You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
One-line enhancement description (can be used as a release note): future-of-kubectl-cp
Kubernetes Enhancement Proposal:
This document summarizes and originates from this email thread,
[Proposal to drop kubectl cp](https://groups.google.com/forum/?utm_medium=email&utm_source=footer#!msg/kubernetes-sig-cli/_zUy67lK49k/aE6vncYiAgAJ).
This document aims to solidify the future of `kubectl cp` as a tool that provides basic function of copying files between local environments and pods. Any advanced use cases
such as those involving symlinks or modifying file permissions should be performed outside of `kubectl cp` through `kubectl exec`, addons, or shell commands.
Over the past few releases, there have been numerous security issues with `kubectl cp` that have resulted in release updates in all supported versions of kubectl.
At the same time,any new PR that extends `kubectl cp` must undergo extra reviews to evaluate security threats that may arise . Over the past few months,
security fixes have required dropping edge cases and function of the command. It is increasingly difficult to maintain a cp command that is both
useful and secure. There are alternative approaches that provide the same function as `kubectl cp` . Using `kubectl exec ...| tar`
provides transparency when copying files as well as mitigations for path traversals, symlink directory escapes, tar bombs, and other exploits.
Use of tar is more featureful, in that it can preserve file permissions and copy pod-to-pod. Also, `kubectl cp` is dependent on the tar binary
in a container. A malicious tar binary is outside of what `kubectl cp` can control.
With all of this in mind the cost and risk of maintaining the cp command should be weighed against what is considered crucial functionality in kubectl.
It's better to address 80% of use cases with a simple tool than trying to address the remaining 20% at the cost of risking those 80%.
This issue and KEP was only to summarize the discussions about kubectl cp, as such we don't plan on changing anything.
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.