Add RBAC pre-flight check to E2E pipeline

Check for polaris-dashboard-proxy-reader Role and RoleBinding before running
E2E tests. Fail fast with a clear error message pointing to the RBAC manifest
instead of letting tests fail with confusing proxy 403 errors.

Co-Authored-By: Paperclip <noreply@paperclip.ing>

.github/workflows/e2e.yaml

@@ -45,6 +45,31 @@ jobs:
       - name: Setup kubectl
         uses: azure/setup-kubectl@v4
 
+      - name: RBAC pre-flight check
+        run: |
+          echo "Checking RBAC resources in polaris namespace..."
+          MISSING_ROLE=false
+          MISSING_ROLEBINDING=false
+
+          if ! kubectl get role polaris-dashboard-proxy-reader -n polaris --quiet 2>/dev/null; then
+            echo "::error::Role polaris-dashboard-proxy-reader not found in polaris namespace."
+            MISSING_ROLE=true
+          fi
+
+          if ! kubectl get rolebinding polaris-dashboard-proxy-reader -n polaris --quiet 2>/dev/null; then
+            echo "::error::RoleBinding polaris-dashboard-proxy-reader not found in polaris namespace."
+            MISSING_ROLEBINDING=true
+          fi
+
+          if [ "$MISSING_ROLE" = true ] || [ "$MISSING_ROLEBINDING" = true ]; then
+            echo ""
+            echo "::error::RBAC not applied. Apply the RBAC manifests before running E2E tests:"
+            echo "::error::  kubectl apply -f deployment/polaris-rbac.yaml"
+            exit 1
+          fi
+
+          echo "RBAC pre-flight check passed."
+
       - name: Install dependencies
         run: npm ci