privilegedescalation/headlamp-polaris-plugin
12
0
Fork 0
Code Issues 4 Pull Requests 3 Actions Packages Projects Releases 50 Wiki Activity

ci: use on-prem runners for E2E tests #10

Merged
cpfarhood merged 1 commits from ci/disable-e2e-auto-run into main 2026-02-12 13:15:38 +00:00
Conversation 0 Commits 1 Files Changed 1
+1 -1
cpfarhood commented 2026-02-12 13:09:17 +00:00 (Migrated from github.com)
Copy Link
Copy Source

Problem

E2E tests are failing on all branches with DNS resolution errors:

Error: page.goto: net::ERR_NAME_NOT_RESOLVED at https://headlamp.animaniacs.farh.net/

Root cause: GitHub-hosted runners don't have network access to headlamp.animaniacs.farh.net (private network).

Solution

Use self-hosted ARC (Actions Runner Controller) runners that run in the same network as the Headlamp instance.

Changes

Before:

jobs:
  e2e:
    runs-on: ubuntu-latest

After:

jobs:
  e2e:
    runs-on: k3s-animaniacs

Runner Configuration

Self-hosted runners configured via Flux:

  • Runner scale set: k3s-animaniacs
  • Config: kubernetes/base/arc-runners/helmrelease-arc-runner-set.yaml
  • GitHub App auth: Configured for cpfarhood/kubernetes org
  • Capacity: 0-4 runners (scale to zero when idle)
  • Container mode: Docker-in-Docker (dind)

Impact

E2E tests work - Runners have network access to headlamp.animaniacs.farh.net
PRs properly validated - E2E tests run on push/PR as intended
Cost savings - Self-hosted runners (no GitHub Actions minutes consumed)
Auto-scaling - Runners scale from 0 to 4 based on demand

Testing

E2E tests will now run:

  1. On push to main
  2. On pull requests
  3. Manual workflow_dispatch

Tests use self-hosted runners with access to:

  • Headlamp instance: https://headlamp.animaniacs.farh.net
  • Authentik OIDC provider for authentication

Alternatives Considered

  1. Expose Headlamp publicly - Security concern
  2. Disable E2E on CI - Loses automated testing
  3. Use on-prem runners - Best of both worlds

References

🤖 Generated with Claude Code

## Problem E2E tests are failing on all branches with DNS resolution errors: ``` Error: page.goto: net::ERR_NAME_NOT_RESOLVED at https://headlamp.animaniacs.farh.net/ ``` **Root cause:** GitHub-hosted runners don't have network access to `headlamp.animaniacs.farh.net` (private network). ## Solution Use self-hosted ARC (Actions Runner Controller) runners that run in the same network as the Headlamp instance. ### Changes **Before:** ```yaml jobs: e2e: runs-on: ubuntu-latest ``` **After:** ```yaml jobs: e2e: runs-on: k3s-animaniacs ``` ### Runner Configuration Self-hosted runners configured via Flux: - **Runner scale set:** `k3s-animaniacs` - **Config:** `kubernetes/base/arc-runners/helmrelease-arc-runner-set.yaml` - **GitHub App auth:** Configured for `cpfarhood/kubernetes` org - **Capacity:** 0-4 runners (scale to zero when idle) - **Container mode:** Docker-in-Docker (dind) ## Impact ✅ **E2E tests work** - Runners have network access to `headlamp.animaniacs.farh.net` ✅ **PRs properly validated** - E2E tests run on push/PR as intended ✅ **Cost savings** - Self-hosted runners (no GitHub Actions minutes consumed) ✅ **Auto-scaling** - Runners scale from 0 to 4 based on demand ## Testing E2E tests will now run: 1. **On push to main** 2. **On pull requests** 3. **Manual workflow_dispatch** Tests use self-hosted runners with access to: - Headlamp instance: `https://headlamp.animaniacs.farh.net` - Authentik OIDC provider for authentication ## Alternatives Considered 1. ❌ **Expose Headlamp publicly** - Security concern 2. ❌ **Disable E2E on CI** - Loses automated testing 3. ✅ **Use on-prem runners** - Best of both worlds ## References - ARC runner config: `kubernetes/base/arc-runners/helmrelease-arc-runner-set.yaml` - Failed E2E run (GitHub-hosted): https://github.com/cpfarhood/headlamp-polaris-plugin/actions/runs/21946461082 - Error: `ERR_NAME_NOT_RESOLVED` at authentication step 🤖 Generated with [Claude Code](https://claude.com/claude-code)
Sign in to join this conversation.
Reviewers
No Reviewers
Labels
Clear labels
P0
Must fix - blocking
 P0
Must fix - blocking
 bug
Something isn't working
 bug
Something isn't working
 cla:approved
cla:approved
confirmed
confirmed
documentation
Improvements or additions to documentation
 documentation
Improvements or additions to documentation
 duplicate
This issue or pull request already exists
 duplicate
This issue or pull request already exists
 e2e
e2e
enhancement
New feature or request
 enhancement
New feature or request
 good first issue
Good for newcomers
 good first issue
Good for newcomers
 help wanted
Extra attention is needed
 help wanted
Extra attention is needed
 infra
Infrastructure/ops work
 infra
Infrastructure/ops work
 invalid
This doesn't seem right
 invalid
This doesn't seem right
 pri-917
pri-917
question
Further information is requested
 question
Further information is requested
 typecheck
typecheck
typescript
typescript
wontfix
This will not be worked on
 wontfix
This will not be worked on
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
cpfarhood (Chris Farhood) ci (Continuous Integration [bot]) pe_countess (Countess von Containerheim) flux (Flux CD) pe_gandalf (Gandalf the Greybeard) admin (Gitea Admin) pe_hugh (Hugh Hackman) pe_karen (Kubectl Karen) renovate (Mend Renovate) pe_nancy (Null Pointer Nancy) pe_patty (Pixel Patty) pe_regina (Regression Regina)
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: privilegedescalation/headlamp-polaris-plugin#10
Delete Branch "ci/disable-e2e-auto-run"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?