-
Notifications
You must be signed in to change notification settings - Fork 39.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Implement kubectl debug profiles: general, baseline, and restricted #114280
Implement kubectl debug profiles: general, baseline, and restricted #114280
Conversation
Please note that we're already in Test Freeze for the Fast forwards are scheduled to happen every 6 hours, whereas the most recent run was: Sun Dec 4 21:52:06 UTC 2022. |
Hi @sding3. Thanks for your PR. I'm waiting for a kubernetes member to verify that this patch is reasonable to test. If it is, they should reply with Once the patch is verified, the new status will be reflected by the I understand the commands that are listed here. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
/ok-to-test |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thank you
defer func() { | ||
appendDebugContainer = func() { | ||
copied.Spec.Containers = append(copied.Spec.Containers, *c) | ||
}() | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This looks like it changed his behavior
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is intentional to ensure that debug container in pod copy is added before the profile application. The way that the container list modification was defered caused the debug container to be added after the profile applier runs. We now make sure to have the container list modification happen before the profile applier runs.
I had placed this change in its own git commit and supplied a git commit message to explain the reason behind the change: 0545b223eb5edd447f7a143a8e57bb2500d8ae64
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thank you for your response
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Same above. Is this change related to new debug profiles?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yes, we need this to ensure the generated debug container is added the the container list prior to the o.Applier.Apply
occurs on line 692 below or otherwise the generated debug container isn't available to o.Applier
.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm worried this has gotten a little too tricky. Can we just append immediately?
c, ok := containerByName[name]
if !ok {
...
copied.Spec.Containers = append(copied.Spec.Containers, corev1.Container{...})
c = &copied.Spec.Containers[len(copied.Spec.Containers)-1]
}
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Nice idea - done in 457117b
Yep, that will be my top priority after this PR. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
/lgtm
LGTM label has been added. Git tree hash: 9a99e9c99044a43a3c014af9e6c418ebb5883f57
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
/lgtm
LGTM label has been added. Git tree hash: 1445acc71d5102439c526f69227af3f47097bdc6
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: aimuz, ardaguclu, sding3, verb The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
Is this feature available now or when can we expect this to come? |
What type of PR is this?
/kind feature
What this PR does / why we need it:
Implements "general", "baseline", and "restricted" debugging profiles for kubectl debug as specified in KEP-1441.
Which issue(s) this PR fixes:
xref kubernetes/kubectl#1108
Special notes for your reviewer:
I had picked up where @knight42 had left off in #110526
Does this PR introduce a user-facing change?