-
Notifications
You must be signed in to change notification settings - Fork 361
/
ephemeral_containers.go
102 lines (92 loc) · 4.37 KB
/
ephemeral_containers.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
package pods
import (
"encoding/json"
"fmt"
synccontext "github.com/loft-sh/vcluster/pkg/controllers/syncer/context"
corev1 "k8s.io/api/core/v1"
"k8s.io/apimachinery/pkg/api/errors"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apimachinery/pkg/runtime"
"k8s.io/apimachinery/pkg/types"
"k8s.io/apimachinery/pkg/util/strategicpatch"
"k8s.io/client-go/kubernetes"
)
// AddEphemeralContainer runs an EphemeralContainer in the target Pod for use as a debug container
func AddEphemeralContainer(ctx *synccontext.SyncContext, physicalClusterClient kubernetes.Interface, physicalPod *corev1.Pod, virtualPod *corev1.Pod) error {
if len(virtualPod.Spec.EphemeralContainers) > 0 {
podJS, err := json.Marshal(physicalPod)
if err != nil {
return fmt.Errorf("error creating JSON for physicalPod: %v", err)
}
debugPod, debugContainer, err := getEphemeralContainer(physicalPod, virtualPod)
if err != nil {
return err
}
ctx.Log.Debugf("new ephemeral container: %#v", debugContainer)
debugJS, err := json.Marshal(debugPod)
if err != nil {
return fmt.Errorf("error creating JSON for debug container: %v", err)
}
patch, err := strategicpatch.CreateTwoWayMergePatch(podJS, debugJS, physicalPod)
if err != nil {
return fmt.Errorf("error creating patch to add debug container: %v", err)
}
ctx.Log.Debugf("generated strategic merge patch for debug container: %s", patch)
pods := physicalClusterClient.CoreV1().Pods(physicalPod.Namespace)
_, err = pods.Patch(ctx.Context, physicalPod.Name, types.StrategicMergePatchType, patch, metav1.PatchOptions{}, "ephemeralcontainers")
if err != nil {
// The apiserver will return a 404 when the EphemeralContainers feature is disabled because the `/ephemeralcontainers` subresource
// is missing. Unlike the 404 returned by a missing physicalPod, the status details will be empty.
if serr, ok := err.(*errors.StatusError); ok && serr.Status().Reason == metav1.StatusReasonNotFound && serr.ErrStatus.Details.Name == "" {
return fmt.Errorf("ephemeral containers are disabled for this cluster (error from server: %q)", err)
}
// The Kind used for the /ephemeralcontainers subresource changed in 1.22. When presented with an unexpected
// Kind the api server will respond with a not-registered error. When this happens we can optimistically try
// using the old API.
if runtime.IsNotRegisteredError(err) {
ctx.Log.Infof("Falling back to legacy API because server returned error: %v", err)
return addEphemeralContainerLegacy(ctx, physicalClusterClient, physicalPod, debugContainer)
}
return err
}
}
return nil
}
// addEphemeralContainerLegacy adds an ephemeral container using the pre-1.22 /ephemeralcontainers API
// This may be removed when we no longer wish to support releases prior to 1.22.
func addEphemeralContainerLegacy(ctx *synccontext.SyncContext, physicalClusterClient kubernetes.Interface, physicalPod *corev1.Pod, debugContainer *corev1.EphemeralContainer) error {
// We no longer have the v1.EphemeralContainers Kind since it was removed in 1.22, but
// we can present a JSON 6902 patch that the api server will apply.
patch, err := json.Marshal([]map[string]interface{}{{
"op": "add",
"path": "/ephemeralContainers/-",
"value": debugContainer,
}})
if err != nil {
return fmt.Errorf("error creating JSON 6902 patch for old /ephemeralcontainers API: %s", err)
}
result := physicalClusterClient.CoreV1().RESTClient().Patch(types.JSONPatchType).
Namespace(physicalPod.Namespace).
Resource("pods").
Name(physicalPod.Name).
SubResource("ephemeralcontainers").
Body(patch).
Do(ctx.Context)
if err := result.Error(); err != nil {
return err
}
_, err = physicalClusterClient.CoreV1().Pods(physicalPod.Namespace).Get(ctx.Context, physicalPod.Name, metav1.GetOptions{})
if err != nil {
return err
}
return nil
}
// getEphemeralContainer returns a debugging pod and an EphemeralContainer suitable for use as a debug container
// in the given pod.
func getEphemeralContainer(physicalPod *corev1.Pod, virtualPod *corev1.Pod) (*corev1.Pod, *corev1.EphemeralContainer, error) {
ephemeralContainer := virtualPod.Spec.EphemeralContainers[len(virtualPod.Spec.EphemeralContainers)-1]
copied := physicalPod.DeepCopy()
ephemeralContainer.TargetContainerName = ""
copied.Spec.EphemeralContainers = append(copied.Spec.EphemeralContainers, ephemeralContainer)
return copied, &ephemeralContainer, nil
}