GitLab AutoDevOps function ensure_namespace() does not explicitly test namespace
Summary
The GitLab AutoDevOps function ensure_namespace test for existance of namespaces beginning with the string stored in $KUBE_NAMESPACE
. This is due to how the describe command works. It returns a list of matching namespaces where the name begins with the first argument.
In my case it creates potential for conflicts where namespaces might start with the same string.
For example when dealing with a project in the "foo-bar" namespace and a separate project under "foo".
function ensure_namespace() {
kubectl describe namespace "$KUBE_NAMESPACE" || kubectl create namespace "$KUBE_NAMESPACE"
}
Steps to reproduce
- Create an AutoDevops application with the namespace "foo".
- Create a namespace in Kubernetes called "foo-bar"
- Deploy to the cluster.
Alternatively to reproduce only using gitlab,
- Create an AutoDevops application with the namespace "foo-bar".
- Deploy "foo-bar".
- Create an AutoDevops application with the namespace "foo".
- Deploy "foo".
What is the current bug behavior?
Deployment fails because AutoDevops tests for existance of namespaces beginning with "foo" instead of an exact match for "foo". When the test passes with results for other namespaces that simply begin with the same string, AutoDevOps continues as if the namespace exists. Soon the pipeline fails because the namespace was not created.
$ ensure_namespace
Name: foo-bar
Labels: <none>
Annotations: <none>
Status: Active
No resource quota.
No resource limits.
Name: foo-test
Labels: <none>
Annotations: <none>
Status: Active
No resource quota.
No resource limits.
$ install_tiller
Checking Tiller...
$HELM_HOME has been configured at /root/.helm.
Error: error installing: namespaces "foo" not found
What is the expected correct behavior?
The ensure_namespace()
function should test the existance of a namespace explicitly and ensures a namespace is created.
Possible fixes
Replace describe
with get
. Get will evaluate to false
if there is no exact match for the namespace.
function ensure_namespace() {
kubectl get namespace "$KUBE_NAMESPACE" || kubectl create namespace "$KUBE_NAMESPACE"
}