kapp does not allow placing app resource into namespace resource belonging to the app

[ademariag]

Relevant slack thread here: https://kubernetes.slack.com/archives/CH8KCCKA5/p1563362345098000

On a newly created cluster, with only default namespaces, I am attempting to install a new application in the demo namespace.

My workflow until now was to create a context pointing to the demo namespace and apply the resources. (i.e. DEMO_CONTEXT)

Example namespace resource

kind: Namespace
metadata:
  annotations: {}
  labels:
    name: demo
  name: demo

Error

When applying a simple namespace using kapp pointing to DEMO_CONTEXT, kapp fails with:

Error: Creating app: namespaces "demo" not found

Possible explanation

kapp seems unable to handle a context pointing to a yet-to-be-created namespace. Possibly because if needs to store some state there?

Workaround

using a context pointint to a different namespace, i.e. default, kapp is able to create the application successfully

Changes                                                                                                                                                                      
                                 
Namespace  Name  Kind       Conditions  Age  Changed  Ignored Reason     
-          demo  Namespace  -           -    add      -                                                              
                                                                                                                  
1 add, 0 delete, 0 update, 0 keep                                                                                      
                                                                                             
1 changes                                                                                                                 
                                                                                                                                          
2:44:26PM: --- applying changes                                                                                                              
2:44:26PM: add namespace/demo (v1) cluster                                               
2:44:26PM: waiting on add namespace/demo (v1) cluster                                                                                              
2:44:27PM: --- changes applied

Unfortunately, if after this bootstrap process we revert to using the original DEMO_CONTEXT, kapp finds a mismatch in the app ownership

cat  namespace.yml | kapp  deploy --kubeconfig-context demo_context -a pre-deploy -f - -y --tty    
Error: Ownership errors:                                                                                                                                                    
- Resource 'namespace/demo (v1) cluster' is associated with a different label value 'kapp.k14s.io/app=1563371065560753000'

The only solution then becomes to force import the app --dangerous-override-ownership-of-existing-resources

[cppforlife]

recorded gist of our conversation in faq: https://github.com/k14s/kapp/blob/develop/docs/faq.md#where-to-store-app-resources-ie-in-which-namespace

[cppforlife]

marking this as wontfix for now. may be we will circle back to this eventually.

[DTTerastar]

I still think this is one of the only real shortcomings of kapp. It should have an option to manage the namespace and create and destroy it automatically. It should destroy it when the last app in the namespace is destroyed.

[DTTerastar]

We also might need an annotation on the namespace as well and with the current setup I think you'd need to do that using kubectl.

[cppforlife]

related in a way: https://github.com/k14s/kapp/issues/112