Merge pull request #89 from privilegedescalation/fix/e2e-namespace-privilegedescalation-dev
fix: move E2E test namespace from default to privilegedescalation-dev
This commit was merged in pull request #89.
This commit is contained in:
@@ -11,7 +11,7 @@ permissions:
|
|||||||
contents: read
|
contents: read
|
||||||
|
|
||||||
env:
|
env:
|
||||||
E2E_NAMESPACE: default
|
E2E_NAMESPACE: privilegedescalation-dev
|
||||||
E2E_RELEASE: headlamp-e2e
|
E2E_RELEASE: headlamp-e2e
|
||||||
|
|
||||||
jobs:
|
jobs:
|
||||||
|
|||||||
@@ -2,9 +2,9 @@
|
|||||||
# RBAC for the GitHub Actions CI runner to manage the E2E Headlamp instance.
|
# RBAC for the GitHub Actions CI runner to manage the E2E Headlamp instance.
|
||||||
# CI-only test fixture — NOT for production use.
|
# CI-only test fixture — NOT for production use.
|
||||||
#
|
#
|
||||||
# Grants the ARC runner service account permissions in the default namespace
|
# Grants the ARC runner service account permissions in the privilegedescalation-dev
|
||||||
# to deploy and tear down a dedicated Headlamp instance via Helm.
|
# namespace to deploy and tear down a dedicated Headlamp instance via Helm.
|
||||||
# E2E resources run in `default` — nothing persists beyond a test run.
|
# E2E resources run in `privilegedescalation-dev` — nothing persists beyond a test run.
|
||||||
#
|
#
|
||||||
# Plugin is loaded via ConfigMap volume mount — no custom Docker images.
|
# Plugin is loaded via ConfigMap volume mount — no custom Docker images.
|
||||||
#
|
#
|
||||||
@@ -14,7 +14,7 @@ apiVersion: rbac.authorization.k8s.io/v1
|
|||||||
kind: Role
|
kind: Role
|
||||||
metadata:
|
metadata:
|
||||||
name: e2e-ci-runner
|
name: e2e-ci-runner
|
||||||
namespace: default
|
namespace: privilegedescalation-dev
|
||||||
rules:
|
rules:
|
||||||
# Helm needs to manage these resources for the Headlamp chart
|
# Helm needs to manage these resources for the Headlamp chart
|
||||||
- apiGroups: ["apps"]
|
- apiGroups: ["apps"]
|
||||||
@@ -22,7 +22,7 @@ rules:
|
|||||||
verbs: ["get", "list", "create", "update", "patch", "delete", "watch"]
|
verbs: ["get", "list", "create", "update", "patch", "delete", "watch"]
|
||||||
- apiGroups: [""]
|
- apiGroups: [""]
|
||||||
resources: ["services", "serviceaccounts", "configmaps", "secrets"]
|
resources: ["services", "serviceaccounts", "configmaps", "secrets"]
|
||||||
verbs: ["get", "list", "create", "update", "patch", "delete"]
|
verbs: ["get", "list", "watch", "create", "update", "patch", "delete"]
|
||||||
- apiGroups: [""]
|
- apiGroups: [""]
|
||||||
resources: ["pods"]
|
resources: ["pods"]
|
||||||
verbs: ["get", "list", "watch"]
|
verbs: ["get", "list", "watch"]
|
||||||
@@ -35,7 +35,7 @@ apiVersion: rbac.authorization.k8s.io/v1
|
|||||||
kind: RoleBinding
|
kind: RoleBinding
|
||||||
metadata:
|
metadata:
|
||||||
name: e2e-ci-runner-binding
|
name: e2e-ci-runner-binding
|
||||||
namespace: default
|
namespace: privilegedescalation-dev
|
||||||
subjects:
|
subjects:
|
||||||
- kind: ServiceAccount
|
- kind: ServiceAccount
|
||||||
name: runners-privilegedescalation-gha-rs-no-permission
|
name: runners-privilegedescalation-gha-rs-no-permission
|
||||||
|
|||||||
@@ -7,7 +7,7 @@
|
|||||||
#
|
#
|
||||||
# Usage:
|
# Usage:
|
||||||
# helm install headlamp-e2e headlamp/headlamp \
|
# helm install headlamp-e2e headlamp/headlamp \
|
||||||
# -n default \
|
# -n privilegedescalation-dev \
|
||||||
# -f deployment/headlamp-e2e-values.yaml \
|
# -f deployment/headlamp-e2e-values.yaml \
|
||||||
# --set image.registry=ghcr.io \
|
# --set image.registry=ghcr.io \
|
||||||
# --set image.repository=headlamp-k8s/headlamp \
|
# --set image.repository=headlamp-k8s/headlamp \
|
||||||
@@ -17,6 +17,9 @@ config:
|
|||||||
pluginsDir: /headlamp/plugins
|
pluginsDir: /headlamp/plugins
|
||||||
watchPlugins: false
|
watchPlugins: false
|
||||||
|
|
||||||
|
clusterRoleBinding:
|
||||||
|
create: false
|
||||||
|
|
||||||
service:
|
service:
|
||||||
type: ClusterIP
|
type: ClusterIP
|
||||||
|
|
||||||
|
|||||||
@@ -5,8 +5,8 @@
|
|||||||
# a ConfigMap volume mount. No custom Docker images — the plugin is built
|
# a ConfigMap volume mount. No custom Docker images — the plugin is built
|
||||||
# in CI and injected as a ConfigMap.
|
# in CI and injected as a ConfigMap.
|
||||||
#
|
#
|
||||||
# E2E resources are deployed to the `default` namespace. Nothing persists
|
# E2E resources are deployed to the `privilegedescalation-dev` namespace. Nothing
|
||||||
# beyond the test run — teardown cleans up all created resources.
|
# persists beyond the test run — teardown cleans up all created resources.
|
||||||
#
|
#
|
||||||
# Prerequisites:
|
# Prerequisites:
|
||||||
# - Plugin built (dist/ exists with plugin-main.js + package.json)
|
# - Plugin built (dist/ exists with plugin-main.js + package.json)
|
||||||
@@ -15,7 +15,7 @@
|
|||||||
# - RBAC applied: kubectl apply -f deployment/e2e-ci-runner-rbac.yaml
|
# - RBAC applied: kubectl apply -f deployment/e2e-ci-runner-rbac.yaml
|
||||||
#
|
#
|
||||||
# Environment:
|
# Environment:
|
||||||
# E2E_NAMESPACE — namespace for E2E Headlamp (default: default)
|
# E2E_NAMESPACE — namespace for E2E Headlamp (default: privilegedescalation-dev)
|
||||||
# E2E_RELEASE — Helm release name (default: headlamp-e2e)
|
# E2E_RELEASE — Helm release name (default: headlamp-e2e)
|
||||||
# HEADLAMP_VERSION — Headlamp image tag (default: latest)
|
# HEADLAMP_VERSION — Headlamp image tag (default: latest)
|
||||||
set -euo pipefail
|
set -euo pipefail
|
||||||
@@ -23,7 +23,7 @@ set -euo pipefail
|
|||||||
REPO_ROOT="$(cd "$(dirname "$0")/.." && pwd)"
|
REPO_ROOT="$(cd "$(dirname "$0")/.." && pwd)"
|
||||||
DIST_DIR="$REPO_ROOT/dist"
|
DIST_DIR="$REPO_ROOT/dist"
|
||||||
|
|
||||||
E2E_NAMESPACE="${E2E_NAMESPACE:-default}"
|
E2E_NAMESPACE="${E2E_NAMESPACE:-privilegedescalation-dev}"
|
||||||
E2E_RELEASE="${E2E_RELEASE:-headlamp-e2e}"
|
E2E_RELEASE="${E2E_RELEASE:-headlamp-e2e}"
|
||||||
HEADLAMP_VERSION="${HEADLAMP_VERSION:-latest}"
|
HEADLAMP_VERSION="${HEADLAMP_VERSION:-latest}"
|
||||||
|
|
||||||
@@ -62,7 +62,7 @@ kubectl create configmap headlamp-polaris-plugin \
|
|||||||
# --- Deploy with Helm ---
|
# --- Deploy with Helm ---
|
||||||
echo ""
|
echo ""
|
||||||
echo "Adding Headlamp Helm repo..."
|
echo "Adding Headlamp Helm repo..."
|
||||||
helm repo add headlamp https://headlamp-k8s.github.io/headlamp/ --force-update
|
helm repo add headlamp https://kubernetes-sigs.github.io/headlamp/ --force-update
|
||||||
helm repo update
|
helm repo update
|
||||||
|
|
||||||
echo "Installing/upgrading Headlamp E2E instance..."
|
echo "Installing/upgrading Headlamp E2E instance..."
|
||||||
|
|||||||
@@ -4,13 +4,13 @@
|
|||||||
# Tears down the dedicated E2E Headlamp instance deployed by deploy-e2e-headlamp.sh.
|
# Tears down the dedicated E2E Headlamp instance deployed by deploy-e2e-headlamp.sh.
|
||||||
#
|
#
|
||||||
# Environment:
|
# Environment:
|
||||||
# E2E_NAMESPACE — namespace to clean up (default: default)
|
# E2E_NAMESPACE — namespace to clean up (default: privilegedescalation-dev)
|
||||||
# E2E_RELEASE — Helm release to uninstall (default: headlamp-e2e)
|
# E2E_RELEASE — Helm release to uninstall (default: headlamp-e2e)
|
||||||
set -euo pipefail
|
set -euo pipefail
|
||||||
|
|
||||||
REPO_ROOT="$(cd "$(dirname "$0")/.." && pwd)"
|
REPO_ROOT="$(cd "$(dirname "$0")/.." && pwd)"
|
||||||
|
|
||||||
E2E_NAMESPACE="${E2E_NAMESPACE:-default}"
|
E2E_NAMESPACE="${E2E_NAMESPACE:-privilegedescalation-dev}"
|
||||||
E2E_RELEASE="${E2E_RELEASE:-headlamp-e2e}"
|
E2E_RELEASE="${E2E_RELEASE:-headlamp-e2e}"
|
||||||
|
|
||||||
echo "=== E2E Headlamp Teardown ==="
|
echo "=== E2E Headlamp Teardown ==="
|
||||||
|
|||||||
Reference in New Issue
Block a user