Single namespace testing

[mangelajo]

We only want to support single-namespace operator for one controller, so we can isolate multiple controllers with their sets of exporters and clients to individual namespaces in a single cluster.

Summary by CodeRabbit

• New Features

  • Added support for a configurable Kubernetes namespace via a new environment variable, allowing deployments and runtime steps to target a custom namespace.

• Tests

  • Updated test suite to default and propagate the configured namespace dynamically across all Kubernetes operations, resource creation, waits, lookups, and login flows.

[coderabbitai]

Walkthrough

Introduces a JS_NAMESPACE environment variable and replaces hard-coded Kubernetes namespace occurrences with ${JS_NAMESPACE} in action.yml and tests.bats; tests.bats also adds a default assignment for JS_NAMESPACE. No other logic or error-handling changes.

Changes

Cohort / File(s)	Summary
Action configuration action.yml	Adds JS_NAMESPACE env var and uses ${JS_NAMESPACE} in the Run jumpstarter step's kubectl create commands instead of the previous hard-coded namespace.
Test suite tests.bats	Adds a default assignment for JS_NAMESPACE and replaces hard-coded namespace strings with ${JS_NAMESPACE} across wait commands, admin/cli create/get/delete flows, login endpoints/tokens, and lookups for serviceaccounts, secrets, exporters, and clients throughout the test file.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

🐇
I hopped through YAML and tests so spry,
Replaced one name with a variable sky.
Now namespaces dance where constants once lay,
A tidy tweak — I nibble and hop away. 🥕

Pre-merge checks and finishing touches

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	You can run @coderabbitai generate docstrings to improve docstring coverage.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title Check	✅ Passed	The pull request title "Single namespace testing" accurately reflects the main objective and changes in the changeset. The modifications introduce a parameterized JS_NAMESPACE environment variable in both action.yml and tests.bats, replacing hard-coded default namespace references to enable single-namespace operator deployments. This aligns perfectly with the stated PR objective of supporting single-namespace operators to isolate multiple controllers within individual namespaces in a cluster. The title is concise, clear, and specific enough that a teammate reviewing the history would understand the primary purpose is namespace configuration for testing.

✨ Finishing touches

• 📝 Generate docstrings

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch single-namespace

---

📜 Recent review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 8c6191f and 635dfbe.

📒 Files selected for processing (2)

• action.yml (1 hunks)
• tests.bats (5 hunks)

🚧 Files skipped from review as they are similar to previous changes (1)

• action.yml

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (2)

• GitHub Check: test (ubuntu-24.04-arm)
• GitHub Check: test (ubuntu-24.04)

🔇 Additional comments (7)

tests.bats (7)

1-1: LGTM! Clean default assignment.

The default assignment follows bash best practices and provides a sensible fallback namespace while allowing environment override.

---

14-19: LGTM! Consistent namespace parameterization in wait commands.

All three exporter wait operations correctly use the parameterized namespace.

---

23-27: LGTM! Proper namespace parameterization including service account paths.

The namespace is correctly parameterized in both the -n flags and within the service account OIDC username path, following Kubernetes service account naming conventions.

---

31-38: LGTM! Consistent with client creation pattern.

Exporter namespace parameterization correctly mirrors the client creation approach.

---

46-70: LGTM! Comprehensive namespace parameterization in login flows.

All login commands and token generation operations correctly use the parameterized namespace across different authentication methods.

---

109-116: Verify JMP_NAMESPACE usage aligns with team decision.

This test explicitly sets JMP_NAMESPACE to verify environment-variable-only client operation. However, past review comments suggest there was hesitation about using JMP_NAMESPACE ("let's not start using it"). Please confirm this usage in a test context is acceptable, or if the test should verify the client works without needing JMP_NAMESPACE set.

---

142-144: LGTM! Admin get commands properly parameterized.

All admin CLI get operations correctly use the parameterized namespace.

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 743645c and 20addec.

📒 Files selected for processing (2)

• action.yml (1 hunks)
• tests.bats (6 hunks)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (4)

• GitHub Check: test (ubuntu-24.04)
• GitHub Check: test (ubuntu-24.04-arm)
• GitHub Check: test (ubuntu-24.04-arm)
• GitHub Check: test (ubuntu-24.04)

🔇 Additional comments (8)

action.yml (2)

90-91: LGTM! Proper namespace parameterization.

The environment variable is correctly exported and will be inherited by the bats tests, which use the same default value.

---

96-97: Verify that controller deployment creates the "jumpstarter-dev" namespace.

The namespace "jumpstarter-dev" is not explicitly created with kubectl create namespace in action.yml. While the controller deployment step (make -C controller deploy on line 72) runs before the serviceaccount creation (lines 96-97), the namespace creation logic resides in the controller repository's deployment configuration, which cannot be verified in the current repository. Confirm that the controller's Makefile or helm chart creates this namespace, or add an explicit kubectl create namespace "${JS_NAMESPACE}" command before lines 96-97.

tests.bats (6)

1-2: LGTM! Proper default namespace configuration.

