From fd9d2f491446f172dd7efdd03cdb27851c69c093 Mon Sep 17 00:00:00 2001
From: Thong Kuah <tkuah@gitlab.com>
Date: Wed, 12 Sep 2018 16:00:51 +1200
Subject: Kubernetes secret are namespaced, so must always pass a namespace
 arg.

In our case it's 'default'.
---
 app/services/clusters/gcp/kubernetes.rb                        |  1 +
 .../clusters/gcp/kubernetes/create_service_account_service.rb  | 10 +++++-----
 .../clusters/gcp/kubernetes/fetch_kubernetes_token_service.rb  |  2 +-
 3 files changed, 7 insertions(+), 6 deletions(-)

(limited to 'app/services/clusters/gcp')

diff --git a/app/services/clusters/gcp/kubernetes.rb b/app/services/clusters/gcp/kubernetes.rb
index 21a09891ac4..d014d73b3e8 100644
--- a/app/services/clusters/gcp/kubernetes.rb
+++ b/app/services/clusters/gcp/kubernetes.rb
@@ -4,6 +4,7 @@ module Clusters
   module Gcp
     module Kubernetes
       SERVICE_ACCOUNT_NAME = 'gitlab'
+      SERVICE_ACCOUNT_NAMESPACE = 'default'
       SERVICE_ACCOUNT_TOKEN_NAME = 'gitlab-token'
       CLUSTER_ROLE_BINDING_NAME = 'gitlab-admin'
       CLUSTER_ROLE_NAME = 'cluster-admin'
diff --git a/app/services/clusters/gcp/kubernetes/create_service_account_service.rb b/app/services/clusters/gcp/kubernetes/create_service_account_service.rb
index 4c43b94d911..d17744591e6 100644
--- a/app/services/clusters/gcp/kubernetes/create_service_account_service.rb
+++ b/app/services/clusters/gcp/kubernetes/create_service_account_service.rb
@@ -20,16 +20,16 @@ module Clusters
         private
 
         def service_account_resource
-          Gitlab::Kubernetes::ServiceAccount.new(service_account_name, namespace).generate
+          Gitlab::Kubernetes::ServiceAccount.new(service_account_name, service_account_namespace).generate
         end
 
         def service_account_token_resource
           Gitlab::Kubernetes::ServiceAccountToken.new(
-            SERVICE_ACCOUNT_TOKEN_NAME, service_account_name, namespace).generate
+            SERVICE_ACCOUNT_TOKEN_NAME, service_account_name, service_account_namespace).generate
         end
 
         def cluster_role_binding_resource
-          subjects = [{ kind: 'ServiceAccount', name: service_account_name, namespace: namespace }]
+          subjects = [{ kind: 'ServiceAccount', name: service_account_name, namespace: service_account_namespace }]
 
           Gitlab::Kubernetes::ClusterRoleBinding.new(
             CLUSTER_ROLE_BINDING_NAME,
@@ -42,8 +42,8 @@ module Clusters
           SERVICE_ACCOUNT_NAME
         end
 
-        def namespace
-          'default'
+        def service_account_namespace
+          SERVICE_ACCOUNT_NAMESPACE
         end
       end
     end
diff --git a/app/services/clusters/gcp/kubernetes/fetch_kubernetes_token_service.rb b/app/services/clusters/gcp/kubernetes/fetch_kubernetes_token_service.rb
index 877dc1de89b..9e09345c8dc 100644
--- a/app/services/clusters/gcp/kubernetes/fetch_kubernetes_token_service.rb
+++ b/app/services/clusters/gcp/kubernetes/fetch_kubernetes_token_service.rb
@@ -18,7 +18,7 @@ module Clusters
         private
 
         def get_secret
-          kubeclient.get_secret(SERVICE_ACCOUNT_TOKEN_NAME).as_json
+          kubeclient.get_secret(SERVICE_ACCOUNT_TOKEN_NAME, SERVICE_ACCOUNT_NAMESPACE).as_json
         rescue Kubeclient::HttpError => err
           raise err unless err.error_code == 404
 
-- 
cgit v1.2.3