Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

KEP 1441 - kubectl debug #1441

Open
4 tasks
soltysh opened this issue Jan 9, 2020 · 108 comments
Open
4 tasks

KEP 1441 - kubectl debug #1441

soltysh opened this issue Jan 9, 2020 · 108 comments
Assignees
Labels
kind/feature Categorizes issue or PR as related to a new feature. lead-opted-in Denotes that an issue has been opted in to a release sig/cli Categorizes an issue or PR as relevant to SIG CLI. stage/stable Denotes an issue tracking an enhancement targeted for Stable/GA status
Milestone

Comments

@soltysh
Copy link
Contributor

soltysh commented Jan 9, 2020

Enhancement Description

@k8s-ci-robot k8s-ci-robot added the needs-sig Indicates an issue or PR lacks a `sig/foo` label and requires one. label Jan 9, 2020
@soltysh
Copy link
Contributor Author

soltysh commented Jan 9, 2020

/stage alpha
/kind feature
/sig cli
/milestone v1.18

@k8s-ci-robot k8s-ci-robot added stage/alpha Denotes an issue tracking an enhancement targeted for Alpha status kind/feature Categorizes issue or PR as related to a new feature. sig/cli Categorizes an issue or PR as relevant to SIG CLI. labels Jan 9, 2020
@k8s-ci-robot k8s-ci-robot added this to the v1.18 milestone Jan 9, 2020
@k8s-ci-robot k8s-ci-robot removed the needs-sig Indicates an issue or PR lacks a `sig/foo` label and requires one. label Jan 9, 2020
@verb verb mentioned this issue Jan 10, 2020
23 tasks
@jeremyrickard
Copy link
Contributor

Hey there @soltysh can you confirm that this will be in the 1.18 release? To make it into the release, the KEP will need to be merged as implementablewith a Test Plan (looks like that's a TODO) by enhancements freeze, which is going to be end of day (pacific time) on January 28th

@jeremyrickard jeremyrickard added the tracked/no Denotes an enhancement issue is NOT actively being tracked by the Release Team label Jan 14, 2020
@soltysh
Copy link
Contributor Author

soltysh commented Jan 15, 2020

@jeremyrickard yup, I confirm. The KEP should be merged later today after SIG-CLI call, then we'll start with the implementation right away.

@jeremyrickard jeremyrickard added tracked/yes Denotes an enhancement issue is actively being tracked by the Release Team and removed tracked/no Denotes an enhancement issue is NOT actively being tracked by the Release Team labels Jan 16, 2020
@jeremyrickard
Copy link
Contributor

Thanks for getting the KEP in @soltysh 🎊

@palnabarun
Copy link
Member

Updated the issue description with KEP link.

@VineethReddy02
Copy link

VineethReddy02 commented Feb 5, 2020

Hello, @soltysh, I'm 1.18 docs lead.
Does this enhancement work planned for 1.18 require any new docs (or modifications to existing docs)? If not, can you please update the 1.18 Enhancement Tracker Sheet (or let me know and I'll do so)
If so, just a friendly reminder we're looking for a PR against k/website (branch dev-1.18) due by Friday, Feb 28th, it can just be a placeholder PR at this time. Let me know if you have any questions!

@verb
Copy link
Contributor

verb commented Feb 6, 2020

@VineethReddy02 ack, this will include doc updates and we will open a placeholder PR by Feb 28. Thanks!

@helayoty
Copy link
Member

helayoty commented Mar 4, 2020

Hi @soltysh @verb We're only a few days out from code freeze now. It does not look like your PRs have merged yet, are you still feeling like you're on track for code freeze for this enhancement? Do you want to defer this to 1.19 based on the reviewer bandwidth? Or try and make a push?

@verb
Copy link
Contributor

verb commented Mar 4, 2020

@helayoty I expect this to merge in time.

