploy-e2e-headlamp.sh @@ -9,6 +9,7 @@ # - Plugin built (dist/ exists with plugin-main.js + package.json) # - kubectl configured with cluster access # - Helm 3 installed +# - E2E namespace pre-created by cluster admin (see deployment/e2e-ci-runner-rbac.yaml) # # Environment: # E2E_NAMESPACE — namespace for E2E Headlamp (default: headlamp-e2e) @@ -33,10 +34,15 @@ echo " Image: ghcr.io/headlamp-k8s/headlamp:${HEADLAMP_VERSION}" echo " Namespace: $E2E_NAMESPACE" echo " Release: $E2E_RELEASE" -# --- Create namespace --- +# --- Verify namespace exists (must be pre-created by cluster admin) --- echo "" -echo "Creating namespace ${E2E_NAMESPACE} (if needed)..." -kubectl create namespace "$E2E_NAMESPACE" --dry-run=client -o yaml | kubectl apply -f - +echo "Verifying namespace ${E2E_NAMESPACE} exists..." +if ! kubectl get namespace "$E2E_NAMESPACE" >/dev/null 2>&1; then + echo "ERROR: Namespace ${E2E_NAMESPACE} does not exist." >&2 + echo "A cluster admin must create it first: kubectl create namespace ${E2E_NAMESPACE}" >&2 + echo "Then apply RBAC: kubectl apply -f deployment/e2e-ci-runner-rbac.yaml" >&2 + exit 1 +fi # --- Create ConfigMap from built plugin --- echo "" diff --git a/scripts/teardown-e2e-headlamp.sh b/scripts/teardown-e2e-headlamp.sh index aa83d0c..2c4ae19 100755 --- a/scripts/teardown-e2e-headlamp.sh +++ b/scripts/teardown-e2e-headlamp.sh @@ -20,8 +20,14 @@ echo " Release: $E2E_RELEASE" echo "Uninstalling Helm release..." helm uninstall "$E2E_RELEASE" -n "$E2E_NAMESPACE" 2>/dev/null || echo "Release not found (already removed?)" -echo "Deleting namespace..." -kubectl delete namespace "$E2E_NAMESPACE" --ignore-not-found --wait=false +echo "Cleaning up ConfigMap..." +kubectl delete configmap headlamp-polaris-plugin -n "$E2E_NAMESPACE" --ignore-not-found + +echo "Cleaning up service account..." +kubectl delete serviceaccount headlamp-e2e-test -n "$E2E_NAMESPACE" --ignore-not-found + +# Note: namespace is NOT deleted — it is managed by a cluster admin. +# The runner SA only has namespace-scoped permissions (see deployment/e2e-ci-runner-rbac.yaml). # Clean up local env file rm -f "$REPO_ROOT/.env.e2e"