[JBoss JIRA] (JGRP-2502) If the KUBERNETES_NAMESPACE is not set the default value is the "default" namespace

Wednesday, 23 September 2020

    [
https://issues.redhat.com/browse/JGRP-2502?page=com.atlassian.jira.plugin...
] 

Sebastian Laskawiec commented on JGRP-2502:
-------------------------------------------

[~belaban] hmmm tricky one! It depends how do we treat missing namespace. If we treat it
as misconfiguration, than what shall we do? Shall we throw an exception? 

Alternatively, we can treat the "default" namespace as a sensible default value.
It's definitely not a good choice for OpenShift (OpenShift doesn't apply Security
Context in the "default" namespace, so users are [discouraged from deploying
applications
there|https://docs.openshift.com/container-platform/4.5/authentication/ma...]),
but it should work fine in vanilla Kubernetes. 

Perhaps, the best solution would be to emit a warning that KUBE_PING will use the
"default" namespace and that's it. Note, that we would probably need to
slightly adjust [this piece of the
code|https://github.com/jgroups-extras/jgroups-kubernetes/blob/master/src...]
(we would need to remove this "if" statement).

...
 If the  KUBERNETES_NAMESPACE is not set the default value is the
"default" namespace
 ------------------------------------------------------------------------------------

                 Key: JGRP-2502
                 URL: https://issues.redhat.com/browse/JGRP-2502
             Project: JGroups
          Issue Type: Bug
    Affects Versions: 5.0.4
            Reporter: Filippe Spolti
            Assignee: Bela Ban
            Priority: Minor

 If no namespace is set it defaults to the "default" ocp namespace  which will
case the warn as described in the log message below:

 {code:java}
 WARN  [org.jgroups.protocols.kubernetes.KUBE_PING] (thread-9,ee,hdm78-kieserver-1-nggcf)
failed getting JSON response from Kubernetes
Client[masterUrl=https://172.30.0.1:443/api/v1, headers={Authorization=#MASKED:937#},
connectTimeout=5000, readTimeout=30000, operationAttempts=3, operationSleep=1000,
streamProvider=org.jgroups.protocols.kubernetes.stream.TokenStreamProvider@69991c01] for
cluster [ee], namespace [default], labels [null]; encountered [java.lang.Exception: 3
attempt(s) with a 1000ms sleep to execute [OpenStream] failed. Last failure was
[java.io.IOException: Server returned HTTP response code: 403 for URL:
https://172.30.0.1:443/api/v1/namespaces/default/pods]]
 {code}
 IMHO the default namespace should not be used in this case since this namespace should
not be used to deploy applications.

 If the namespace is not set it means that we do not want to enable the clustering
feature, as the namespace is set if the namespace is not set, this condition [1] is not
satisfied and the configuration will proceed.

 Another problem found in the tests is that, if we do set the KUBERNETES_NAMESPACE with no
value, it will detect that the env has an value and will try to use a blank namespace: 

 {code:java}
 failed getting JSON response from Kubernetes
Client[masterUrl=https://172.30.0.1:443/api/v1 , headers={Authorization=#MASKED:874#},
connectTimeout=5000, readTimeout=30000, operationAttempts=3, operationSleep=1000,
streamProvider=org.jgroups.protocols.kubernetes.stream.TokenStreamProvider@17978314] for
cluster [ee], namespace [], labels [null]; encountered [java.lang.Exception: 3 attempt(s)
with a 1000ms sleep to execute [OpenStream] failed. Last failure was [java.io.IOException:
Server returned HTTP response code: 403 for URL: https://172.30.0.1:443/api/v1/pods ]]
 {code}

 [1]
- https://github.com/jgroups-extras/jgroups-kubernetes/blob/master/src/main/java/org/jgroups/protocols/kubernetes/KUBE_PING.java#L145

--
This message was sent by Atlassian Jira
(v7.13.8#713008)

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006