WIP: Create a new kubectl command to attach debug container to a running pod #46256
Conversation
k8s-ci-robot
added
the
cncf-cla: yes
|
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: verb Assign the PR to them by writing
Needs approval from an approver in each of these OWNERS Files:
You can indicate your approval by writing |
k8s-github-robot
added
needs-rebase
|
/cc @pwittrock |
verb
force-pushed
the
pod-tshoot-kubectl-1
branch
from
7756e9a to
0f820d4
Compare
k8s-github-robot
removed
the
needs-rebase
pkg/kubectl/cmd/cmd.go
Outdated
| @@ -252,6 +255,12 @@ var ( | |||
|
|
|||
| // NewKubectlCommand creates the `kubectl` command and its nested children. | |||
| func NewKubectlCommand(f cmdutil.Factory, in io.Reader, out, err io.Writer) *cobra.Command { | |||
| if f := os.Getenv("KUBECTL_FEATURE_GATES"); f != "" { | |||
| if e := utilfeature.DefaultFeatureGate.Set(f); e != nil { | |||
| fmt.Fprintf(err, "Invalid KUBECTL_FEATURE_GATES %q. Available features:\n%s\n", f, strings.Join(utilfeature.DefaultFeatureGate.KnownFeatures(), "\n")) | |||
There was a problem hiding this comment.
Maybe do strings.Join with "\n\t" instead of just "\n"?
| } | ||
| g[i].Commands = gc | ||
| } | ||
| } |
There was a problem hiding this comment.
This means that kubectl help debug will fail to print the documentation if the feature is disabled by the environment.
I assume this is what you want, but what if it instead printed information about how to enable the command?
There was a problem hiding this comment.
Yup, that's what I intended here, but what you describe could definitely be a better user experience. I'll try to figure out something for this in #46151
pkg/kubectl/cmd/debug.go
Outdated
| cmd := &cobra.Command{ | ||
| Use: "debug POD [-c CONTAINER] -- COMMAND [args...]", | ||
| Short: i18n.T("Run a debug container in a pod"), | ||
| Long: "Run a new container inside an existing pod.", |
There was a problem hiding this comment.
I feel like the Long help message should also include the word "debug".
pkg/kubectl/cmd/debug.go
Outdated
| return fmt.Errorf("both output and error output must be provided") | ||
| } | ||
| if p.Debugger == nil || p.PodClient == nil || p.Config == nil { | ||
| return fmt.Errorf("client, client config, and debugutor must be provided") |
There was a problem hiding this comment.
What is a debugutor?
There was a problem hiding this comment.
a find/replace fail...
Fixed, thanks.
pkg/kubectl/cmd/debug.go
Outdated
| return err | ||
| } | ||
|
|
||
| return nil |
There was a problem hiding this comment.
Just do
return t.Safe(fn)
verb
changed the title
pkg/kubectl/cmd/debug.go
Outdated
| ) | ||
|
|
||
| func NewCmdDebug(f cmdutil.Factory, cmdIn io.Reader, cmdOut, cmdErr io.Writer) *cobra.Command { | ||
| if !utilfeature.DefaultFeatureGate.Enabled(features.DebugContainers) { |
There was a problem hiding this comment.
Having kubectl depend on Kubernetes repo is an anti pattern. Don't do this. It either needs to go in one of the staging repos (client-go, etc) or be copied into the kubectl packages
There was a problem hiding this comment.
@sttts mentioned wanting to use a separate feature gate in #46151 (comment), I imagine this must be why. Can kubectl depend on apiserver?
I have little preference on how to hide alpha features, so I need guidance from those who do. I mention some trade-offs here: #45922 (comment)
pkg/kubectl/cmd/debug.go
Outdated
| @@ -0,0 +1,231 @@ | |||
| /* | |||
| Copyright 2014 The Kubernetes Authors. | |||
pkg/kubectl/cmd/debug.go
Outdated
| utilfeature "k8s.io/apiserver/pkg/util/feature" | ||
| restclient "k8s.io/client-go/rest" | ||
| "k8s.io/client-go/tools/remotecommand" | ||
| "k8s.io/kubernetes/pkg/api" |
There was a problem hiding this comment.
New imports from k8s.io/kubernetes are forbidden
pkg/kubectl/cmd/debug.go
Outdated
| "k8s.io/kubernetes/pkg/features" | ||
| "k8s.io/kubernetes/pkg/kubectl/cmd/templates" | ||
| cmdutil "k8s.io/kubernetes/pkg/kubectl/cmd/util" | ||
| "k8s.io/kubernetes/pkg/util/i18n" |
|
Hm. I don't want to block this functionality on kubectl deps issues which are hard to address, but don't want to create a bunch of additional work to pull them out. If we accept the deps for this PR, will you remove the deps after code freeze? |
|
@pwittrock yesterday there arose some disagreement in api-machinery about this API change, so I'm happy to take a little more time to get deps/alpha gate right and miss the 1.7 deadline. I'm writing up the suggested API change and would value your opinion on it. |
|
@verb great. that takes the pressure off |
k8s-github-robot
added
the
needs-rebase
verb
force-pushed
the
pod-tshoot-kubectl-1
branch
from
0f820d4 to
26e1125
Compare
k8s-github-robot
added
size/L
|
@verb is this ready for re-review? |
|
@alexandercampbell Not quite yet, I need resolution from api-machinery about naming the api endpoint. |
k8s-github-robot
added
the
needs-rebase
|
/unassign |
kubectl debug runs a debug container in a currently running pod.
verb
force-pushed
the
pod-tshoot-kubectl-1
branch
from
26e1125 to
a0e6333
Compare
k8s-github-robot
removed
the
needs-rebase
|
@verb: The following tests failed, say
Full PR test history. Your PR dashboard. Please help us cut down on flakes by linking to an open issue when you hit one in your PR. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here. |
|
/unassign |
|
@verb close for now and re-open when the apimachinery question is resolved? |
|
@alexandercampbell SGTM. Thanks for your patience. |
|
@r2d4 FYI, this is the example |
What this PR does / why we need it: This is the client command to attach a debug container in a running pod, as proposed in kubernetes/community#649
Which issue this PR fixes (optional, in
fixes #<issue number>(, fixes #<issue_number>, ...)format, will close that issue when PR gets merged): fixes #45922Special notes for your reviewer: This PR depends on kubectl feature gates #46151
Release note:
Dependencies:
kubectlWIP: