kubeconfig: remove default namespace from crc-developer context

the 'developer' user don't have the required role-bindings to access the 'default' namespace and when user tries to access it we get: ``` Error from server (Forbidden): pods is forbidden: User "developer" cannot list resource "pods" in API group "" in the namespace "default" ``` fixes crc-org/snc#703
crc-org · Oct 28, 2024 · 4c3310e · 4c3310e
1 parent 9b7772d
commit 4c3310e
Show file tree

Hide file tree

Showing 2 changed files with 8 additions and 7 deletions.
diff --git a/pkg/crc/machine/kubeconfig.go b/pkg/crc/machine/kubeconfig.go
@@ -72,15 +72,15 @@ func writeKubeconfig(ip string, clusterConfig *types.ClusterConfig, ingressHTTPS
 	if err != nil {
 		return err
 	}
-	if err := addContext(cfg, clusterConfig.ClusterAPI, adminContext, "kubeadmin", kubeadminToken); err != nil {
+	if err := addContext(cfg, clusterConfig.ClusterAPI, adminContext, "kubeadmin", kubeadminToken, "default"); err != nil {
 		return err
 	}
 
 	developerToken, err := getTokenForUser("developer", "developer", ip, ca, clusterConfig, ingressHTTPSPort)
 	if err != nil {
 		return err
 	}
-	if err := addContext(cfg, clusterConfig.ClusterAPI, developerContext, "developer", developerToken); err != nil {
+	if err := addContext(cfg, clusterConfig.ClusterAPI, developerContext, "developer", developerToken, ""); err != nil {
 		return err
 	}
 
@@ -142,7 +142,7 @@ func hostname(clusterAPI string) (string, error) {
 	return strings.ReplaceAll(h, ".", "-"), nil
 }
 
-func addContext(cfg *api.Config, clusterAPI, context, username, token string) error {
+func addContext(cfg *api.Config, clusterAPI, context, username, token, namespace string) error {
 	host, err := hostname(clusterAPI)
 	if err != nil {
 		return err
@@ -160,7 +160,7 @@ func addContext(cfg *api.Config, clusterAPI, context, username, token string) er
 	cfg.Contexts[context] = &api.Context{
 		Cluster:   host,
 		AuthInfo:  clusterUser,
-		Namespace: "default",
+		Namespace: namespace,
 	}
 	return nil
 }

diff --git a/pkg/crc/machine/kubeconfig_test.go b/pkg/crc/machine/kubeconfig_test.go
@@ -134,26 +134,27 @@ func Test_addContext(t *testing.T) {
 		username   string
 		context    string
 		token      string
+		namespace  string
 	}
 
 	tests := []struct {
 		in       input
 		expected string
 	}{
 		{
-			input{"https://abcdd.api.com", "foo", "foo@abcdd", "secretToken"},
+			input{"https://abcdd.api.com", "foo", "foo@abcdd", "secretToken", "kube-system"},
 			"foo/abcdd-api-com",
 		},
 		{
-			input{"https://api.crc.testing:6443", "kubeadmin", "kubeadm", "secretToken"},
+			input{"https://api.crc.testing:6443", "kubeadmin", "kubeadm", "secretToken", "default"},
 			"kubeadmin/api-crc-testing:6443",
 		},
 	}
 
 	cfg := api.NewConfig()
 
 	for _, tt := range tests {
-		err := addContext(cfg, tt.in.clusterAPI, tt.in.context, tt.in.username, tt.in.token)
+		err := addContext(cfg, tt.in.clusterAPI, tt.in.context, tt.in.username, tt.in.token, tt.in.namespace)
 		assert.NoError(t, err)
 		assert.Contains(t, cfg.Contexts, tt.in.context, "Expected context not found")
 		assert.Contains(t, cfg.AuthInfos, tt.expected, "Expected AuthInfo not found")