Make KUBECONFIG nil if KUBE_TOKEN is nil

Having an invalid KUBECONFIG without a token in it is not helpful. This
only became possible recently now that we are creating a separate
namespace and service account (and hence token) to send to the runners.
This led to somewhat surprising results when troubleshooting
https://gitlab.com/gitlab-org/gitlab-ce/issues/53879 as I found that the
KUBECONFIG was still being passed but KUBE_TOKEN was not. These things
really should have been linked.

Furthermore now that we are also using the [presence of KUBECONFIG to
decide whether or not to run build steps in Auto
DevOps](https://gitlab.com/gitlab-org/gitlab-ce/blob/294d15be3e9497e7b67e1f9131ce9d5c0d68406c/lib/gitlab/ci/templates/Auto-DevOps.gitlab-ci.yml#L164)
I think it makes even more sense to ensure that KUBECONFIG is a complete
config if passed to a job.

1 files changed, 3 insertions, 1 deletions

diff --git a/lib/gitlab/kubernetes.rb b/lib/gitlab/kubernetes.rb
index 3748fd6b5ef..a9957a85d48 100644
--- a/lib/gitlab/kubernetes.rb
+++ b/lib/gitlab/kubernetes.rb
@@ -85,6 +85,8 @@ module Gitlab
     end
 
     def to_kubeconfig(url:, namespace:, token:, ca_pem: nil)
+      return unless token.present?
+
       config = {
         apiVersion: 'v1',
         clusters: [
@@ -113,7 +115,7 @@ module Gitlab
 
       kubeconfig_embed_ca_pem(config, ca_pem) if ca_pem
 
-      config.deep_stringify_keys
+      YAML.dump(config.deep_stringify_keys)
     end
 
     private