Use configured namespace for pod watcher.

[michaelfig]

This is a first step towards working on my on-premises cluster.

Basically, the pod watcher was failing because it requests cluster-wide pod access, but my RBAC for the current user restricts it to just the michael namespace.

An enhancement would be to use the value of the --namespace flag to override the context's namespace if supplied.

[googlebot]

Thanks for your pull request. It looks like this may be your first contribution to a Google open source project (if not, look below for help). Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA).

📝 Please visit https://cla.developers.google.com/ to sign.

Once you've signed (or fixed any issues), please reply here (e.g. I signed it!) and we'll verify it.

---

What to do if you already signed the CLA

Individual signers

• It's possible we don't have your GitHub username or you're using a different email address on your commit. Check your existing CLA data and verify that your email is set on your git commits.

Corporate signers

• Your company has a Point of Contact who decides which employees are authorized to participate. Ask your POC to be added to the group of authorized contributors. If you don't know who your Point of Contact is, direct the Google project maintainer to go/cla#troubleshoot (Public version).
• The email used to register you as an authorized contributor must be the email used for the Git commit. Check your existing CLA data and verify that your email is set on your git commits.
• The email used to register you as an authorized contributor must also be attached to your GitHub account.

[codecov-io]

Codecov Report

Merging #1473 into master will increase coverage by 0.29%.
The diff coverage is 50.61%.

@@            Coverage Diff             @@
##           master    #1473      +/-   ##
==========================================
+ Coverage   45.62%   45.91%   +0.29%     
==========================================
  Files         116      118       +2     
  Lines        4870     4937      +67     
==========================================
+ Hits         2222     2267      +45     
- Misses       2424     2440      +16     
- Partials      224      230       +6

Impacted Files	Coverage Δ
pkg/skaffold/kubernetes/watcher.go	0% <0%> (ø)	⬆️
pkg/skaffold/kubernetes/log.go	6.55% <0%> (-0.17%)	⬇️
pkg/skaffold/runner/dev.go	56.52% <100%> (ø)	⬆️
pkg/skaffold/kubernetes/port_forward.go	42.27% <28.57%> (-0.23%)	⬇️
pkg/skaffold/runner/runner.go	60.94% <70.96%> (-0.54%)	⬇️
pkg/skaffold/sync/sync.go	91.42% <88.88%> (+0.12%)	⬆️
pkg/skaffold/deploy/kubectl/cli.go	0% <0%> (ø)	⬆️
pkg/skaffold/schema/versions.go	65.85% <0%> (ø)	⬆️
pkg/skaffold/schema/v1beta3/config.go	100% <0%> (ø)
pkg/skaffold/schema/v1beta3/upgrade.go	58.62% <0%> (ø)
... and 2 more

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 3084ca3...6c08f07. Read the comment docs.

[michaelfig]

I signed it!

[googlebot]

CLAs look good, thanks!

[r2d4]

Skaffold can deploy namespaced objects as well - I think to be really correct you'd need to get the namespace (if specified) of the deployed resources as well as the default, or passed-through namespace. But this makes sense as a first step

[michaelfig]

@r2d4 Yes absolutely. I'll quote from #1521:

However, the skaffold -n option and SKAFFOLD_NAMESPACE environment variables should also be honoured, and the PR should be refactored to have just one func for finding the namespace to look for pods. Also, if the pods in the *.yaml files are explicitly put in a different namespace [with metadata.namespace], that namespace should also be watched.

[nkubala]

hey @michaelfig, thanks for the contribution. agree with @r2d4 that this is a fine first step, and thanks for the explanation. looks like this broke some of the sync tests though, can you check out the failures?

[michaelfig]

@nkubala, will do (probably next week), likely caused by one of the above known deficiencies.

[michaelfig]

This version now honours the .kube/config default namespace, which can be overridden with the -n (--namespace) option to skaffold. There is not yet any work for extracting the namespaces from the configured pod resources.

[r2d4]

LGTM - thanks for adding this feature!

[michaelfig]

@r2d4 Failed kokoro, but I can't see the logs (Google corp only).

[r2d4]

@michaelfig the logs should be publicly accessible. The page takes a second to load, but you should be able to click through runtimes-common/skaffold/presubmit to see the logs

[michaelfig]

@r2d4 Thanks, I was able to see the failure (in syncer), and fixed it so that it works in my own cluster. kokoro should run successfully next time.

[michaelfig]

@r2d4, @nkubala, @dgageot: Anything else need doing before this can be merged?

Thanks,
Michael.

[nkubala]

@michaelfig thanks for seeing this one through!