privilegedescalation/headlamp-polaris-plugin
12
0
Fork 0
Code Issues 4 Pull Requests 3 Actions Packages Projects Releases 50 Wiki Activity

refactor: replace Dockerfile.e2e with ConfigMap volume mount for E2E plugin loading

Browse Source 
Delete custom Docker image approach per board directive. Plugin is now
loaded into stock Headlamp via a ConfigMap volume mount:

- Delete Dockerfile.e2e
- deploy-e2e-headlamp.sh creates a ConfigMap from dist/ and mounts it
  into the stock ghcr.io/headlamp-k8s/headlamp image
- Helm values use extraVolumes/extraVolumeMounts for the ConfigMap
- No custom images, no PVCs, no kubectl exec/cp

Co-Authored-By: Paperclip <noreply@paperclip.ing>
This commit is contained in:
Gandalf the Greybeard
2026-03-20 01:01:28 +00:00
parent 8ac890a1c6
commit 4344d33349
5 changed files with 53 additions and 64 deletions
Download Patch File Download Diff File Expand all files Collapse all files
Dockerfile.e2e
-16
View File
@@ -1,16 +0,0 @@
# Dockerfile.e2e
#
# Builds a Headlamp image with the polaris plugin pre-installed.
# Used by E2E tests — not for production distribution (use ArtifactHub).
#
# Usage:
# npm run build
# docker build -f Dockerfile.e2e -t ghcr.io/privilegedescalation/headlamp-polaris-e2e:sha-abc123 .
#
# The plugin dist/ must be built before running docker build.
ARG HEADLAMP_VERSION=latest
FROM ghcr.io/headlamp-k8s/headlamp:${HEADLAMP_VERSION}
COPY dist/ /headlamp/plugins/headlamp-polaris/
COPY package.json /headlamp/plugins/headlamp-polaris/
deployment/e2e-ci-runner-rbac.yaml
+1 -1
View File
@@ -6,7 +6,7 @@
# namespace to deploy and tear down a dedicated Headlamp instance via Helm.
#
# No kube-system access needed — E2E tests use a separate namespace.
# No PVC management — plugin is baked into the Docker image.
# Plugin is loaded via ConfigMap volume mount — no custom Docker images.
#
# Prerequisites:
# kubectl create namespace headlamp-e2e
deployment/headlamp-e2e-values.yaml
+15 -7
View File
@@ -1,19 +1,17 @@
---
# Headlamp Helm values for E2E testing.
#
# Uses a custom Docker image (built from Dockerfile.e2e) with the plugin
# pre-installed. No PVCs, no volume mounts, no deployment patching.
#
# The E2E workflow builds the image, pushes to ghcr.io, and deploys this
# Helm release in the headlamp-e2e namespace.
# Uses the stock Headlamp image with the plugin loaded via a ConfigMap
# volume mount. No custom Docker images — the plugin dist/ is packaged
# as a ConfigMap by deploy-e2e-headlamp.sh.
#
# Usage:
# helm install headlamp-e2e headlamp/headlamp \
# -n headlamp-e2e --create-namespace \
# -f deployment/headlamp-e2e-values.yaml \
# --set image.registry=ghcr.io \
# --set image.repository=privilegedescalation/headlamp-polaris-e2e \
# --set image.tag=<sha>
# --set image.repository=headlamp-k8s/headlamp \
# --set image.tag=latest
config:
pluginsDir: /headlamp/plugins
@@ -21,3 +19,13 @@ config:
service:
type: ClusterIP
extraVolumes:
- name: polaris-plugin
configMap:
name: headlamp-polaris-plugin
extraVolumeMounts:
- name: polaris-plugin
mountPath: /headlamp/plugins/headlamp-polaris
readOnly: true
e2e/README.md
+13 -12
View File
@@ -6,15 +6,14 @@ Playwright-based smoke tests that validate the Polaris plugin against a live Hea
E2E tests run automatically in GitHub Actions on pushes to `main` and pull requests. The workflow (`.github/workflows/e2e.yaml`):
1. Builds the plugin
2. Builds a custom Headlamp Docker image with the plugin pre-installed (`Dockerfile.e2e`)
3. Pushes the image to `ghcr.io/privilegedescalation/headlamp-polaris-e2e:<sha>`
4. Deploys a dedicated Headlamp instance in the `headlamp-e2e` namespace via Helm
5. Generates a ServiceAccount token for test auth
6. Runs Playwright tests against the E2E instance
7. Tears down the E2E instance
1. Builds the plugin (`npm run build`)
2. Creates a ConfigMap from the built `dist/` output
3. Deploys a stock Headlamp instance via Helm with the plugin mounted as a ConfigMap volume
4. Generates a ServiceAccount token for test auth
5. Runs Playwright tests against the E2E instance
6. Tears down the E2E instance
This approach avoids PVCs, kubectl exec/cp, and deployment patching. The plugin is part of the container image.
This approach uses the stock `ghcr.io/headlamp-k8s/headlamp` image with no custom Docker builds. The plugin is loaded via `HEADLAMP_PLUGINS_DIR` volume mount.
### Required GitHub Secrets
@@ -27,6 +26,8 @@ Configure these in GitHub repository settings (Settings → Secrets and variable
Token-based auth is auto-generated by the deploy script. OIDC secrets are only needed if testing against the shared Headlamp instance.
No `GHCR_TOKEN` or Docker registry secrets are needed — the stock Headlamp image is public.
