Improve kubectl cp, so it doesn't require the tar binary in the container

[luksa]

Uncomment only one, leave it on its own line:

/kind feature

What happened:
Kubectl cp currently requires the container we're copying into to include the tar binary. This is problematic when the container image is minimal and only includes the main binary run in the container and nothing else.

What you expected to happen:
Docker now has docker cp, which can copy files into a running container without any prerequisites on the container itself. Kubectl cp could use that mechanism. Obviously, this will require introducing a new feature into CRI, so it's not a small task.

Why we need this:
This will enable users to debug an existing (running) container, which is based on the scratch image and contains nothing else but the main app binary. Users would be able to get any binary they need into the container. An alternative solution could be to mount an additional volume (possibly from another container image) into a running pod (if that feature is ever implemented).

[dims]

@luksa : did you figure out which Docker API is to be used?

/sig node

[luksa]

Copy from container: GET /containers/(id or name)/archive
Copy into container: PUT /containers/(id or name)/archive

This is from https://docs.docker.com/engine/api/v1.20/

[cyphar]

Ideally we would add a CRI method that allows the kubelet (and thus Kubernetes) to fetch the stream of an archive of a given path inside a container and to extract a stream of an archive to a path inside a container -- so that cri-o could support this improved kubectl cp just as well.

It should be noted though that (in my experience) the semantics of "what path to output to" (especially for single-file copy operations) are a little bit odd. Docker made a few mistakes historically with this, so I'd prefer to not repeat them in Kubernetes.

[fejta-bot]

Issues go stale after 90d of inactivity.
Mark the issue as fresh with /remove-lifecycle stale.
Stale issues rot after an additional 30d of inactivity and eventually close.

If this issue is safe to close now please do so with /close.

Send feedback to sig-testing, kubernetes/test-infra and/or fejta.
/lifecycle stale

[talolierwork]

+1

[fejta-bot]

Stale issues rot after 30d of inactivity.
Mark the issue as fresh with /remove-lifecycle rotten.
Rotten issues close after an additional 30d of inactivity.

If this issue is safe to close now please do so with /close.

Send feedback to sig-testing, kubernetes/test-infra and/or fejta.
/lifecycle rotten

[yue9944882]

@kubernetes/sig-node-feature-requests

[yue9944882]

/remove-lifecycle rotten