@3k8
Copy link

3k8 commented Mar 29, 2020

Add support for override image command & args for debug some error between container starting?
such as

kubectl run nginx --image nginx --debug
apiVersion: apps/v1
kind: Deployment
metadata:
  creationTimestamp: null
  labels:
    run: nginx
  name: nginx
spec:
  replicas: 1
  selector:
    matchLabels:
      run: nginx
  strategy: {}
  template:
    metadata:
      creationTimestamp: null
      labels:
        run: nginx
    spec:
      containers:
      - image: nginx
        name: nginx
        command: ["sleep"]
        args: ["1d"]
        resources: {}

@verb
Copy link
Contributor

verb commented Mar 30, 2020

@cnk8s This is indeed included in the proposal. See Pod Troubleshooting by Copy

@verb
Copy link
Contributor

verb commented Apr 3, 2020

@aylei Are you interested in working on Pod Troubleshooting by Copy for 1.19? or anything else related to debug?

@aylei
Copy link
Contributor

aylei commented Apr 7, 2020

@verb Absolutely

@aylei
Copy link
Contributor

aylei commented Apr 7, 2020

I will draft a PR this week

@zanetworker
Copy link

@verb reading the KEP, I still don't get how pod-troubleshooting by copy would work, what does copy mean in this case?

@k8s-ci-robot
Copy link
Contributor

@verb: Reopened this issue.

In response to this:

Let's reopen this since development has picked up again. I think we should finish implementing debug profiles, mark kubectl debug as stable and then improve it with future KEPs. wdyt @ardaguclu?

/reopen
/remove-lifecycle rotten

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@k8s-ci-robot k8s-ci-robot reopened this Mar 17, 2023
@k8s-ci-robot k8s-ci-robot removed the lifecycle/rotten Denotes an issue or PR that has aged beyond stale and will be auto-closed. label Mar 17, 2023
@aecay
Copy link

aecay commented Mar 24, 2023

@verb I have a question (and I hope this is the right place to raise it). Specifically it relates to the netadmin debugging profile from the KEP. This is specified and implemented (link) to only add the CAP_NET_ADMIN capability to the debugging pod. However, there are a variety of useful programs for network debugging that require CAP_NET_RAW in addition to NET_ADMIN. (Two examples that spring to mind are tcpdump and mtr).

In line with the goal of the netadmin profile "This profile offers elevated privileges for network debugging." I wonder if it would be possible to modify the spec (and implementation) to also include NET_RAW in the netadmin profile. Thanks 🙂

@verb
Copy link
Contributor

verb commented Mar 27, 2023

@aecay Thanks for bringing this up, I think this was an oversight. I agree that we should add CAP_NET_RAW to netadmin if it unlocks additional network debugging tools. @wedaly @ardaguclu wdyt?

@ardaguclu
Copy link
Member

I'm fine adding CAP_NET_RAW into netadmin, two points might need extra attention;

  • Would it be backward compatible for the people already relying on current netadmin implementation?
  • I think we need to update KEP first for CAP_NET_RAW in netadmin profile because it hasn't been covered in KEP.

@verb I agree with you that would be better to mark kubectl debug as stable to move forward for the new features(e.g. custom profiles)

@verb
Copy link
Contributor

verb commented Mar 27, 2023

@ardaguclu Agree about custom profiles with a new KEP. I think NET_RAW is more of a bugfix and it would reasonable to amend the existing KEP, which should be quicker than getting a new KEP reviewed.

Since we're adding a capability I think backwards compatibility won't be much of a concern. The only problem would be if there was an admission controller that was only allowing NET_ADMIN and not NET_RAW.

@mochizuki875
Copy link
Member

@verb @ardaguclu
Hi, can I try to fix netadmin debugging profile to add NET_RAW?
If OK, I'll create an new issue and start working.

