Kubernetes secret are namespaced, so must always pass a namespace arg.

In our case it's 'default'.
author: Thong Kuah <tkuah@gitlab.com> 2018-09-12 07:00:51 +0300
committer: Thong Kuah <tkuah@gitlab.com> 2018-09-14 07:26:51 +0300
commit: fd9d2f491446f172dd7efdd03cdb27851c69c093 (patch)
tree: 0af3e956a1f70baf985b8e4d11c8997babef14f2 /app/services/clusters/gcp
parent: 3c5c6c2c2e8e2db00d0b90d0213e60995880b50e (diff)
3 files changed, 7 insertions, 6 deletions
diff --git a/app/services/clusters/gcp/kubernetes.rb b/app/services/clusters/gcp/kubernetes.rb
index 21a09891ac4..d014d73b3e8 100644
--- a/app/services/clusters/gcp/kubernetes.rb
+++ b/app/services/clusters/gcp/kubernetes.rb
@@ -4,6 +4,7 @@ module Clusters
   module Gcp
     module Kubernetes
       SERVICE_ACCOUNT_NAME = 'gitlab'
+      SERVICE_ACCOUNT_NAMESPACE = 'default'
       SERVICE_ACCOUNT_TOKEN_NAME = 'gitlab-token'
       CLUSTER_ROLE_BINDING_NAME = 'gitlab-admin'
       CLUSTER_ROLE_NAME = 'cluster-admin'
diff --git a/app/services/clusters/gcp/kubernetes/create_service_account_service.rb b/app/services/clusters/gcp/kubernetes/create_service_account_service.rb
index 4c43b94d911..d17744591e6 100644
--- a/app/services/clusters/gcp/kubernetes/create_service_account_service.rb
+++ b/app/services/clusters/gcp/kubernetes/create_service_account_service.rb
@@ -20,16 +20,16 @@ module Clusters
         private
 
         def service_account_resource
-          Gitlab::Kubernetes::ServiceAccount.new(service_account_name, namespace).generate
+          Gitlab::Kubernetes::ServiceAccount.new(service_account_name, service_account_namespace).generate
         end
 
         def service_account_token_resource
           Gitlab::Kubernetes::ServiceAccountToken.new(
-            SERVICE_ACCOUNT_TOKEN_NAME, service_account_name, namespace).generate
+            SERVICE_ACCOUNT_TOKEN_NAME, service_account_name, service_account_namespace).generate
         end
 
         def cluster_role_binding_resource
-          subjects = [{ kind: 'ServiceAccount', name: service_account_name, namespace: namespace }]
+          subjects = [{ kind: 'ServiceAccount', name: service_account_name, namespace: service_account_namespace }]
 
           Gitlab::Kubernetes::ClusterRoleBinding.new(
             CLUSTER_ROLE_BINDING_NAME,
@@ -42,8 +42,8 @@ module Clusters
           SERVICE_ACCOUNT_NAME
         end
 
-        def namespace
-          'default'
+        def service_account_namespace
+          SERVICE_ACCOUNT_NAMESPACE
         end
       end
     end
diff --git a/app/services/clusters/gcp/kubernetes/fetch_kubernetes_token_service.rb b/app/services/clusters/gcp/kubernetes/fetch_kubernetes_token_service.rb
index 877dc1de89b..9e09345c8dc 100644
--- a/app/services/clusters/gcp/kubernetes/fetch_kubernetes_token_service.rb
+++ b/app/services/clusters/gcp/kubernetes/fetch_kubernetes_token_service.rb
@@ -18,7 +18,7 @@ module Clusters
         private
 
         def get_secret
-          kubeclient.get_secret(SERVICE_ACCOUNT_TOKEN_NAME).as_json
+          kubeclient.get_secret(SERVICE_ACCOUNT_TOKEN_NAME, SERVICE_ACCOUNT_NAMESPACE).as_json
         rescue Kubeclient::HttpError => err
           raise err unless err.error_code == 404
author	Thong Kuah <tkuah@gitlab.com>	2018-09-12 07:00:51 +0300
committer	Thong Kuah <tkuah@gitlab.com>	2018-09-14 07:26:51 +0300
commit	fd9d2f491446f172dd7efdd03cdb27851c69c093 (patch)
tree	0af3e956a1f70baf985b8e4d11c8997babef14f2 /app/services/clusters/gcp
parent	3c5c6c2c2e8e2db00d0b90d0213e60995880b50e (diff)