diff --git a/cmd/pinniped/cmd/get_kubeconfig.go b/cmd/pinniped/cmd/get_kubeconfig.go index 78f9c423..444292e1 100644 --- a/cmd/pinniped/cmd/get_kubeconfig.go +++ b/cmd/pinniped/cmd/get_kubeconfig.go @@ -201,7 +201,7 @@ func getKubeConfig( return err } - config := newPinnipedKubeconfig(v1Cluster, fullPathToSelf, token) + config := newPinnipedKubeconfig(v1Cluster, fullPathToSelf, token, pinnipedInstallationNamespace) err = writeConfigAsYAML(outputWriter, config) if err != nil { @@ -298,7 +298,7 @@ func copyCurrentClusterFromExistingKubeConfig(currentKubeConfig clientcmdapi.Con return v1Cluster, nil } -func newPinnipedKubeconfig(v1Cluster v1.Cluster, fullPathToSelf string, token string) v1.Config { +func newPinnipedKubeconfig(v1Cluster v1.Cluster, fullPathToSelf string, token string, namespace string) v1.Config { clusterName := "pinniped-cluster" userName := "pinniped-user" @@ -329,9 +329,21 @@ func newPinnipedKubeconfig(v1Cluster v1.Cluster, fullPathToSelf string, token st Command: fullPathToSelf, Args: []string{"exchange-credential"}, Env: []v1.ExecEnvVar{ - {Name: "PINNIPED_K8S_API_ENDPOINT", Value: v1Cluster.Server}, - {Name: "PINNIPED_CA_BUNDLE", Value: string(v1Cluster.CertificateAuthorityData)}, - {Name: "PINNIPED_TOKEN", Value: token}, + { + Name: "PINNIPED_K8S_API_ENDPOINT", + Value: v1Cluster.Server, + }, + { + Name: "PINNIPED_CA_BUNDLE", + Value: string(v1Cluster.CertificateAuthorityData)}, + { + Name: "PINNIPED_NAMESPACE", + Value: namespace, + }, + { + Name: "PINNIPED_TOKEN", + Value: token, + }, }, APIVersion: clientauthenticationv1beta1.SchemeGroupVersion.String(), InstallHint: "The Pinniped CLI is required to authenticate to the current cluster.\n" + diff --git a/cmd/pinniped/cmd/get_kubeconfig_test.go b/cmd/pinniped/cmd/get_kubeconfig_test.go index 86088e3a..5b1b65f6 100644 --- a/cmd/pinniped/cmd/get_kubeconfig_test.go +++ b/cmd/pinniped/cmd/get_kubeconfig_test.go @@ -201,7 +201,7 @@ func TestNewGetKubeConfigCmd(t *testing.T) { } //nolint: unparam -func expectedKubeconfigYAML(clusterCAData, clusterServer, command, token, pinnipedEndpoint, pinnipedCABundle string) string { +func expectedKubeconfigYAML(clusterCAData, clusterServer, command, token, pinnipedEndpoint, pinnipedCABundle, namespace string) string { return here.Docf(` apiVersion: v1 clusters: @@ -230,12 +230,14 @@ func expectedKubeconfigYAML(clusterCAData, clusterServer, command, token, pinnip value: %s - name: PINNIPED_CA_BUNDLE value: %s + - name: PINNIPED_NAMESPACE + value: %s - name: PINNIPED_TOKEN value: %s installHint: |- The Pinniped CLI is required to authenticate to the current cluster. For more information, please visit https://pinniped.dev - `, clusterCAData, clusterServer, command, pinnipedEndpoint, pinnipedCABundle, token) + `, clusterCAData, clusterServer, command, pinnipedEndpoint, pinnipedCABundle, namespace, token) } func newCredentialIssuerConfig(server, certificateAuthorityData string) *crdpinnipedv1alpha1.CredentialIssuerConfig { @@ -311,6 +313,7 @@ func TestGetKubeConfig(t *testing.T) { "some-token", "https://fake-server-url-value", "fake-certificate-authority-data-value", + "some-namespace", ), outputBuffer.String()) }) @@ -358,6 +361,7 @@ func TestGetKubeConfig(t *testing.T) { "some-token", "https://some-other-fake-server-url-value", "some-other-fake-certificate-authority-data-value", + "some-namespace", ), outputBuffer.String()) }) }) @@ -449,6 +453,7 @@ func TestGetKubeConfig(t *testing.T) { "some-token", "https://fake-server-url-value", "fake-certificate-authority-data-value", + "some-namespace", ), outputBuffer.String()) }) }) @@ -512,6 +517,7 @@ func TestGetKubeConfig(t *testing.T) { "some-token", "https://fake-server-url-value", "fake-certificate-authority-data-value", + "some-namespace", ), outputBuffer.String()) }) }) @@ -552,6 +558,7 @@ func TestGetKubeConfig(t *testing.T) { "some-token", "https://fake-server-url-value", "fake-certificate-authority-data-value", + "some-namespace", ), outputBuffer.String()) }) })