@mochizuki875
Copy link
Member

mochizuki875 commented Jun 16, 2023

@verb @ardaguclu
I've tried to fix it.
Could you please check it?

kubernetes/kubernetes#118647

@alculquicondor
Copy link
Member

Have you considered adding support for runAsUser? Right now, for a securityContext: runAsNonRoot: true, I can't debug a running Pod using busybox directly. I have to create a Dockerfile just to set a different user.

@ardaguclu
Copy link
Member

Have you considered adding support for runAsUser? Right now, for a securityContext: runAsNonRoot: true, I can't debug a running Pod using busybox directly. I have to create a Dockerfile just to set a different user.

@alculquicondor this will be handled by this KEP #4293.

I opened this #4408 to mark kubectl debug as GA and close this issue.

@soltysh
Copy link
Contributor Author

soltysh commented Jan 16, 2024

/label lead-opted-in
/stage stable
/milestone v1.30

@k8s-ci-robot k8s-ci-robot removed the stage/beta Denotes an issue tracking an enhancement targeted for Beta status label Jan 16, 2024
@k8s-ci-robot k8s-ci-robot added this to the v1.30 milestone Jan 16, 2024
@k8s-ci-robot k8s-ci-robot added stage/stable Denotes an issue tracking an enhancement targeted for Stable/GA status lead-opted-in Denotes that an issue has been opted in to a release labels Jan 16, 2024
@AnaMMedina21
Copy link

AnaMMedina21 commented Feb 7, 2024

Hello @verb, @ardaguclu, @soltysh 👋, Enhancements team here.

Just checking in as we approach enhancements freeze on 02:00 UTC Friday 9th February 2024.

This enhancement is targeting for stage stable for v1.30 (correct me, if otherwise)

Here's where this enhancement currently stands:

  • KEP readme using the latest template has been merged into the k/enhancements repo.
  • KEP status is marked as implementable for latest-milestone: v1.30. KEPs targeting stable will need to be marked as implemented after code PRs are merged and the feature gates are removed.
  • KEP readme has up-to-date graduation criteria
  • KEP has a production readiness review that has been completed and merged into k/enhancements. (For more information on the PRR process, check here).

The status of this enhancement is marked as tracked for enhancement freeze. Please keep the issue description up-to-date with appropriate stages as well. Thank you!

@ardaguclu
Copy link
Member

I think, we can close this issue as completed.

@natalisucks
Copy link

Hi @verb and @soltysh,

👋 from the v1.30 Communications Team! We'd love for you to opt in to write a feature blog about your enhancement!

We encourage blogs for features including, but not limited to: breaking changes, features and changes important to our users, and features that have been in progress for a long time and are graduating.

To opt in, you need to open a Feature Blog placeholder PR against the website repository.
The placeholder PR deadline is 27th February, 2024.

Here's the 1.30 Release Calendar

@Vyom-Yadav
Copy link
Member

Vyom-Yadav commented Feb 15, 2024

Hey, @verb and @soltysh 👋, v1.30 Docs Shadow here.

Does this enhancement work planned for v1.30 require any new docs or modification to existing docs?

If so, please follows the steps here to open a PR against dev-1.30 branch in the k/website repo. This PR can be just a placeholder at this time and must be created before Thursday, February 22nd, 2024 18:00 PDT

Also, take a look at Documenting for a release to get yourself familiarize with the docs requirement for the release.

Thank you!


Does this enhancement work planned for v1.30 require any new docs or modification to existing docs?

I think we'll need a stability version bump PR at a minimum, marking it as Need Docs (Correct me, if otherwise). Thanks!

Based on Slack discussion, marking this as has docs. Thanks again!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
kind/feature Categorizes issue or PR as related to a new feature. lead-opted-in Denotes that an issue has been opted in to a release sig/cli Categorizes an issue or PR as relevant to SIG CLI. stage/stable Denotes an issue tracking an enhancement targeted for Stable/GA status
Projects
Status: Tracked for Enhancements Freeze
Status: Needs Triage
Development

No branches or pull requests