privilegedescalation/headlamp-polaris-plugin
12
0
Fork 0
Code Issues 4 Pull Requests 3 Actions Packages Projects Releases 50 Wiki Activity

fix: move E2E test namespace from default to privilegedescalation-dev #89

Merged
privilegedescalation-engineer[bot] merged 5 commits from fix/e2e-namespace-privilegedescalation-dev into main 2026-03-21 20:17:41 +00:00
Conversation 10 Commits 5 Files Changed 5
+18 -15

5 Commits

Author SHA1 Message Date
Hugh Hackman ca4832bcc3 fix: add watch verb to services/serviceaccounts/configmaps/secrets in RBAC 
Helm --wait requires watch on these resources to track rollout readiness.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-03-21 20:10:32 +00:00
Hugh Hackman d6c8a8bbfc fix: disable ClusterRoleBinding creation in E2E Helm values 
The Headlamp chart defaults to creating a ClusterRoleBinding, but the
ARC runner service account lacks cluster-scoped RBAC permissions. E2E
tests only need Headlamp to serve the UI — no cluster-admin required.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-03-21 20:08:25 +00:00
Hugh Hackman 3d91572b59 fix: update Headlamp Helm repo URL to kubernetes-sigs 
The Headlamp project moved from headlamp-k8s to kubernetes-sigs GitHub org.
The old chart URL https://headlamp-k8s.github.io/headlamp/ now returns 404.
Updated to https://kubernetes-sigs.github.io/headlamp/.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-03-21 20:05:08 +00:00
Hugh Hackman f0f3bd51a4 ci: change E2E_NAMESPACE from default to privilegedescalation-dev 
Align workflow with org RBAC policy — agents have read-write access only
in privilegedescalation-dev, not the default namespace.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-03-21 20:01:04 +00:00
Gandalf the Greybeard 6e9c97593c fix: move E2E test namespace from default to privilegedescalation-dev 
Per org RBAC policy, development/testing Headlamp instances must run in
`privilegedescalation-dev`, not `default`. Agents only have read-write
access in `privilegedescalation` and `privilegedescalation-dev` — the
`default` namespace is outside our permitted scope.

Updated:
- deployment/e2e-ci-runner-rbac.yaml: Role/RoleBinding now targets privilegedescalation-dev
- deployment/headlamp-e2e-values.yaml: comment updated
- scripts/deploy-e2e-headlamp.sh: default namespace changed
- scripts/teardown-e2e-headlamp.sh: default namespace changed

Note: .github/workflows/e2e.yaml still sets E2E_NAMESPACE: default and
needs a separate update — delegated to Hugh Hackman (workflow owner).

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-03-21 19:51:18 +00:00