## Running Locally
### Option 1: OIDC via Authentik (same as CI)
@@ -261,13 +262,13 @@ Tests run automatically in GitHub Actions on pushes to `main` and pull requests.
The E2E workflow deploys a **dedicated Headlamp instance** for each test run:
1. Build plugin and Docker image (`Dockerfile.e2e`)
2. Push image to `ghcr.io/privilegedescalation/headlamp-polaris-e2e:<sha>`
3. Deploy via Helm in the `headlamp-e2e` namespace (`scripts/deploy-e2e-headlamp.sh`)
1. Build plugin (`npm run build`)
2. Create ConfigMap from `dist/` output (`scripts/deploy-e2e-headlamp.sh`)
3. Deploy stock Headlamp via Helm with ConfigMap volume mount
4. Run Playwright tests against the E2E instance
5. Tear down (`scripts/teardown-e2e-headlamp.sh`)
No PVCs, no kubectl exec/cp, no patching of existing deployments. The plugin is baked into the Docker image.
No custom Docker images, no PVCs, no kubectl exec/cp, no patching of existing deployments. The plugin is mounted from a ConfigMap into the stock Headlamp image.
### Cluster Prerequisites
scripts/deploy-e2e-headlamp.sh
+24 -28
View File
@@ -1,25 +1,19 @@
#!/usr/bin/env bash
# deploy-e2e-headlamp.sh
#
# Builds a custom Headlamp image with the polaris plugin pre-installed,
# pushes it to ghcr.io, and deploys a dedicated E2E Headlamp instance.
#
# This replaces the old PVC + kubectl-patch approach. The plugin is part
# of the container image — no PVCs, no kubectl exec/cp, no deployment
# patching required.
# Deploys a stock Headlamp instance with the polaris plugin loaded via
# a ConfigMap volume mount. No custom Docker images — the plugin is built
# in CI and injected as a ConfigMap.
#
# Prerequisites:
# - Plugin built (dist/ exists)
# - Docker or buildx available
# - GHCR_TOKEN set (or GH_TOKEN with packages:write)
# - Plugin built (dist/ exists with plugin-main.js + package.json)
# - kubectl configured with cluster access
# - Helm 3 installed
#
# Environment:
# E2E_NAMESPACE — namespace for E2E Headlamp (default: headlamp-e2e)
# E2E_RELEASE — Helm release name (default: headlamp-e2e)
# HEADLAMP_VERSION — base Headlamp image tag (default: latest)
# IMAGE_TAG — tag for the E2E image (default: git SHA)
# HEADLAMP_VERSION — Headlamp image tag (default: latest)
set -euo pipefail
REPO_ROOT="$(cd "$(dirname "$0")/.." && pwd)"
@@ -28,9 +22,6 @@ DIST_DIR="$REPO_ROOT/dist"
E2E_NAMESPACE="${E2E_NAMESPACE:-headlamp-e2e}"
E2E_RELEASE="${E2E_RELEASE:-headlamp-e2e}"
HEADLAMP_VERSION="${HEADLAMP_VERSION:-latest}"
IMAGE_REPO="ghcr.io/privilegedescalation/headlamp-polaris-e2e"
IMAGE_TAG="${IMAGE_TAG:-$(git -C "$REPO_ROOT" rev-parse --short HEAD)}"
IMAGE="${IMAGE_REPO}:${IMAGE_TAG}"
if [ ! -d "$DIST_DIR" ]; then
echo "ERROR: dist/ not found. Run 'npm run build' first." >&2
@@ -38,20 +29,28 @@ if [ ! -d "$DIST_DIR" ]; then
fi
echo "=== E2E Headlamp Deployment ==="
echo " Image: $IMAGE"
echo " Image: ghcr.io/headlamp-k8s/headlamp:${HEADLAMP_VERSION}"
echo " Namespace: $E2E_NAMESPACE"
echo " Release: $E2E_RELEASE"
# --- Build and push the custom image ---
# --- Create namespace ---
echo ""
echo "Building E2E Headlamp image..."
docker build -f "$REPO_ROOT/Dockerfile.e2e" \
--build-arg "HEADLAMP_VERSION=${HEADLAMP_VERSION}" \
-t "$IMAGE" \
"$REPO_ROOT"
echo "Creating namespace ${E2E_NAMESPACE} (if needed)..."
kubectl create namespace "$E2E_NAMESPACE" --dry-run=client -o yaml | kubectl apply -f -
echo "Pushing image to ghcr.io..."
docker push "$IMAGE"
# --- Create ConfigMap from built plugin ---
echo ""
echo "Creating ConfigMap with plugin files..."
# Delete existing ConfigMap if present (idempotent redeploy)
kubectl delete configmap headlamp-polaris-plugin \
-n "$E2E_NAMESPACE" --ignore-not-found
# Create ConfigMap from dist/ contents and package.json
kubectl create configmap headlamp-polaris-plugin \
-n "$E2E_NAMESPACE" \
--from-file="$DIST_DIR" \
--from-file=package.json="$REPO_ROOT/package.json"
# --- Deploy with Helm ---
echo ""
@@ -59,16 +58,13 @@ echo "Adding Headlamp Helm repo..."
helm repo add headlamp https://headlamp-k8s.github.io/headlamp/ --force-update
helm repo update
echo "Creating namespace ${E2E_NAMESPACE} (if needed)..."
kubectl create namespace "$E2E_NAMESPACE" --dry-run=client -o yaml | kubectl apply -f -
echo "Installing/upgrading Headlamp E2E instance..."
helm upgrade --install "$E2E_RELEASE" headlamp/headlamp \
-n "$E2E_NAMESPACE" \
-f "$REPO_ROOT/deployment/headlamp-e2e-values.yaml" \
--set "image.registry=ghcr.io" \
--set "image.repository=privilegedescalation/headlamp-polaris-e2e" \
--set "image.tag=${IMAGE_TAG}" \
--set "image.repository=headlamp-k8s/headlamp" \
--set "image.tag=${HEADLAMP_VERSION}" \
--wait \
--timeout 120s