Skip to content

Commit

Permalink
Handle the case when listing namespaces is forbidden (#42)
Browse files Browse the repository at this point in the history 
* Handle the case when listing namespaces is forbidden

Ignore a forbidden error as that means we can connect to the api server
Do not try to watch at cluster level when we only need one namespace

Fixes #12

* Use the namespace if set for deployments, daemonsets,...

* If we can't get the namespace then revert to watch all

to keep existing behavior
if the namespace does not exist we watch namespaces to wait for it
  • Loading branch information
@carlossg @boz
carlossg authored and boz committed Oct 16, 2019
1 parent 9d98f1d commit 0d6900b
Show file tree
Hide file tree
Showing 2 changed files with 25 additions and 9 deletions.
5 changes: 4 additions & 1 deletion cmd/kail/main.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,7 @@ import (
"github.com/boz/kcache/nsname"
"github.com/sirupsen/logrus"
kingpin "gopkg.in/alecthomas/kingpin.v2"
apierrors "k8s.io/apimachinery/pkg/api/errors"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apimachinery/pkg/labels"
"k8s.io/client-go/kubernetes"
Expand Down Expand Up @@ -194,7 +195,9 @@ func createKubeClient() (kubernetes.Interface, *rest.Config) {
kingpin.FatalIfError(err, "Error building kubernetes config")

_, err = cs.CoreV1().Namespaces().List(metav1.ListOptions{})
kingpin.FatalIfError(err, "Can't connnect to kubernetes")
if err != nil && !apierrors.IsForbidden(err) {
kingpin.FatalIfError(err, "Can't connnect to kubernetes")
}

return cs, rc
}
Expand Down
29 changes: 21 additions & 8 deletions ds_builder.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,7 @@ import (
"github.com/boz/kcache/types/replicaset"
"github.com/boz/kcache/types/replicationcontroller"
"github.com/boz/kcache/types/service"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apimachinery/pkg/labels"
"k8s.io/client-go/kubernetes"
)
Expand Down Expand Up @@ -125,7 +126,19 @@ func (b *dsBuilder) Create(ctx context.Context, cs kubernetes.Interface) (DS, er

log = log.WithComponent("kail.ds.builder")

base, err := pod.NewController(ctx, log, cs, "")
namespace := ""
// if we only ask for one namespace do not try to get resources at cluster level
// we may not have permissions
// but if the namespace does not exist (or any other problem) we watch namespaces to wait for it
if len(b.namespaces) == 1 {
namespace = b.namespaces[0]
_, err := cs.CoreV1().Namespaces().Get(namespace, metav1.GetOptions{})
if err != nil {
log.Warnf("could not tail the namespace %s: %v", namespace, err)
namespace = ""
}
}
base, err := pod.NewController(ctx, log, cs, namespace)
if err != nil {
return nil, log.Err(err, "base pod controller")
}
Expand Down Expand Up @@ -209,7 +222,7 @@ func (b *dsBuilder) Create(ctx context.Context, cs kubernetes.Interface) (DS, er
}

if len(b.services) != 0 {
ds.servicesBase, err = service.NewController(ctx, log, cs, "")
ds.servicesBase, err = service.NewController(ctx, log, cs, namespace)
if err != nil {
ds.closeAll()
return nil, log.Err(err, "service base controller")
Expand All @@ -229,7 +242,7 @@ func (b *dsBuilder) Create(ctx context.Context, cs kubernetes.Interface) (DS, er
}

if len(b.rcs) != 0 {
ds.rcsBase, err = replicationcontroller.NewController(ctx, log, cs, "")
ds.rcsBase, err = replicationcontroller.NewController(ctx, log, cs, namespace)
if err != nil {
ds.closeAll()
return nil, log.Err(err, "rc base controller")
Expand All @@ -249,7 +262,7 @@ func (b *dsBuilder) Create(ctx context.Context, cs kubernetes.Interface) (DS, er
}

if len(b.rss) != 0 {
ds.rssBase, err = replicaset.NewController(ctx, log, cs, "")
ds.rssBase, err = replicaset.NewController(ctx, log, cs, namespace)
if err != nil {
ds.closeAll()
return nil, log.Err(err, "rs base controller")
Expand All @@ -269,7 +282,7 @@ func (b *dsBuilder) Create(ctx context.Context, cs kubernetes.Interface) (DS, er
}

if len(b.dss) != 0 {
ds.dssBase, err = daemonset.NewController(ctx, log, cs, "")
ds.dssBase, err = daemonset.NewController(ctx, log, cs, namespace)
if err != nil {
ds.closeAll()
return nil, log.Err(err, "ds base controller")
Expand All @@ -289,7 +302,7 @@ func (b *dsBuilder) Create(ctx context.Context, cs kubernetes.Interface) (DS, er
}

if len(b.deployments) != 0 {
ds.deploymentsBase, err = deployment.NewController(ctx, log, cs, "")
ds.deploymentsBase, err = deployment.NewController(ctx, log, cs, namespace)
if err != nil {
ds.closeAll()
return nil, log.Err(err, "deployment base controller")
Expand All @@ -309,14 +322,14 @@ func (b *dsBuilder) Create(ctx context.Context, cs kubernetes.Interface) (DS, er
}

if len(b.ingresses) != 0 {
ds.ingressesBase, err = ingress.NewController(ctx, log, cs, "")
ds.ingressesBase, err = ingress.NewController(ctx, log, cs, namespace)
if err != nil {
ds.closeAll()
return nil, log.Err(err, "ingress base controller")
}

if ds.servicesBase == nil {
ds.servicesBase, err = service.NewController(ctx, log, cs, "")
ds.servicesBase, err = service.NewController(ctx, log, cs, namespace)
if err != nil {
ds.closeAll()
return nil, log.Err(err, "service base controller")
Expand Down

0 comments on commit 0d6900b

Please sign in to comment.