Gandalf the Greybeard
6189f2b983
Replace the PVC + kubectl-patch approach for E2E plugin deployment with a custom Docker image that has the plugin pre-installed. This eliminates all policy-violating operations: - No PVCs in kube-system - No kubectl exec/cp to Headlamp pods - No deployment patching via kubectl - No temporary pods or ConfigMap-based file transfers The new approach builds a Headlamp image with the plugin baked in (Dockerfile.e2e), deploys it as a dedicated instance in the headlamp-e2e namespace via Helm, and tears it down after tests complete. RBAC is scoped to the headlamp-e2e namespace instead of kube-system. Note: .github/workflows/e2e.yaml still needs updating to use the new scripts — that change is delegated to Hugh (CI/CD owner). Closes: privilegedescalation/headlamp-polaris-plugin#72 Co-Authored-By: Paperclip <noreply@paperclip.ing>
24 lines
688 B
YAML
24 lines
688 B
YAML
---
|
|
# Headlamp Helm values for E2E testing.
|
|
#
|
|
# Uses a custom Docker image (built from Dockerfile.e2e) with the plugin
|
|
# pre-installed. No PVCs, no volume mounts, no deployment patching.
|
|
#
|
|
# The E2E workflow builds the image, pushes to ghcr.io, and deploys this
|
|
# Helm release in the headlamp-e2e namespace.
|
|
#
|
|
# Usage:
|
|
# helm install headlamp-e2e headlamp/headlamp \
|
|
# -n headlamp-e2e --create-namespace \
|
|
# -f deployment/headlamp-e2e-values.yaml \
|
|
# --set image.registry=ghcr.io \
|
|
# --set image.repository=privilegedescalation/headlamp-polaris-e2e \
|
|
# --set image.tag=<sha>
|
|
|
|
config:
|
|
pluginsDir: /headlamp/plugins
|
|
watchPlugins: false
|
|
|
|
service:
|
|
type: ClusterIP
|