commit a9d7de15d2533e00bd9a229e1308d9cb3c06fac2
author Heschi Kreinick <heschi@google.com> Thu Sep 02 15:09:37 2021 -0400
committer Heschi Kreinick <heschi@google.com> Thu Sep 02 21:43:28 2021 +0000
tree 7ae31f9843d540150a6e5c0cfebbff7607a0f918
parent 373479592922160df76b9ddcdf081015b9da0c21

all: use Workload Identity for gitmirror, move to "prod" namespace

Rather than using a service account key, enable Workload Identity for
gitmirror. This involved moving into a non-default namespace, so the
coordinator's monitoring logic needs updating too.

Change-Id: I196fae0825f806248571aae6fb125d8c0917934d
Reviewed-on: https://go-review.googlesource.com/c/build/+/347410
Trust: Heschi Kreinick <heschi@google.com>
Run-TryBot: Heschi Kreinick <heschi@google.com>
TryBot-Result: Go Bot <gobot@golang.org>
Reviewed-by: Alexander Rakoczy <alex@golang.org>
Reviewed-by: Carlos Amedee <carlos@golang.org>

kubernetes/client.go

diff --git a/kubernetes/client.go b/kubernetes/client.go
index d6a6185..d52e4c6 100644
--- a/kubernetes/client.go
+++ b/kubernetes/client.go
@@ -39,7 +39,10 @@
 // The provided host is an url (scheme://hostname[:port]) of a
 // Kubernetes master without any path.
 // The provided client is an authorized http.Client used to perform requests to the Kubernetes API master.
-func NewClient(baseURL string, client *http.Client) (*Client, error) {
+func NewClient(baseURL, namespace string, client *http.Client) (*Client, error) {
+	if namespace == "" {
+		return nil, fmt.Errorf("must specify Kubernetes namespace")
+	}
 	validURL, err := url.Parse(baseURL)
 	if err != nil {
 		return nil, fmt.Errorf("failed to parse URL %q: %v", baseURL, err)
@@ -47,7 +50,7 @@
 	return &Client{
 		endpointURL: strings.TrimSuffix(validURL.String(), "/") + "/api/v1",
 		httpClient:  client,
-		namespace:   "default",
+		namespace:   namespace,
 	}, nil
 }