Make namespaceExists check optional on switch #333
Comments
|
This is a duplicate of #83 and #19. Can you please confirm are you in a situation where you can browses the resources under the specific namespace, but not GET that Namespace object itself ( We currently check if GET Namespace returns an 404 Not Found to determine if the namespace doesn't exist. But we can assume 403 Forbidden also means the namespace exists and we can let you switch into that. |
|
@vitorfhc if you still have the same set up, it would be great if you can confirm this:
|
|
@ahmetb you are quite right, a rare situation. Even though this is a rare situation, I believe it would be interesting to add a flag which ignores the verification of namespace's existence. |
|
Bumping the above, we don't have get permission on the namespace |
|
@druvv you can always obtain the bash version of kubens from the root of the repository which doesn't have this problem. This issue is present only in the Go implementation. |
|
In many corporate (and other) clusters listing og even a |
|
Btw, the bash implementation also has this issue if you don't have |
|
Using ➜ ~ kubectl auth can-i get pods # In an existing namespace I have permissions in
yes
➜ ~ kubens does-not-exist
Context "nnn" modified.
Active namespace is "does-not-exist".
➜ ~ kubectl auth can-i get pods
no |
|
Based on this - still looking for a better "permission" to check, but: # Ref https://github.com/ahmetb/kubectx/blob/master/kubens#L101
switch_namespace() {
local ctx="${1}"
local ns="${2}"
local ret=0
local verb="get"
local resource="pods"
local perm="${verb} ${resource}"
if $KUBECTL -n ${ns} auth can-i ${verb} ${resource} >/dev/null 2>&1
then
$KUBECTL config set-context "${ctx}" --namespace="${ns}"
echo "Active namespace is \"${ns}\".">&2
else
echo "Not changing active namespace to \"${ns}\", as permission to \"${perm}\" is missing."
ret=1
fi
return ${ret}
}And # https://github.com/ahmetb/kubectx/blob/master/kubens#L128
set_namespace() {
local ctx prev
ctx="$(current_context)" || exit_err "error getting current context"
prev="$(current_namespace)" || exit_error "error getting current namespace"
if ! switch_namespace "${ctx}" "${1}"; then
echo "Failed to swich namespace to ${1}"
fi
}Then switching namespace will look like this ➜ ~ kubens asdf
Not changing active namespace to "asdf", as permission to "get pods" is missing.
Failed to swich namespace to asdf
➜ ~ kubens valid-ns
Context "nnn" modified.
Active namespace is "valid-ns". |
Context
When we want to switch the namespace we run
switchNamespace. This function makes a verification to check if the namespace we are switching to exists.Problem
On some occasions we don't have access to listing all namespaces as
namespaceExistsrequires. The result is thatkubensbecomes useless.Solution
Adding a flag
--no-verify(just an example) that skips this verification and changes the context even if the namespace doesn't exist.Contribution
I'd love to contribute and add this piece of code if it makes sense to the project. Let's discuss a good way of doing this.
The text was updated successfully, but these errors were encountered: