search

GoogleContainerTools / skaffold

Easy and Repeatable Kubernetes Development
https://skaffold.dev/
Apache License 2.0
14.94k stars 1.62k forks source link

Skaffold deploy falls back to .kube/config:context.namespace instead of .deploy.**.namespace #7460

Open MaximShepelev opened 2 years ago

MaximShepelev commented 2 years ago

Expected behavior

skaffold run & skaffold dev commands exit successfully

Actual behavior

Starting deploy...
Release "mshepelev-luigi" has been upgraded. Happy Helming!
NAME: mshepelev-luigi
LAST DEPLOYED: Mon May 30 14:00:07 2022
NAMESPACE: bioinf-tools
STATUS: deployed
REVISION: 7
TEST SUITE: None

Waiting for deployments to stabilize...
could not fetch deployments: could not fetch deployments: deployments.apps is forbidden: User "system:serviceaccount:users:test-user2" cannot list resource "deployments" in API group "apps" in the namespace "default"

Information

apiVersion: skaffold/v2beta26
kind: Config

profiles:
  - name: luigi-profile-setup
    build:
      tagPolicy:
        sha256: {}
      cluster:
        namespace: bioinf-tools
      artifacts:
      - image: docker-rnd.example.com/ldt/luigi
        context: "kubernetes/luigi"
        kaniko:
          skipTLSVerifyRegistry: ["docker-rnd.example.com"]
          cache: {}
    deploy:
      helm:
        releases:
        - name: "{{.USER}}-luigi"
          namespace: bioinf-tools
          chartPath: kubernetes/luigi/helm
          valuesFiles:
          - "kubernetes/luigi/helm/values.yaml"
          setValueTemplates:
            app.image.repository: docker-rnd.example.com/ldt/luigi
            app.image.tag: "{{.IMAGE_TAG}}"

Steps to reproduce the behavior

  1. Any test Helm chart (no need to build anything)
  2. A separate namespace (bioinf-tools) and a limited cluster account with full permissions to that namespace
  3. kubectl config set-context --current --namespace=default
  4. skaffold dev --profile luigi-profile-setup or skaffold run --profile luigi-profile-setup

Additional info

Since I explicitly specify namespace in .deploy.helm.releases[0].namespace I expect skaffold to check whether the release was deployed into said namespace. In fact it does deploy successfully as seen in the logs, but further skaffold check fails.

I know I can also set namespace while running commands as such: skaffold run -n NAMESPACE and it actually exits 0, but I don't really see a point in this since:

  1. it is meant to override values in skaffold config.
  2. skaffold should fallback to current context.namespace only if no namespace value was provided

Addiotional logs

DEBU[0015] getting client config for kubeContext: `midgard-test2`  subtask=-1 task=DevLoop
DEBU[0015] getting client config for kubeContext: `midgard-test2`  subtask=-1 task=DevLoop
DEBU[0015] Patchingmshepelev-luigiin namespacebioinf-tools  subtask=0 task=Deploy
DEBU[0015] Patchingmshepelev-luigiin namespacebioinf-tools  subtask=0 task=Deploy
INFO[0015] Deploy completed in 12.45 seconds             subtask=-1 task=Deploy
Waiting for deployments to stabilize...
DEBU[0015] getting client config for kubeContext: `midgard-test2`  subtask=-1 task=DevLoop
DEBU[0015] getting client config for kubeContext: `midgard-test2`  subtask=-1 task=DevLoop
DEBU[0016] Running command: [tput colors]                subtask=-1 task=DevLoop
DEBU[0016] Command output: [256
]                        subtask=-1 task=DevLoop
could not fetch deployments: could not fetch deployments: deployments.apps is forbidden: User "system:serviceaccount:users:test-user2" cannot list resource "deployments" in API group "apps" in the namespace "monitoring"
DEBU[0016] exporting metrics                             subtask=-1 task=DevLoop
DEBU[0018] metrics uploading complete in 1.623704105s    subtask=-1 task=DevLoop

Switching default namespace in context also changes namespace in log

could not fetch deployments: could not fetch deployments: deployments.apps is forbidden: User "system:serviceaccount:users:test-user2" cannot list resource "deployments" in API group "apps" in the namespace "default"

$ kubectl config set-context --current --namespace=monitoring

could not fetch deployments: could not fetch deployments: deployments.apps is forbidden: User "system:serviceaccount:users:test-user2" cannot list resource "deployments" in API group "apps" in the namespace "monitoring"

P.S. There are also a few spaces missing in debug messages: Patchingmshepelev-luigiin namespacebioinf-tools

P.S.S. It would also be handy to be able to specify defaultNamespace for a profile or for the whole config

tejal29 commented 1 year ago

Maybe something to try during our bug bash /cc @aaron-prindle