Unable to query cluster-wide resources using k8sobject

[jrbeilke]

For cluster-wide resources that do not have a namespace it doesn't seem possible to query them using k8sobject()

Describe the problem

Attempting to test StorageClasses in a cluster ie.

describe k8sobject({:api=>"storage.k8s.io/v1", :type=>"storageclasses", :name=>"ebs-sc"}) do
  it { should exist }
end

But it appears that inspec-k8s adds the default namespace when querying the cluster and this fails because StorageClass is a cluster-wide resource:
Resource storageclasses is not namespaced

I also tried passing in a nil for the namespace, but that resulted in the same error:
{:api=>"storage.k8s.io/v1", :type=>"storageclasses", :namespace=>nil, :name=>"ebs-sc"}

Possible Solution

There is already support for some cluster-wide resources like k8s_node which extends k8sobject and overrides the namespace ie.

    class K8sNode < K8sObject
      DEFAULT_NAMESPACE = nil

It would be nice to have a flag or param that could be used with k8sobject to query cluster-wide resources and not inject the default namespace

[clintoncwolfe]

@sathish-progress @ahasunos The ask is to make the namespace option to k8s_objects meaningfully nillable. Any consequences to that?

[wdower]

Reraising this to add a similar use case: I want to write tests to check if there is a particular pod name in any namespace. Right now you either specify a single namespace or k8sobject picks default for you.

Seems like the plural version of the resource will let me do this by querying the under-the-hood filtertable:

  describe 'The Kubernetes Dashboard' do
    subject { k8sobjects(api: 'v1', type: 'pods', labelSelector: 'whatever label I want' ).entries }
    it { should_not exist } # or its('count') { should cmp 0 } or whatever
  end

but I should be able to write

  describe 'The Kubernetes Dashboard' do
    subject { k8sobject(api: 'v1', type: 'pods', labelSelector: 'whatever label I want' ).entries }
    it { should_not exist }
  end

with the singluar resource.