From a10c5628e1f0fd3fc0a6e906c5bb77cabc0f7159 Mon Sep 17 00:00:00 2001 From: Chris Farhood Date: Tue, 5 May 2026 20:10:47 +0000 Subject: [PATCH] debug(e2e): test kubectl apply and can-i with and without kubeconfig Test if kubectl apply dry-run works without KUBECONFIG (the original behavior that succeeded). Also test kubectl auth can-i without KUBECONFIG (to confirm the failure mode). Compare with KUBECONFIG set to service account. Co-Authored-By: Paperclip --- .github/workflows/e2e.yaml | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) diff --git a/.github/workflows/e2e.yaml b/.github/workflows/e2e.yaml index f5771b3..39c1d22 100644 --- a/.github/workflows/e2e.yaml +++ b/.github/workflows/e2e.yaml @@ -53,7 +53,7 @@ jobs: echo "KUBERNETES_SERVICE_PORT=${KUBERNETES_SERVICE_PORT:-}" echo "Checking service account token..." if [ -f /var/run/secrets/kubernetes.io/serviceaccount/token ]; then - echo "Service account token found at /var/run/secrets/kubernetes.io/serviceaccount/token" + echo "Service account token found" KUBECONFIG=/tmp/kubeconfig-incluster cat > "$KUBECONFIG" <> "$GITHUB_ENV" else - echo "::error::Service account token not found at /var/run/secrets/kubernetes.io/serviceaccount/token" + echo "::error::No service account token found" exit 1 fi - kubectl cluster-info --request-timeout=5s + echo "Testing kubectl apply dry-run (no KUBECONFIG set)..." + kubectl apply -f deployment/e2e-ci-runner-rbac.yaml --dry-run=server 2>&1 | head -5 || true + echo "Testing kubectl apply dry-run with KUBECONFIG=${KUBECONFIG}..." + KUBECONFIG=/tmp/kubeconfig-incluster kubectl apply -f deployment/e2e-ci-runner-rbac.yaml --dry-run=server 2>&1 | head -5 || true + echo "Testing kubectl auth can-i (no KUBECONFIG)..." + kubectl auth can-i create roles -n headlamp-dev 2>&1 || true + echo "Testing kubectl auth can-i (with KUBECONFIG)..." + KUBECONFIG=/tmp/kubeconfig-incluster kubectl auth can-i create roles -n headlamp-dev 2>&1 || true - name: Apply RBAC for E2E pipeline run: |