Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

future-of-kubectl-cp #2381

Closed
4 tasks
shekhar-rajak opened this issue Jan 30, 2021 · 4 comments
Closed
4 tasks

future-of-kubectl-cp #2381

shekhar-rajak opened this issue Jan 30, 2021 · 4 comments
Assignees
Labels
sig/cli Categorizes an issue or PR as relevant to SIG CLI.

Comments

@shekhar-rajak
Copy link
Member

shekhar-rajak commented Jan 30, 2021

Enhancement Description

  • One-line enhancement description (can be used as a release note): future-of-kubectl-cp

  • Kubernetes Enhancement Proposal:

This document summarizes and originates from this email thread, 
[Proposal to drop kubectl cp](https://groups.google.com/forum/?utm_medium=email&utm_source=footer#!msg/kubernetes-sig-cli/_zUy67lK49k/aE6vncYiAgAJ).   

This document aims to solidify the future of `kubectl cp` as a tool that provides basic function of copying files between local environments and pods.  Any advanced use cases
such as those involving symlinks or modifying file permissions should be performed outside of `kubectl cp` through `kubectl exec`, addons, or shell commands.    

Over the past few releases, there have been numerous security issues with `kubectl cp` that have resulted in release updates in all supported versions of kubectl.
At the same time,any new PR that extends `kubectl cp` must undergo extra reviews to evaluate security threats that may arise [1][2].  Over the past few months,
security fixes have required dropping edge cases and function of the command.  It is increasingly difficult to maintain a cp command that is both
useful and secure.  There are alternative approaches that provide the same function as `kubectl cp` [3].  Using `kubectl exec ...| tar`
provides transparency when copying files as well as mitigations for path traversals, symlink directory escapes, tar bombs, and other exploits.
Use of tar is more featureful, in that it can preserve file permissions and copy pod-to-pod.  Also, `kubectl cp` is dependent on the tar binary
in a container.  A malicious tar binary is outside of what `kubectl cp` can control.    

With all of this in mind the cost and risk of maintaining the cp command should be weighed against what is considered crucial functionality in kubectl. 
It's better to address 80% of use cases with a simple tool than trying to address the remaining 20% at the cost of risking those 80%.     

[1] https://github.com/kubernetes/kubernetes/pull/78622   
[2] https://github.com/kubernetes/kubernetes/pull/73053   
[3] https://gist.github.com/tallclair/9217e2694b5fdf27b55d6bd1fda01b53   

  • Discussion Link:
  • Primary contact (assignee): @sallyom
  • Responsible SIGs: sig-cli
  • Enhancement target (which target equals to which milestone):
    • Alpha release target (x.y):
    • Beta release target (x.y):
    • Stable release target (x.y):
  • Alpha
    • KEP (k/enhancements) update PR(s):
    • Code (k/k) update PR(s):
    • Docs (k/website) update PR(s):

Please keep this description up to date. This will help the Enhancement Team to track the evolution of the enhancement efficiently.

@k8s-ci-robot k8s-ci-robot added the needs-sig Indicates an issue or PR lacks a `sig/foo` label and requires one. label Jan 30, 2021
@shekhar-rajak
Copy link
Member Author

shekhar-rajak commented Jan 30, 2021

#2378 created for migrating the old keps into new template.

@LappleApple
Copy link
Contributor

LappleApple commented Apr 8, 2021

/sig cli

@k8s-ci-robot k8s-ci-robot added sig/cli Categorizes an issue or PR as relevant to SIG CLI. and removed needs-sig Indicates an issue or PR lacks a `sig/foo` label and requires one. labels Apr 8, 2021
@soltysh
Copy link
Contributor

soltysh commented Jul 6, 2021

This issue and KEP was only to summarize the discussions about kubectl cp, as such we don't plan on changing anything.
/close

@k8s-ci-robot
Copy link
Contributor

k8s-ci-robot commented Jul 6, 2021

@soltysh: Closing this issue.

In response to this:

This issue and KEP was only to summarize the discussions about kubectl cp, as such we don't plan on changing anything.
/close

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
sig/cli Categorizes an issue or PR as relevant to SIG CLI.
Projects
None yet
Development

No branches or pull requests

4 participants