privilegedescalation/headlamp-polaris-plugin
Archived
12
0
Fork 0
Code Issues 4 Pull Requests 3 Actions Packages Projects Releases 50 Wiki Activity
This repository has been archived on 2026-06-16. You can view files and clone it. You cannot open issues or pull requests or push a commit.
Files
a65743dea3ee70a1f98ee7e0f8c505e1e1e354fc
headlamp-polaris-plugin/deployment
T
History
Chris Farhood a65743dea3 fix(e2e): grant CI runner read access to polaris namespace for RBAC pre-flight check 
The RBAC pre-flight check workflow step (commit 46350c5) verifies that
polaris-dashboard-proxy-reader Role and RoleBinding exist in the polaris
namespace before running E2E tests. However, the CI runner's RBAC
(e2e-ci-runner-role in privilegedescalation-dev) did not include
permission to read roles/rolebindings in the polaris namespace, causing
the pre-flight check to fail with a generic kubectl error on all branches.

Fix: add rules to e2e-ci-runner-role allowing get on roles/rolebindings in
privilegedescalation-dev (for the pre-flight check itself), plus a new
Role + RoleBinding in the polaris namespace granting the runner read
access to rbac resources there.

Without this fix, the pre-flight check exits 1 on every branch until someone
SSHs into the runner pod and manually applies the polaris RBAC manifest —
which they shouldn't need to do.

Co-Authored-By: Paperclip <noreply@paperclip.ing>
2026-05-03 15:13:03 +00:00
..
e2e-ci-runner-rbac.yaml
fix(e2e): grant CI runner read access to polaris namespace for RBAC pre-flight check
2026-05-03 15:13:03 +00:00
PLUGIN_LOADING_FIX.md
chore: bump version to 0.3.1
2026-02-11 21:48:04 -05:00
polaris-rbac.yaml
fix: E2E tests — RBAC for Polaris service proxy + settings selector (#22)
2026-03-08 22:08:51 +00:00