Kubelet tries to fetch SA token immediately after deployment creates the pod,
but the SA may not be propagated yet. Setting automountServiceAccountToken: false
avoids this race. The SA token is not needed since E2E tests authenticate
via HEADLAMP_TOKEN passed as env var.
Follows the pattern established in headlamp-intel-gpu-plugin (PR #25):
- e2e/sealed-secrets.spec.ts: 5 smoke tests covering sidebar navigation,
list view, sealing keys view, cross-view navigation, and plugin settings
- e2e/auth.setup.ts: shared OIDC + token auth setup
- playwright.config.ts: fail-fast if HEADLAMP_URL not set (no prod URL fallback)
- scripts/deploy-e2e-headlamp.sh: ConfigMap-based plugin injection to privilegedescalation-dev
- scripts/teardown-e2e-headlamp.sh: clean teardown of all E2E resources
Chris Farhood
Gandalf the Greybeard