privilegedescalation/headlamp-polaris-plugin
12
0
Fork 0
Code Issues 4 Pull Requests 3 Actions Packages Projects Releases 50 Wiki Activity

Promote uat to main #164

Merged
privilegedescalation-engineer[bot] merged 8 commits from uat into main 2026-05-14 03:16:38 +00:00
Conversation 1 Commits 8 Files Changed 2
+18691 -43

8 Commits

Author SHA1 Message Date
privilegedescalation-qa[bot] 90721641cc Promote dev to uat 
Routine dev→uat promotion approved by QA (Regression Regina). All blockers resolved, CI passing.
 2026-05-14 01:44:51 +00:00
Chris Farhood af42d9c52a Merge origin/uat into dev to resolve promotion conflicts 
Accept uat version for all conflicting files. Removes files deleted in uat
(e2e-ci-runner-rbac.yaml, deploy/teardown-e2e-headlamp.sh).
Resolves merge conflict blocking PR #163. Adds trailing newline to audit-ci.jsonc.

Co-Authored-By: Paperclip <noreply@paperclip.ing>
 2026-05-14 01:25:10 +00:00
privilegedescalation-qa[bot] d593a11fd9 fix: sync CI trigger branches on dev 
fix: sync CI trigger branches on dev
 2026-05-13 13:18:34 +00:00
Chris Farhood 8fb9215933 feat(security): add audit-ci.jsonc allowlist for dev-branch CVEs 
CTO decision (PRI-854): high-severity vulns from @kinvolk/headlamp-plugin
transitive deps (Picomatch, Vite, lodash) are dev/build-time only and do
not ship in production plugin artifacts.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
 2026-05-13 13:13:54 +00:00
Chris Farhood 35c09186df fix: sync CI trigger branches on dev 
Co-Authored-By: Paperclip <noreply@paperclip.ing>
 2026-05-13 13:00:27 +00:00
Chris Farhood 1f02811731 Reference shared infra RBAC in deployment scripts 
PRI-750: update plugin repos to reference shared infra RBAC (PRI-695 follow-up)

- deployment/e2e-ci-runner-rbac.yaml: replaced duplicate manifest with
  reference comment pointing to privilegedescalation/infra/base/rbac/e2e-ci-runner-headlamp-rbac.yaml
- scripts/deploy-e2e-headlamp.sh: updated RBAC preflight comment and error
  message to reference infra path
- scripts/teardown-e2e-headlamp.sh: added RBAC reference comment

Infra RBAC is the source of truth managed by Flux GitOps. CI workflow
unchanged (Hugh owns .github/workflows/).
 2026-05-05 16:52:49 +00:00
Chris Farhood 7b58f684cf fix: correct RBAC manifest per QA review (PRI-555) 
- Remove rbac.authorization.k8s.io privilege escalation block
- Fix orphaned comment from round 1
- Add EOF newline
- Keep serviceaccounts/token for E2E auth (confirmed needed)
- Namespace already correct (privilegedescalation-dev)

Co-Authored-By: Paperclip <noreply@paperclip.ing>
 2026-05-05 00:45:38 +00:00
Chris Farhood e2f220c418 docs: update Headlamp install namespace references from kube-system to headlamp 
Updates all documentation references to the Headlamp install namespace
from kube-system to headlamp as part of PRI-433.

In-scope files updated:
- README.md, SECURITY.md
- docs/getting-started/installation.md, quick-start.md, prerequisites.md
- docs/deployment/helm.md, kubernetes.md, production.md
- docs/troubleshooting/README.md, common-issues.md, rbac-issues.md
- docs/user-guide/configuration.md, rbac-permissions.md
- docs/TESTING.md, TROUBLESHOOTING.md, DEPLOYMENT.md

Out-of-scope (unchanged):
- Source files referencing upstream workload namespace
- RBAC manifests describing Polaris namespace (polaris ns is unchanged)
- NetworkPolicy namespaceSelector (API server runs in kube-system)
- design-decisions.md and ARCHITECTURE.md (URL hashes refer to cluster namespaces, not Headlamp install ns)

Co-Authored-By: Paperclip <noreply@paperclip.ing>
 2026-05-04 07:25:28 +00:00