powershell - Where the default namespace is defined/setup for command kubectl inside of a pod

Question

Background: There are Cluster A and Cluster B in Azure AKS. Create a pod called Agent running linux container in cluster A in namespace test (which is non-default namespace). In the linux container, pwsh and kubectl are installed.

Operation: Get into the pod/Agent in cluster A (kubectl exec -it pod/agent -- bash), and get-credential of Cluster B, configfile will be setup with cluster name and user name, but NO namespace.
When connect to cluster B from pod/Agent, then execute kubectl get pods, the resource within namespace test is returned instead of the resources within namespace default.
Since, there is no namespace called test in cluster B, so no resource is returned.

So I wonder where the namespace test is defined/setup in the pod/Agent as the default namespace.

Spent some time try to dive in kubectl code in github, without luck..

I also tried to use alias, but it only works for bash/sh, not for pwsh, since I don't want to change command name kubectl, if I do alias kubectl='kubectl -n default', pwsh would stuck into a loop.

Any answer is appreciated.

question from:https://stackoverflow.com/questions/65941558/where-the-default-namespace-is-defined-setup-for-command-kubectl-inside-of-a-pod

Answer 1

From docs:

Finally, the default namespace to be used for namespaced API operations is placed in a file at /var/run/secrets/kubernetes.io/serviceaccount/namespace in each container.

Simple test from a pod:

root@ubuntu:/# strace -eopenat kubectl get pod 2>&1 | grep namespace
openat(AT_FDCWD, "/var/run/secrets/kubernetes.io/serviceaccount/namespace", O_RDONLY|O_CLOEXEC) = 6
Error from server (Forbidden): pods is forbidden: User "system:serviceaccount:default:default" cannot list resource "pods" in API group "" in the namespace "default"

Directory /run/secrets/kubernetes.io/serviceaccount is by default always mounted to pod and contains serviceaccount token to access Kube API.