Description

Adds a script that exposes sensor-proxy via LoadBalancer, a NetworkPolicy to allow external traffic, and a CronJob to auto-cleanup these resources after a short period of time. This script is called automatically when starting a local OpenShift console container for development against the console plugin.

Why do we want this

This allows plugin developers to start the console in dev mode and connect to an OpenShift cluster via the production network path, instead of directly to a publicly exposed central with a hard coded API token.

Benefits:

1. Develop against the true e2e flow used in production
2. Requests are authorized and scoped appropriately via sensor-proxy (using the API token results in incorrect data when simulating a plugin response)
3. Reduces to a single start-ocp-console.sh script, without the need for additional env vars and configuration

User-facing documentation

• CHANGELOG.md is updated OR update is not needed
• documentation PR is created and is linked above OR is not needed

Testing and quality

• the change is production ready: the change is GA, or otherwise the functionality is gated by a feature flag
• CI results are inspected

Automated testing

• added unit tests
• added e2e tests
• added regression tests
• added compatibility tests
• modified existing tests

How I validated my change

Verify that ./scripts/start-ocp-console.sh starts the local Console correctly and loads the dev version of the dynamic plugin.

Verify that data visible in the console plugin is correctly scoped to the cluster and namespace it belongs to.

Verify that the resources are created correctly, and are automatically cleaned up after the time limit with:

oc -n stackrox get cronjobs
oc -n stackrox get services
oc -n stackrox get networkpolicy