diff --git a/Dockerfile.e2e b/Dockerfile.e2e deleted file mode 100644 index 1553191..0000000 --- a/Dockerfile.e2e +++ /dev/null @@ -1,16 +0,0 @@ -# Dockerfile.e2e -# -# Builds a Headlamp image with the polaris plugin pre-installed. -# Used by E2E tests — not for production distribution (use ArtifactHub). -# -# Usage: -# npm run build -# docker build -f Dockerfile.e2e -t ghcr.io/privilegedescalation/headlamp-polaris-e2e:sha-abc123 . -# -# The plugin dist/ must be built before running docker build. - -ARG HEADLAMP_VERSION=latest -FROM ghcr.io/headlamp-k8s/headlamp:${HEADLAMP_VERSION} - -COPY dist/ /headlamp/plugins/headlamp-polaris/ -COPY package.json /headlamp/plugins/headlamp-polaris/ diff --git a/deployment/e2e-ci-runner-rbac.yaml b/deployment/e2e-ci-runner-rbac.yaml index 5947294..9cac04e 100644 --- a/deployment/e2e-ci-runner-rbac.yaml +++ b/deployment/e2e-ci-runner-rbac.yaml @@ -6,7 +6,7 @@ # namespace to deploy and tear down a dedicated Headlamp instance via Helm. # # No kube-system access needed — E2E tests use a separate namespace. -# No PVC management — plugin is baked into the Docker image. +# Plugin is loaded via ConfigMap volume mount — no custom Docker images. # # Prerequisites: # kubectl create namespace headlamp-e2e diff --git a/deployment/headlamp-e2e-values.yaml b/deployment/headlamp-e2e-values.yaml index dbd9773..1c968a2 100644 --- a/deployment/headlamp-e2e-values.yaml +++ b/deployment/headlamp-e2e-values.yaml @@ -1,19 +1,17 @@ --- # Headlamp Helm values for E2E testing. # -# Uses a custom Docker image (built from Dockerfile.e2e) with the plugin -# pre-installed. No PVCs, no volume mounts, no deployment patching. -# -# The E2E workflow builds the image, pushes to ghcr.io, and deploys this -# Helm release in the headlamp-e2e namespace. +# Uses the stock Headlamp image with the plugin loaded via a ConfigMap +# volume mount. No custom Docker images — the plugin dist/ is packaged +# as a ConfigMap by deploy-e2e-headlamp.sh. # # Usage: # helm install headlamp-e2e headlamp/headlamp \ # -n headlamp-e2e --create-namespace \ # -f deployment/headlamp-e2e-values.yaml \ # --set image.registry=ghcr.io \ -# --set image.repository=privilegedescalation/headlamp-polaris-e2e \ -# --set image.tag= +# --set image.repository=headlamp-k8s/headlamp \ +# --set image.tag=latest config: pluginsDir: /headlamp/plugins @@ -21,3 +19,13 @@ config: service: type: ClusterIP + +extraVolumes: + - name: polaris-plugin + configMap: + name: headlamp-polaris-plugin + +extraVolumeMounts: + - name: polaris-plugin + mountPath: /headlamp/plugins/headlamp-polaris + readOnly: true diff --git a/e2e/README.md b/e2e/README.md index 29d0015..8b7e446 100644 --- a/e2e/README.md +++ b/e2e/README.md @@ -6,15 +6,14 @@ Playwright-based smoke tests that validate the Polaris plugin against a live Hea E2E tests run automatically in GitHub Actions on pushes to `main` and pull requests. The workflow (`.github/workflows/e2e.yaml`): -1. Builds the plugin -2. Builds a custom Headlamp Docker image with the plugin pre-installed (`Dockerfile.e2e`) -3. Pushes the image to `ghcr.io/privilegedescalation/headlamp-polaris-e2e:` -4. Deploys a dedicated Headlamp instance in the `headlamp-e2e` namespace via Helm -5. Generates a ServiceAccount token for test auth -6. Runs Playwright tests against the E2E instance -7. Tears down the E2E instance +1. Builds the plugin (`npm run build`) +2. Creates a ConfigMap from the built `dist/` output +3. Deploys a stock Headlamp instance via Helm with the plugin mounted as a ConfigMap volume +4. Generates a ServiceAccount token for test auth +5. Runs Playwright tests against the E2E instance +6. Tears down the E2E instance -This approach avoids PVCs, kubectl exec/cp, and deployment patching. The plugin is part of the container image. +This approach uses the stock `ghcr.io/headlamp-k8s/headlamp` image with no custom Docker builds. The plugin is loaded via `HEADLAMP_PLUGINS_DIR` volume mount. ### Required GitHub Secrets @@ -27,6 +26,8 @@ Configure these in GitHub repository settings (Settings → Secrets and variable Token-based auth is auto-generated by the deploy script. OIDC secrets are only needed if testing against the shared Headlamp instance. +No `GHCR_TOKEN` or Docker registry secrets are needed — the stock Headlamp image is public. + ## Running Locally ### Option 1: OIDC via Authentik (same as CI) @@ -261,13 +262,13 @@ Tests run automatically in GitHub Actions on pushes to `main` and pull requests. The E2E workflow deploys a **dedicated Headlamp instance** for each test run: -1. Build plugin and