privilegedescalation/headlamp-polaris-plugin
Archived
12
0
Fork 0
Code Issues 4 Pull Requests 3 Actions Packages Projects Releases 50 Wiki Activity

ci: add RBAC preflight check to deploy-e2e-headlamp.sh

Browse Source 
Fails fast with a clear error and remediation hint if the runner SA
lacks configmap delete permission, instead of dying mid-deploy.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
Hugh Hackman
2026-03-21 03:15:06 +00:00
parent 08a3009ba8
commit 1bf5c2431c
1 changed files with 8 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
scripts/deploy-e2e-headlamp.sh
+8
View File
@@ -32,6 +32,14 @@ if [ ! -d "$DIST_DIR" ]; then
exit 1 exit 1
fi fi
# --- Preflight: verify RBAC before touching the cluster ---
echo "Checking RBAC permissions in namespace '${E2E_NAMESPACE}'..."
if ! kubectl auth can-i delete configmaps -n "$E2E_NAMESPACE" --quiet 2>/dev/null; then
echo "ERROR: Missing RBAC — cannot delete configmaps in namespace '${E2E_NAMESPACE}'." >&2
echo " Apply RBAC first: kubectl apply -f deployment/e2e-ci-runner-rbac.yaml" >&2
exit 1
fi
echo "=== E2E Headlamp Deployment ===" echo "=== E2E Headlamp Deployment ==="
echo " Image: ghcr.io/headlamp-k8s/headlamp:${HEADLAMP_VERSION}" echo " Image: ghcr.io/headlamp-k8s/headlamp:${HEADLAMP_VERSION}"
echo " Namespace: $E2E_NAMESPACE" echo " Namespace: $E2E_NAMESPACE"