debug(e2e): test kubectl apply and can-i with and without kubeconfig
Test if kubectl apply dry-run works without KUBECONFIG (the original behavior that succeeded). Also test kubectl auth can-i without KUBECONFIG (to confirm the failure mode). Compare with KUBECONFIG set to service account. Co-Authored-By: Paperclip <noreply@paperclip.ing>
This commit is contained in:
@@ -53,7 +53,7 @@ jobs:
|
|||||||
echo "KUBERNETES_SERVICE_PORT=${KUBERNETES_SERVICE_PORT:-<unset>}"
|
echo "KUBERNETES_SERVICE_PORT=${KUBERNETES_SERVICE_PORT:-<unset>}"
|
||||||
echo "Checking service account token..."
|
echo "Checking service account token..."
|
||||||
if [ -f /var/run/secrets/kubernetes.io/serviceaccount/token ]; then
|
if [ -f /var/run/secrets/kubernetes.io/serviceaccount/token ]; then
|
||||||
echo "Service account token found at /var/run/secrets/kubernetes.io/serviceaccount/token"
|
echo "Service account token found"
|
||||||
KUBECONFIG=/tmp/kubeconfig-incluster
|
KUBECONFIG=/tmp/kubeconfig-incluster
|
||||||
cat > "$KUBECONFIG" <<EOF
|
cat > "$KUBECONFIG" <<EOF
|
||||||
apiVersion: v1
|
apiVersion: v1
|
||||||
@@ -75,13 +75,19 @@ users:
|
|||||||
user:
|
user:
|
||||||
tokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token
|
tokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token
|
||||||
EOF
|
EOF
|
||||||
echo "Created kubeconfig at ${KUBECONFIG}"
|
|
||||||
echo "KUBECONFIG=${KUBECONFIG}" >> "$GITHUB_ENV"
|
echo "KUBECONFIG=${KUBECONFIG}" >> "$GITHUB_ENV"
|
||||||
else
|
else
|
||||||
echo "::error::Service account token not found at /var/run/secrets/kubernetes.io/serviceaccount/token"
|
echo "::error::No service account token found"
|
||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
kubectl cluster-info --request-timeout=5s
|
echo "Testing kubectl apply dry-run (no KUBECONFIG set)..."
|
||||||
|
kubectl apply -f deployment/e2e-ci-runner-rbac.yaml --dry-run=server 2>&1 | head -5 || true
|
||||||
|
echo "Testing kubectl apply dry-run with KUBECONFIG=${KUBECONFIG}..."
|
||||||
|
KUBECONFIG=/tmp/kubeconfig-incluster kubectl apply -f deployment/e2e-ci-runner-rbac.yaml --dry-run=server 2>&1 | head -5 || true
|
||||||
|
echo "Testing kubectl auth can-i (no KUBECONFIG)..."
|
||||||
|
kubectl auth can-i create roles -n headlamp-dev 2>&1 || true
|
||||||
|
echo "Testing kubectl auth can-i (with KUBECONFIG)..."
|
||||||
|
KUBECONFIG=/tmp/kubeconfig-incluster kubectl auth can-i create roles -n headlamp-dev 2>&1 || true
|
||||||
|
|
||||||
- name: Apply RBAC for E2E pipeline
|
- name: Apply RBAC for E2E pipeline
|
||||||
run: |
|
run: |
|
||||||
|
|||||||
Reference in New Issue
Block a user