From 1305559abbcd1e5558980062221ed3e65a8f0387 Mon Sep 17 00:00:00 2001 From: Jordan Liggitt Date: Mon, 24 Apr 2017 11:49:10 -0400 Subject: [PATCH] Stop treating in-cluster-config namespace as an override --- .../tools/clientcmd/client_config.go | 4 +-- test/e2e/kubectl.go | 31 ++++++++++++++++++- 2 files changed, 32 insertions(+), 3 deletions(-) diff --git a/staging/src/k8s.io/client-go/tools/clientcmd/client_config.go b/staging/src/k8s.io/client-go/tools/clientcmd/client_config.go index 0411e6235cc..307d1216ab4 100644 --- a/staging/src/k8s.io/client-go/tools/clientcmd/client_config.go +++ b/staging/src/k8s.io/client-go/tools/clientcmd/client_config.go @@ -482,13 +482,13 @@ func (config *inClusterClientConfig) Namespace() (string, bool, error) { // This way assumes you've set the POD_NAMESPACE environment variable using the downward API. // This check has to be done first for backwards compatibility with the way InClusterConfig was originally set up if ns := os.Getenv("POD_NAMESPACE"); ns != "" { - return ns, true, nil + return ns, false, nil } // Fall back to the namespace associated with the service account token, if available if data, err := ioutil.ReadFile("/var/run/secrets/kubernetes.io/serviceaccount/namespace"); err == nil { if ns := strings.TrimSpace(string(data)); len(ns) > 0 { - return ns, true, nil + return ns, false, nil } } diff --git a/test/e2e/kubectl.go b/test/e2e/kubectl.go index ed9b9b5f21c..ae4f2c84351 100644 --- a/test/e2e/kubectl.go +++ b/test/e2e/kubectl.go @@ -636,7 +636,24 @@ users: tokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token `), os.FileMode(0755))) framework.Logf("copying override kubeconfig to the %s pod", simplePodName) - framework.RunKubectlOrDie("cp", filepath.Join(tmpDir, overrideKubeconfigName), ns+"/"+simplePodName+":/tmp/"+overrideKubeconfigName) + framework.RunKubectlOrDie("cp", filepath.Join(tmpDir, overrideKubeconfigName), ns+"/"+simplePodName+":/tmp/") + + framework.ExpectNoError(ioutil.WriteFile(filepath.Join(tmpDir, "invalid-configmap-with-namespace.yaml"), []byte(` +kind: ConfigMap +apiVersion: v1 +metadata: + name: "configmap with namespace and invalid name" + namespace: configmap-namespace +`), os.FileMode(0755))) + framework.ExpectNoError(ioutil.WriteFile(filepath.Join(tmpDir, "invalid-configmap-without-namespace.yaml"), []byte(` +kind: ConfigMap +apiVersion: v1 +metadata: + name: "configmap without namespace and invalid name" +`), os.FileMode(0755))) + framework.Logf("copying configmap manifests to the %s pod", simplePodName) + framework.RunKubectlOrDie("cp", filepath.Join(tmpDir, "invalid-configmap-with-namespace.yaml"), ns+"/"+simplePodName+":/tmp/") + framework.RunKubectlOrDie("cp", filepath.Join(tmpDir, "invalid-configmap-without-namespace.yaml"), ns+"/"+simplePodName+":/tmp/") By("getting pods with in-cluster configs") execOutput := framework.RunHostCmdOrDie(ns, simplePodName, "/tmp/kubectl get pods --v=7 2>&1") @@ -644,6 +661,18 @@ users: Expect(execOutput).To(ContainSubstring("Using in-cluster namespace")) Expect(execOutput).To(ContainSubstring("Using in-cluster configuration")) + By("creating an object containing a namespace with in-cluster config") + _, err = framework.RunHostCmd(ns, simplePodName, "/tmp/kubectl create -f /tmp/invalid-configmap-with-namespace.yaml --v=7 2>&1") + Expect(err).To(ContainSubstring("Using in-cluster namespace")) + Expect(err).To(ContainSubstring("Using in-cluster configuration")) + Expect(err).To(ContainSubstring(fmt.Sprintf("POST https://%s:%s/api/v1/namespaces/configmap-namespace/configmaps", inClusterHost, inClusterPort))) + + By("creating an object not containing a namespace with in-cluster config") + _, err = framework.RunHostCmd(ns, simplePodName, "/tmp/kubectl create -f /tmp/invalid-configmap-without-namespace.yaml --v=7 2>&1") + Expect(err).To(ContainSubstring("Using in-cluster namespace")) + Expect(err).To(ContainSubstring("Using in-cluster configuration")) + Expect(err).To(ContainSubstring(fmt.Sprintf("POST https://%s:%s/api/v1/namespaces/%s/configmaps", inClusterHost, inClusterPort, f.Namespace.Name))) + By("trying to use kubectl with invalid token") _, err = framework.RunHostCmd(ns, simplePodName, "/tmp/kubectl get pods --token=invalid --v=7 2>&1") framework.Logf("got err %v", err)