revert(e2e): remove Apply RBAC step — CI runner lacks RBAC read permissions · 2734e0f554 - headlamp-polaris-plugin

privilegedescalation/headlamp-polaris-plugin

Archived

revert(e2e): remove Apply RBAC step — CI runner lacks RBAC read permissions

The CI runner service account (runners-privilegedescalation-gha-rs-no-permission)
does not have `get` on roles/rolebindings, so kubectl apply returns Forbidden
before it can apply anything. This is a circular dependency: the runner needs
RBAC to operate, but can't apply its own RBAC.

The correct fix is to bootstrap the privilegedescalation/infra repo into
the cluster's Flux instance. The RBAC manifest is already at
base/rbac/e2e-ci-runner-rbac.yaml with a kustomization — Flux will apply it
once the infra-production GitRepository+Kustomization are registered with
the cluster's Flux.

See: https://github.com/privilegedescalation/headlamp-polaris-plugin/issues/79

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

This commit is contained in:

Hugh Hackman

2026-03-21 14:16:13 +00:00

parent 088550744f

commit 2734e0f554

1 changed files with 0 additions and 3 deletions

									
										.github/workflows/e2e.yaml
									
		-3
	
												View File
												
				@@ -35,9 +35,6 @@ jobs:

				      - name: Setup Helm

				        uses: azure/setup-helm@v4

				      - name: Apply RBAC

				        run: kubectl apply -f deployment/e2e-ci-runner-rbac.yaml

				      - name: Install dependencies

				        run: npm ci