Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Can't mix implicit and explicit namespaces #443

Open
MikaelSmith opened this issue Mar 9, 2022 · 3 comments
Open

Can't mix implicit and explicit namespaces #443

MikaelSmith opened this issue Mar 9, 2022 · 3 comments

Comments

@MikaelSmith
Copy link

MikaelSmith commented Mar 9, 2022
edited

Which version of kube-score are you using?

kube-score version: v1.13.0

What did you do?

Using a Helm chart that explicitly sets namespaces, with resources that rely on the execution context to set the namespace, means that resources that work together produce an error. For example

apiVersion: apps/v1
kind: Deployment
metadata:
  name: my-app
  labels:
    app.kubernetes.io/name: app
  namespace: default
spec:
  selector:
    matchLabels:
      app.kubernetes.io/name: app
  template:
    metadata:
      name: my-app
      labels:
        app.kubernetes.io/name: app
    spec:      
      containers:
        - name: my-app
          image: nginx

and

apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: my-app
spec:
  podSelector:
    matchLabels:
      app.kubernetes.io/name: app
  policyTypes:
  - Ingress
  ingress:
  - from:
    - podSelector:
        matchLabels:
          app.kubernetes.io/name: app

errors because the deployment and network policy don't both explicitly identify the same namespace.

What did you expect to see?

I expected kube-score to have a concept of the current namespace to use when not explicitly stated.

What did you see instead?

An error

[CRITICAL] Pod NetworkPolicy
· The pod does not have a matching NetworkPolicy
@MikeK184
Copy link

MikeK184 commented Apr 1, 2022

Hi Mikael,

we've encountered the same issue, but we haven't had specified a namespace in the deployment object but instead on the netpols. The issue was easily fixed by replacing the hardcoded namespace through {{ .Release.Namespace }}.

@MikaelSmith
Copy link
Author

That's a little tricky to do in my case.

Are you running helm render or something that replaces {{ .Release.Namespace }} with an empty string?

@MikeK184
Copy link

MikeK184 commented Apr 5, 2022

No, kubeScore replaces it with the "default" Namespace. But yes our applications get deployed with ArgoCD so it takes care of inserting the correct value into {{ .Release.Namespace }}
But I don't see an issue with appending the namespace field in the netpols itself as they are namespaced anyway.

However it would be nice to have a parameter to set wanted namespace.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@MikaelSmith @MikeK184