Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Implement kubectl debug profiles: general, baseline, and restricted #114280

Merged

Conversation

sding3
Copy link
Contributor

@sding3 sding3 commented Dec 5, 2022

What type of PR is this?

/kind feature

What this PR does / why we need it:

Implements "general", "baseline", and "restricted" debugging profiles for kubectl debug as specified in KEP-1441.

Which issue(s) this PR fixes:

xref kubernetes/kubectl#1108

Special notes for your reviewer:

I had picked up where @knight42 had left off in #110526

Does this PR introduce a user-facing change?

Added "general", "baseline", and "restricted" debugging profiles for kubectl debug.

@k8s-ci-robot k8s-ci-robot added release-note Denotes a PR that will be considered when it comes time to generate release notes. kind/feature Categorizes issue or PR as related to a new feature. size/XL Denotes a PR that changes 500-999 lines, ignoring generated files. labels Dec 5, 2022
@k8s-ci-robot
Copy link
Contributor

Please note that we're already in Test Freeze for the release-1.26 branch. This means every merged PR will be automatically fast-forwarded via the periodic ci-fast-forward job to the release branch of the upcoming v1.26.0 release.

Fast forwards are scheduled to happen every 6 hours, whereas the most recent run was: Sun Dec 4 21:52:06 UTC 2022.

@k8s-ci-robot k8s-ci-robot added cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. do-not-merge/needs-sig Indicates an issue or PR lacks a `sig/foo` label and requires one. needs-triage Indicates an issue or PR lacks a `triage/foo` label and requires one. needs-ok-to-test Indicates a PR that requires an org member to verify it is safe to test. labels Dec 5, 2022
@k8s-ci-robot
Copy link
Contributor

Hi @sding3. Thanks for your PR.

I'm waiting for a kubernetes member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@k8s-ci-robot k8s-ci-robot added the needs-priority Indicates a PR lacks a `priority/foo` label and requires one. label Dec 5, 2022
@k8s-ci-robot k8s-ci-robot added sig/cli Categorizes an issue or PR as relevant to SIG CLI. and removed do-not-merge/needs-sig Indicates an issue or PR lacks a `sig/foo` label and requires one. labels Dec 5, 2022
@sding3
Copy link
Contributor Author

sding3 commented Dec 5, 2022

/cc @verb @knight42

@aimuz
Copy link
Contributor

aimuz commented Dec 5, 2022

/ok-to-test

@k8s-ci-robot k8s-ci-robot added ok-to-test Indicates a non-member PR verified by an org member that is safe to test. and removed needs-ok-to-test Indicates a PR that requires an org member to verify it is safe to test. labels Dec 5, 2022
Copy link
Contributor

@aimuz aimuz left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you

Comment on lines 657 to 667
defer func() {
appendDebugContainer = func() {
copied.Spec.Containers = append(copied.Spec.Containers, *c)
}()
}
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This looks like it changed his behavior

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is intentional to ensure that debug container in pod copy is added before the profile application. The way that the container list modification was defered caused the debug container to be added after the profile applier runs. We now make sure to have the container list modification happen before the profile applier runs.

I had placed this change in its own git commit and supplied a git commit message to explain the reason behind the change: 0545b223eb5edd447f7a143a8e57bb2500d8ae64

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you for your response

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Same above. Is this change related to new debug profiles?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes, we need this to ensure the generated debug container is added the the container list prior to the o.Applier.Apply occurs on line 692 below or otherwise the generated debug container isn't available to o.Applier.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm worried this has gotten a little too tricky. Can we just append immediately?

c, ok := containerByName[name]
if !ok {
  ...
  copied.Spec.Containers = append(copied.Spec.Containers, corev1.Container{...})
  c = &copied.Spec.Containers[len(copied.Spec.Containers)-1]
}

Copy link
Contributor Author

@sding3 sding3 Jan 24, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice idea - done in 457117b

@sding3 sding3 requested review from aimuz and removed request for verb, knight42, seans3 and ardaguclu December 11, 2022 15:45
@sding3
Copy link
Contributor Author

sding3 commented Dec 11, 2022

/cc @verb @knight42

@sding3
Copy link
Contributor Author

sding3 commented Feb 9, 2023

I quickly tested these profiles on Kind cluster and did not encounter any problem. I left a few unblocker comments can be easily done in followup PR. It would be great if we can also add integration tests in a followup PR too.

Yep, that will be my top priority after this PR.

Copy link
Contributor

@verb verb left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/lgtm

@k8s-ci-robot k8s-ci-robot added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Feb 9, 2023
@k8s-ci-robot
Copy link
Contributor

LGTM label has been added.

Git tree hash: 9a99e9c99044a43a3c014af9e6c418ebb5883f57

@k8s-ci-robot k8s-ci-robot removed the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Feb 9, 2023
@sding3
Copy link
Contributor Author

sding3 commented Feb 9, 2023

@verb - sorry I pushed a grammar fix in d760b0c after you already tagged - could you retag? Thank you.

Copy link
Contributor

@verb verb left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/lgtm

@k8s-ci-robot k8s-ci-robot added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Feb 9, 2023
@k8s-ci-robot
Copy link
Contributor

LGTM label has been added.

Git tree hash: 1445acc71d5102439c526f69227af3f47097bdc6

@k8s-ci-robot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: aimuz, ardaguclu, sding3, verb

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@hariskmohd
Copy link

Is this feature available now or when can we expect this to come?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. area/kubectl cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. kind/feature Categorizes issue or PR as related to a new feature. lgtm "Looks good to me", indicates that a PR is ready to be merged. ok-to-test Indicates a non-member PR verified by an org member that is safe to test. priority/backlog Higher priority than priority/awaiting-more-evidence. release-note Denotes a PR that will be considered when it comes time to generate release notes. sig/cli Categorizes an issue or PR as relevant to SIG CLI. size/XL Denotes a PR that changes 500-999 lines, ignoring generated files. tide/merge-method-squash Denotes a PR that should be squashed by tide when it merges. triage/accepted Indicates an issue or PR is ready to be actively worked on.
Projects
None yet
Development

Successfully merging this pull request may close these issues.

9 participants