Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Explicit namespace from kubeconfig should override in-cluster config #44570

Merged
merged 1 commit into from
Apr 21, 2017
Merged

Explicit namespace from kubeconfig should override in-cluster config #44570

merged 1 commit into from
Apr 21, 2017

Conversation

liggitt
Copy link
Member

@liggitt liggitt commented Apr 17, 2017
edited
Loading

Fixes #43662

If an explicitly specified namespace is read from a kubeconfig file, we should not fall back to in-cluster config

kubectl commands run inside a pod using a kubeconfig file now use the namespace specified in the kubeconfig file, instead of using the pod namespace. If no kubeconfig file is used, or the kubeconfig does not specify a namespace, the pod namespace is still used as a fallback.

@k8s-reviewable
Copy link

This change is Reviewable

@k8s-ci-robot k8s-ci-robot added the cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. label Apr 17, 2017
@k8s-github-robot k8s-github-robot added size/S Denotes a PR that changes 10-29 lines, ignoring generated files. release-note-label-needed labels Apr 17, 2017
@k8s-github-robot k8s-github-robot added size/M Denotes a PR that changes 30-99 lines, ignoring generated files. and removed size/S Denotes a PR that changes 10-29 lines, ignoring generated files. labels Apr 17, 2017
@liggitt
Copy link
Member Author

liggitt commented Apr 17, 2017

cc @kubernetes/sig-cli-pr-reviews

@liggitt liggitt force-pushed the namespace-icc branch 3 times, most recently from 563a5ad to 7841a4b Compare April 18, 2017 18:56
ncdc
ncdc reviewed Apr 18, 2017
View reviewed changes
test/e2e/kubectl.go Outdated
tokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token
`), os.FileMode(0755)))
framework.Logf("copying %s to the %s pod", iccOverride.Name(), simplePodName)
framework.RunKubectlOrDie("cp", iccOverride.Name(), ns+"/"+simplePodName+":/tmp/icc-override.kubeconfig")
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I am not sure if this is a regression, but it appears you can't change the destination filename; i.e. kubectl cp sourcefile pod:/tmp/destfile will yield /tmp/sourcefile inside the container :-/ I discovered this a few days ago when testing something else.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Here's an example of what it's running:

Running '/workspace/kubernetes/platforms/linux/amd64/kubectl --server=https://104.198.236.9 --kubeconfig=/workspace/.kube/config cp /tmp/icc-override.kubeconfig363380968 e2e-tests-kubectl-bp2b4/nginx:/tmp/icc-override.kubeconfig'

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

huh... that's super-annoying

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@fraenkel, is this a known issue? ^

@fraenkel
Copy link
Contributor

fraenkel commented Apr 20, 2017 via email

@liggitt liggitt added release-note Denotes a PR that will be considered when it comes time to generate release notes. and removed release-note-label-needed labels Apr 20, 2017
@liggitt
Copy link
Member Author

liggitt commented Apr 20, 2017

updated test to match kubeconfig filenames

@liggitt
Copy link
Member Author

liggitt commented Apr 20, 2017

tests green, PTAL

@liggitt liggitt mentioned this pull request Apr 20, 2017
Merged
13 tasks
smarterclayton
smarterclayton reviewed Apr 21, 2017
View reviewed changes
Copy link
Contributor

@smarterclayton smarterclayton left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Changes lgtm but want second eyes because this code always breaks

staging/src/k8s.io/client-go/tools/clientcmd/merged_client_builder.go
}

// if we got a default namespace, determine whether it was explicit or implicit
if raw, err := mergedKubeConfig.RawConfig(); err == nil {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

When the Kubeconfig revolution comes, this method will be first up against the wall. But the tests are convincing

@smarterclayton
Copy link
Contributor

/approve

@k8s-github-robot k8s-github-robot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Apr 21, 2017
@liggitt liggitt added this to the v1.6 milestone Apr 24, 2017
@liggitt liggitt mentioned this pull request Apr 24, 2017
Merged
@liggitt liggitt deleted the namespace-icc branch April 25, 2017 02:07
@liggitt liggitt mentioned this pull request Apr 25, 2017
Merged
k8s-github-robot pushed a commit that referenced this pull request Apr 25, 2017
Merge pull request #44877 from liggitt/automated-cherry-pick-of-#44570-
da7146d 
…#44862-upstream-release-1.6

Automatic merge from submit-queue

Automated cherry pick of #44570 #44862

Cherry pick of #44570 #44862 on release-1.6.

#44570: Explicit namespace from kubeconfig should override in-cluster
#44862: Stop treating in-cluster-config namespace as an override

```release-note
* kubectl commands run inside a pod using a kubeconfig file now use the namespace specified in the kubeconfig file, instead of using the pod namespace. If no kubeconfig file is used, or the kubeconfig does not specify a namespace, the pod namespace is still used as a fallback.
* Restored the ability of kubectl running inside a pod to consume resource files specifying a different namespace than the one the pod is running in.
```
@k8s-cherrypick-bot
Copy link

Commit found in the "release-1.6" branch appears to be this PR. Removing the "cherrypick-candidate" label. If this is an error find help to get your PR picked.

k8s-github-robot pushed a commit that referenced this pull request Jun 5, 2017
Merge pull request #44901 from liggitt/automated-cherry-pick-of-#44570-
1a11994 
…#44862-upstream-release-1.5

Automatic merge from submit-queue

Automated cherry pick of #44570 #44862

Cherry pick of #44570 #44862 on release-1.5.

#44570: Explicit namespace from kubeconfig should override in-cluster
#44862: Stop treating in-cluster-config namespace as an override
@deiwin deiwin mentioned this pull request Jan 3, 2019
Closed
This was referenced May 21, 2021
Closed
Closed
Closed
Closed
Closed
Closed
Open
This was referenced May 30, 2021
Closed
Closed
Closed
Closed
Closed
This was referenced Jun 6, 2021
Closed
Closed
This was referenced Jun 14, 2021
Closed
Closed
@renovate renovate bot mentioned this pull request Jul 16, 2021
Closed
1 task
This was referenced Jul 29, 2021
Closed
Closed
@liggitt liggitt mentioned this pull request Dec 16, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@smarterclayton smarterclayton smarterclayton left review comments

@ncdc ncdc ncdc left review comments

Assignees

@fabianofranz fabianofranz

@smarterclayton smarterclayton

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. lgtm "Looks good to me", indicates that a PR is ready to be merged. release-note Denotes a PR that will be considered when it comes time to generate release notes. size/M Denotes a PR that changes 30-99 lines, ignoring generated files.
Projects
None yet
Milestone
v1.6
Development

Successfully merging this pull request may close these issues.