The parameter expansion provides a sensible fallback that matches the default set in action.yml, while allowing environment override.

---

14-19: LGTM! Correct namespace usage in wait commands.

The namespace parameter is properly applied to all kubectl wait operations with correct quoting.

---

26-26: LGTM! Correct namespace in OIDC usernames.

The service account OIDC username format correctly incorporates the namespace parameter, following the Kubernetes system:serviceaccount:NAMESPACE:NAME pattern.

Also applies to: 35-35

---

46-70: LGTM! Consistent namespace usage across login flows.

All jmp login commands and token creation operations correctly use the parameterized namespace for both OIDC and service account authentication methods.

---

145-158: LGTM! Proper namespace usage in client lifecycle tests.

The kubectl commands correctly use the parameterized namespace for verifying client existence before and after deletion.

---

161-174: LGTM! Proper namespace usage in exporter lifecycle tests.

The kubectl commands correctly use the parameterized namespace for verifying exporter existence before and after deletion, maintaining consistency with the client tests.

[bennyz]

looks like it needs to be created

[mangelajo]

it was the wrong one 😶‍🌫️

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (3)

tests.bats (3)

1-1: Ensure the test namespace exists to avoid flakes.

Good defaulting of JS_NAMESPACE. Add a quick check in setup() to create it when missing.

 setup() {
   bats_load_library bats-support
   bats_load_library bats-assert

   bats_require_minimum_version 1.5.0
+
+  # Ensure the test namespace exists
+  kubectl get ns "${JS_NAMESPACE}" >/dev/null 2>&1 || kubectl create ns "${JS_NAMESPACE}"
 }

Also applies to: 3-8

---

83-104: Background exporter loops run forever; add suite-level cleanup.

The three while-true loops keep running beyond this test. Track PIDs and kill them in teardown_file() to prevent leaks across tests/jobs.

+EXPORTER_PIDS=()
 @test "can run exporters" {
   cat <<EOF | bash 3>&- &
 while true; do
   jmp run --exporter test-exporter-oidc
 done
 EOF
+  EXPORTER_PIDS+=($!)

   cat <<EOF | bash 3>&- &
 while true; do
   jmp run --exporter test-exporter-sa
 done
 EOF
+  EXPORTER_PIDS+=($!)

   cat <<EOF | bash 3>&- &
 while true; do
   jmp run --exporter test-exporter-legacy
 done
 EOF
+  EXPORTER_PIDS+=($!)

   wait_for_exporter
 }
+
+# Stop background exporters once the suite finishes
+teardown_file() {
+  for pid in "${EXPORTER_PIDS[@]}"; do
+    kill "${pid}" 2>/dev/null || true
+  done
+}

---

109-115: Env-only flow: clarify JMP_NAME and ensure it truly bypasses saved config.

• JMP_NAME is set to an exporter name; likely should be a client context name (or a unique, non-existent name) to avoid accidentally reusing saved config.
• Since test-client-legacy was created with --save earlier, ensure this command isn’t passing due to config precedence rather than env vars.

-  JMP_NAME=test-exporter-legacy \
+  # Use a unique, non-existent client context name to force env-only usage
+  JMP_NAME=env-only-client \
   JMP_ENDPOINT=$(kubectl get clients.jumpstarter.dev -n "${JS_NAMESPACE}" test-client-legacy -o 'jsonpath={.status.endpoint}') \
   JMP_TOKEN=$(kubectl get secrets -n "${JS_NAMESPACE}" test-client-legacy-client -o 'jsonpath={.data.token}' | base64 -d) \
   jmp shell --selector example.com/board=oidc j power on

If the CLI supports disabling config reads (e.g., a --no-config flag), prefer that here for a stricter env-only test.

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 151a396 and 495e7bc.

📒 Files selected for processing (2)

• action.yml (1 hunks)
• tests.bats (5 hunks)

🚧 Files skipped from review as they are similar to previous changes (1)

• action.yml

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (2)

• GitHub Check: test (ubuntu-24.04)
• GitHub Check: test (ubuntu-24.04-arm)

🔇 Additional comments (1)

tests.bats (1)

14-19: Namespace parameterization looks consistent.

All kubectl/jmp admin/jmp login calls correctly use "${JS_NAMESPACE}". LGTM.

Please confirm action.yml sets/propagates the same JS_NAMESPACE default used here so CI and local runs match.

Also applies to: 23-28, 31-39, 46-71, 141-144

[jumpstarter-backport-bot]

Successfully created backport PR for release-0.7:

• [Backport release-0.7] Single namespace testing #22