Docker image (`Dockerfile.e2e`) -2. Push image to `ghcr.io/privilegedescalation/headlamp-polaris-e2e:` -3. Deploy via Helm in the `headlamp-e2e` namespace (`scripts/deploy-e2e-headlamp.sh`) +1. Build plugin (`npm run build`) +2. Create ConfigMap from `dist/` output (`scripts/deploy-e2e-headlamp.sh`) +3. Deploy stock Headlamp via Helm with ConfigMap volume mount 4. Run Playwright tests against the E2E instance 5. Tear down (`scripts/teardown-e2e-headlamp.sh`) -No PVCs, no kubectl exec/cp, no patching of existing deployments. The plugin is baked into the Docker image. +No custom Docker images, no PVCs, no kubectl exec/cp, no patching of existing deployments. The plugin is mounted from a ConfigMap into the stock Headlamp image. ### Cluster Prerequisites diff --git a/scripts/deploy-e2e-headlamp.sh b/scripts/deploy-e2e-headlamp.sh index 4b67f4c..461cd60 100755 --- a/scripts/deploy-e2e-headlamp.sh +++ b/scripts/deploy-e2e-headlamp.sh @@ -1,25 +1,19 @@ #!/usr/bin/env bash # deploy-e2e-headlamp.sh # -# Builds a custom Headlamp image with the polaris plugin pre-installed, -# pushes it to ghcr.io, and deploys a dedicated E2E Headlamp instance. -# -# This replaces the old PVC + kubectl-patch approach. The plugin is part -# of the container image — no PVCs, no kubectl exec/cp, no deployment -# patching required. +# Deploys a stock Headlamp instance with the polaris plugin loaded via +# a ConfigMap volume mount. No custom Docker images — the plugin is built +# in CI and injected as a ConfigMap. # # Prerequisites: -# - Plugin built (dist/ exists) -# - Docker or buildx available -# - GHCR_TOKEN set (or GH_TOKEN with packages:write) +# - Plugin built (dist/ exists with plugin-main.js + package.json) # - kubectl configured with cluster access # - Helm 3 installed # # Environment: # E2E_NAMESPACE — namespace for E2E Headlamp (default: headlamp-e2e) # E2E_RELEASE — Helm release name (default: headlamp-e2e) -# HEADLAMP_VERSION — base Headlamp image tag (default: latest) -# IMAGE_TAG — tag for the E2E image (default: git SHA) +# HEADLAMP_VERSION — Headlamp image tag (default: latest) set -euo pipefail REPO_ROOT="$(cd "$(dirname "$0")/.." && pwd)" @@ -28,9 +22,6 @@ DIST_DIR="$REPO_ROOT/dist" E2E_NAMESPACE="${E2E_NAMESPACE:-headlamp-e2e}" E2E_RELEASE="${E2E_RELEASE:-headlamp-e2e}" HEADLAMP_VERSION="${HEADLAMP_VERSION:-latest}" -IMAGE_REPO="ghcr.io/privilegedescalation/headlamp-polaris-e2e" -IMAGE_TAG="${IMAGE_TAG:-$(git -C "$REPO_ROOT" rev-parse --short HEAD)}" -IMAGE="${IMAGE_REPO}:${IMAGE_TAG}" if [ ! -d "$DIST_DIR" ]; then echo "ERROR: dist/ not found. Run 'npm run build' first." >&2 @@ -38,20 +29,28 @@ if [ ! -d "$DIST_DIR" ]; then fi echo "=== E2E Headlamp Deployment ===" -echo " Image: $IMAGE" +echo " Image: ghcr.io/headlamp-k8s/headlamp:${HEADLAMP_VERSION}" echo " Namespace: $E2E_NAMESPACE" echo " Release: $E2E_RELEASE" -# --- Build and push the custom image --- +# --- Create namespace --- echo "" -echo "Building E2E Headlamp image..." -docker build -f "$REPO_ROOT/Dockerfile.e2e" \ - --build-arg "HEADLAMP_VERSION=${HEADLAMP_VERSION}" \ - -t "$IMAGE" \ - "$REPO_ROOT" +echo "Creating namespace ${E2E_NAMESPACE} (if needed)..." +kubectl create namespace "$E2E_NAMESPACE" --dry-run=client -o yaml | kubectl apply -f - -echo "Pushing image to ghcr.io..." -docker push "$IMAGE" +# --- Create ConfigMap from built plugin --- +echo "" +echo "Creating ConfigMap with plugin files..." + +# Delete existing ConfigMap if present (idempotent redeploy) +kubectl delete configmap headlamp-polaris-plugin \ + -n "$E2E_NAMESPACE" --ignore-not-found + +# Create ConfigMap from dist/ contents and package.json +kubectl create configmap headlamp-polaris-plugin \ + -n "$E2E_NAMESPACE" \ + --from-file="$DIST_DIR" \ + --from-file=package.json="$REPO_ROOT/package.json" # --- Deploy with Helm --- echo "" @@ -59,16 +58,13 @@ echo "Adding Headlamp Helm repo..." helm repo add headlamp https://headlamp-k8s.github.io/headlamp/ --force-update helm repo update -echo "Creating namespace ${E2E_NAMESPACE} (if needed)..." -kubectl create namespace "$E2E_NAMESPACE" --dry-run=client -o yaml | kubectl apply -f - - echo "Installing/upgrading Headlamp E2E instance..." helm upgrade --install "$E2E_RELEASE" headlamp/headlamp \ -n "$E2E_NAMESPACE" \ -f "$REPO_ROOT/deployment/headlamp-e2e-values.yaml" \ --set "image.registry=ghcr.io" \ - --set "image.repository=privilegedescalation/headlamp-polaris-e2e" \ - --set "image.tag=${IMAGE_TAG}" \ + --set "image.repository=headlamp-k8s/headlamp" \ + --set "image.tag=${HEADLAMP_VERSION}" \ --wait \ --timeout 120s