-
Notifications
You must be signed in to change notification settings - Fork 1.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Ephemeral containers using kubectl-debug does not seem to work #1210
Comments
/assign |
This is a problem with the tool. If you inspect the debug agent pod, you'll find that it mounts |
Huh, I seem to recall that being linked to as an example of kubectl support for ephemeral containers, but you are right looks like it is not. Thanks for the follow up. Sounds like no action needed here, so feel free to close unless you prefer to keep open for future reference |
Actual ephemeral containers are behind a feature gate in 1.16+ and won't not be until they are out of alpha. https://kubernetes.io/docs/concepts/workloads/pods/ephemeral-containers/#examples
There is a KEP for
I want to go ahead and confirm if ephemeral containers work first while we're at it, will need to create a 1.16+ cluster with the featuregate and create one. |
At some point I had a ephemeral container created (in kind), but I couldn't actually attach to it. But the pod spec showed it running. I thought I was using that tool, not sure if it change since then (it was right when 1.16 came out that I tried this). This may have been user error though, not sure. |
It seems to work with the latest kind:
cat <<EOF | kind create cluster --config=-
kind: Cluster
apiVersion: kind.x-k8s.io/v1alpha4
kubeadmConfigPatches:
# enable EphemeralContainers feature gate
- |
kind: ClusterConfiguration
metadata:
name: config
apiServer:
extraArgs:
"feature-gates": "EphemeralContainers=true"
scheduler:
extraArgs:
"feature-gates": "EphemeralContainers=true"
controllerManager:
extraArgs:
"feature-gates": "EphemeralContainers=true"
- |
kind: InitConfiguration
metadata:
name: config
nodeRegistration:
kubeletExtraArgs:
"feature-gates": "EphemeralContainers=true"
- |
kind: KubeletConfiguration
featureGates:
EphemeralContainers: true
- |
kind: KubeProxyConfiguration
featureGates:
EphemeralContainers: true
EOF
cat <<EOF | kubectl create -f -
apiVersion: v1
kind: Pod
metadata:
name: example-pod
spec:
containers:
- image: mhausenblas/simpleservice:0.5.0
name: app
EOF
cat <<EOF | kubectl replace --raw /api/v1/namespaces/default/pods/example-pod/ephemeralcontainers -f -
{
"apiVersion": "v1",
"kind": "EphemeralContainers",
"metadata": {
"name": "example-pod"
},
"ephemeralContainers": [{
"command": [
"sh"
],
"image": "busybox",
"imagePullPolicy": "IfNotPresent",
"name": "debugger",
"stdin": true,
"tty": true,
"terminationMessagePolicy": "File"
}]
}
EOF
It's certainly clunky this way though, and without PID namespace sharing on it's not quite as helpful (though this could also be turned on). |
in the next release this will just be: kind: Cluster
apiVersion: kind.x-k8s.io/v1alpha4
featureGates:
EphemeralContainers: true (except for the pid namespace sharing bit...) |
Hello @BenTheElder . Would you know some documentation about this way of configuring feature-gates, and starting since which kubernetes version ? I can't find it |
What happened:
Using https://github.com/aylei/kubectl-debug, ephemeral contains do not run properly on Kind. The container is created but then it hangs - not sure where exactly its going wrong.
What you expected to happen:
Shell opens up in ephemeral container. This occurs on other Kubernetes (at least GKE 1.16)
How to reproduce it (as minimally and precisely as possible):
Anything else we need to know?:
It could be an issue with kubectl-debug -- its a prototype of what the command may look like so it could have some bugs.
Environment:
kind version
): kind v0.6.0 go1.13 linux/amd64kubectl version
): 1.16.3docker info
): 19.03.5/etc/os-release
): linuxThe text was updated successfully, but these errors were encountered: