replace or fix runKubectl

[faithanalog]

this is almost certainly the cause of #4 , #5 , #6 , #7

this command was never intended to be used as a library and we probably should not have done it.

here are the current usages, including commented out ones

peirates.go
41:     responseJSON, _, err := runKubectlSimple(connectionString, "get", "pods", "-o", "json")
89:     secretsJSON, _, err := runKubectlSimple(connectionString, "get", "secrets", "-o", "json")
188:    NamespacesRaw, _, err := runKubectlSimple(connectionString, "get", "namespaces")
242:            execInPodOut, _, err := runKubectlSimple(connectionString, "exec", "-it", execPod, "--", "/bin/sh", "-c", command)
264:    copyIntoPod, _, err := runKubectlSimple(connectionString, "cp", filename, destination)
274:            // runKubectlSimple (exec -it pod /tmp/peirates)
496:    podDetailOut, _, err := runKubectlSimple(connectionString, "get", "pods", "-o", "json")
540:    rolesOut, _, err := runKubectlSimple(connectionString, "get", "role", "-o", "json")
572:    podDescriptionRaw, _, err := runKubectlSimple(connectionString, "describe", "pod", hostname)
619:            getImagesRaw, _, err := runKubectlSimple(connectionString, "get", "pods", "-o", "wide", "--sort-by", "metadata.creationTimestamp")
670:    _, _, err = runKubectlSimple(connectionString, "apply", "-f", "attack-pod.yaml")
678:            //shadowFileBs, _, err := runKubectlSimple(connectionString, "exec", "-it", attackPodName, "grep", "root", "/root/etc/shadow")
679:            //_, _, err := runKubectlSimple(connectionString, "exec", "-it", attackPodName, "grep", "root", "/root/etc/shadow")
683:            err := runKubectlWithConfig(connectionString, stdin, &stdout, &stderr, "exec", "-it", attackPodName, "--", "/bin/sh", "-c", "cat >> /root/etc/crontab")
686:                    // BUG: when we remove that timer above and thus get an error condition, program crashes during the runKubectlSimple instead of reaching this message
817:    podDetailOut, _, err := runKubectlSimple(connectionString, "get", "nodes", "-o", "json")
832:    nodeDetailOut, _, err := runKubectlSimple(connectionString, "get", "nodes", "-o", "json")
1060:                   // func runKubectlSimple(cfg ServerInfo, cmdArgs ...string) ([]byte, []byte, error) {
1061:                   kubectlOutput, _, err := runKubectlSimple(connectionString, arguments...)
1189:                   secretJSON, _, err := runKubectlSimple(connectionString, "get", "secret", secretName, "-o", "json")

and here are the unique forms of usage:

apply -f <yaml>
cp <src> <destination>
describe pod <pod>
exec -it <pod> -- /bin/sh -c "cat >> /root/etc/crontab"
exec -it <pod> -- /bin/sh -c <command>
get namespaces
get nodes -o json
get pods -o json
get pods -o wide --sort-by "metadata.creationTimestamp"
get role -o json
get secret <secret> -o json
get secrets -o json

additionally, there is a command that allows for arbitrary kubectl commands.

I see a few paths moving forward.

1. Use the API. this is far more reliable and forward compatible. most commands in use are data retrieval and trivial to replace. exec is harder. running arbitrary kubectl commands would be impossible without uploading a second binary
2. Re-execute the peirates binary from within itself. Add a special switch to peirates that interprets the remaining arguments as a kubectl command and passes them directly to kubectl. If this works it will solve our crashing problems.
3. Hybrid. Choose option 2 for now. replace things with API calls over time when possible to reduce our kubectl usage surface.

[faithanalog]

https://godoc.org/github.com/docker/docker/pkg/reexec

[JayBeale]

Faith fixed it!