k8s:watch uses default namespace even if other namespace is configured

[petergarnaes]

Description

Info

• Eclipse JKube version : 1.5.1
• Maven version (mvn -v) :

Apache Maven 3.8.3 (ff8e977a158738155dc465c6a97ffaf31982d739)
Maven home: REDACTED
Java version: 17, vendor: Private Build, runtime: /usr/lib/jvm/java-17-openjdk-amd64
Default locale: en_US, platform encoding: UTF-8
OS name: "linux", version: "4.15.0-162-generic", arch: "amd64", family: "unix"

• Kubernetes / Red Hat OpenShift setup and version :

➜ kubectl version
Client Version: version.Info{Major:"1", Minor:"22", GitVersion:"v1.22.4", GitCommit:"b695d79d4f967c403a96986f1750a35eb75e75f1", GitTreeState:"clean", BuildDate:"2021-11-17T15:48:33Z", GoVersion:"go1.16.10", Compiler:"gc", Platform:"linux/amd64"}
Server Version: version.Info{Major:"1", Minor:"18", GitVersion:"v1.18.17", GitCommit:"68b4e26caf6ede7af577db4af62fb405b4dd47e6", GitTreeState:"clean", BuildDate:"2021-03-18T00:54:02Z", GoVersion:"go1.13.15", Compiler:"gc", Platform:"linux/amd64"}

Issue

I am working on a Rancher cluster

Since it involves a Rancher cluster, I can't give a good guide on how to reproduce, but the issue is pretty straight forward. When I am trying to run mvn k8s:resource k8s:build k8s:push k8s:watch, my docker image is built, pushed and deployed correctly (I can find the deployment in the cluster) but I get the following error:

[ERROR] Failed to execute goal org.eclipse.jkube:kubernetes-maven-plugin:1.5.1:watch (default-cli) on project spring-kube-demo: Execution default-cli of goal org.eclipse.jkube:kubernetes-maven-plugin:1.5.1:watch failed: Failure executing: GET at: https://rancher-cluster.my-company.com/k8s/clusters/local/api/v1/namespaces/default/pods?labelSelector=app%3Dspring-kube-demo%2Cprovider%3Djkube%2Cgroup%3Dcom.mycompany.mydepartment. Message: Forbidden! User myuser doesn't have permission. pods is forbidden: User "myuser" cannot list resource "pods" in API group "" in the namespace "default". -> [Help 1]

Not providing access to the default namespace is by design in Rancher clusters. I do have the namespace configured in my pom.xml:

<plugin>
  <groupId>org.eclipse.jkube</groupId>
    <artifactId>kubernetes-maven-plugin</artifactId>
    <version>1.5.1</version>
    <configuration>
      <namespace>development</namespace>
         <images>
          ...
        </images>
    </configuration>
</plugin>    

I would expect k8s:watch to use the configured namespace.

Full stack trace

[rohanKanojia]

@petergarnaes : Thanks a lot for reporting. I can reproduce this issue. Looks like instead of reading namespace configuration k8s:watch is picking up namespace from .kube/config context :

contexts:
- context:
    cluster: minikube
    namespace: default
    user: minikube
  name: minikube

[petergarnaes]

@rohanKanojia you are correct, don't know why i did not think of that! Thanks for helping me move on in the current version of the plugin.

[rohanKanojia]

I've created a fix for this issue. I think now watch should pick correct configured namespace

Using Kubernetes Maven Plugin, I tested this via adding a namespace in plugin configuration which was not equal to the one in kubeconfig current context:

            <plugin>
                <groupId>org.eclipse.jkube</groupId>
                <artifactId>kubernetes-maven-plugin</artifactId>
                <version>${jkube.version}</version>
                <configuration>
                  <namespace>development</namespace>
                </configuration>
            </plugin>

Using Kubernetes Gradle Plugin, I specified namespace in Groovy configuration:

plugins {
    id 'org.eclipse.jkube.kubernetes' version '1.5.1'
}

kubernetes {
    namespace = 'development'
}