diff options
author | Thong Kuah <tkuah@gitlab.com> | 2018-09-12 07:00:51 +0300 |
---|---|---|
committer | Thong Kuah <tkuah@gitlab.com> | 2018-09-14 07:26:51 +0300 |
commit | fd9d2f491446f172dd7efdd03cdb27851c69c093 (patch) | |
tree | 0af3e956a1f70baf985b8e4d11c8997babef14f2 /app/services/clusters/gcp | |
parent | 3c5c6c2c2e8e2db00d0b90d0213e60995880b50e (diff) |
Kubernetes secret are namespaced, so must always pass a namespace arg.
In our case it's 'default'.
Diffstat (limited to 'app/services/clusters/gcp')
3 files changed, 7 insertions, 6 deletions
diff --git a/app/services/clusters/gcp/kubernetes.rb b/app/services/clusters/gcp/kubernetes.rb index 21a09891ac4..d014d73b3e8 100644 --- a/app/services/clusters/gcp/kubernetes.rb +++ b/app/services/clusters/gcp/kubernetes.rb @@ -4,6 +4,7 @@ module Clusters module Gcp module Kubernetes SERVICE_ACCOUNT_NAME = 'gitlab' + SERVICE_ACCOUNT_NAMESPACE = 'default' SERVICE_ACCOUNT_TOKEN_NAME = 'gitlab-token' CLUSTER_ROLE_BINDING_NAME = 'gitlab-admin' CLUSTER_ROLE_NAME = 'cluster-admin' diff --git a/app/services/clusters/gcp/kubernetes/create_service_account_service.rb b/app/services/clusters/gcp/kubernetes/create_service_account_service.rb index 4c43b94d911..d17744591e6 100644 --- a/app/services/clusters/gcp/kubernetes/create_service_account_service.rb +++ b/app/services/clusters/gcp/kubernetes/create_service_account_service.rb @@ -20,16 +20,16 @@ module Clusters private def service_account_resource - Gitlab::Kubernetes::ServiceAccount.new(service_account_name, namespace).generate + Gitlab::Kubernetes::ServiceAccount.new(service_account_name, service_account_namespace).generate end def service_account_token_resource Gitlab::Kubernetes::ServiceAccountToken.new( - SERVICE_ACCOUNT_TOKEN_NAME, service_account_name, namespace).generate + SERVICE_ACCOUNT_TOKEN_NAME, service_account_name, service_account_namespace).generate end def cluster_role_binding_resource - subjects = [{ kind: 'ServiceAccount', name: service_account_name, namespace: namespace }] + subjects = [{ kind: 'ServiceAccount', name: service_account_name, namespace: service_account_namespace }] Gitlab::Kubernetes::ClusterRoleBinding.new( CLUSTER_ROLE_BINDING_NAME, @@ -42,8 +42,8 @@ module Clusters SERVICE_ACCOUNT_NAME end - def namespace - 'default' + def service_account_namespace + SERVICE_ACCOUNT_NAMESPACE end end end diff --git a/app/services/clusters/gcp/kubernetes/fetch_kubernetes_token_service.rb b/app/services/clusters/gcp/kubernetes/fetch_kubernetes_token_service.rb index 877dc1de89b..9e09345c8dc 100644 --- a/app/services/clusters/gcp/kubernetes/fetch_kubernetes_token_service.rb +++ b/app/services/clusters/gcp/kubernetes/fetch_kubernetes_token_service.rb @@ -18,7 +18,7 @@ module Clusters private def get_secret - kubeclient.get_secret(SERVICE_ACCOUNT_TOKEN_NAME).as_json + kubeclient.get_secret(SERVICE_ACCOUNT_TOKEN_NAME, SERVICE_ACCOUNT_NAMESPACE).as_json rescue Kubeclient::HttpError => err raise err unless err.error_code == 404 |