Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Allow removing fields from kubectl debug copied pods or containers #1570

Open
Sayrus opened this issue Mar 6, 2024 · 2 comments
Open

Allow removing fields from kubectl debug copied pods or containers #1570

Sayrus opened this issue Mar 6, 2024 · 2 comments
Labels
kind/feature Categorizes issue or PR as related to a new feature. priority/backlog Higher priority than priority/awaiting-more-evidence. triage/accepted Indicates an issue or PR is ready to be actively worked on.

Comments

@Sayrus
Copy link

Sayrus commented Mar 6, 2024

What would you like to be added:
A way to remove fields from containers when using kubectl debug --copy-to using --custom patches.

Why is this needed:
When using kubectl debug with the --copy-to option, everything from the original pod is copied. In my case, this includes livenessProbe and readinessProbe. In many cases, these probes fail. For instance:

  • When profiling, livenessProbe or readinessProbe may timeout (Related but for ephemeral containers: Allow hot disabling of liveness probes kubernetes#57187)
  • The same happens when debugging with blocking breakpoints
  • When the image or entrypoint has been modified or if the app is not started with the same options as the original (using --image or simply COMMAND [args...])

Thanks to KEP-4292 implemented behind a flag here, it is now possible to rewrite fields so we can "disable" probes by setting a very high initial delay instead. It also allows overwriting environment variable and other stuffs. Unfortunately, since we can't unset fields, we can't do things such as adding an exec probe to a pod with httpGet probe (as it results in a spec with both httpGet and exec which is invalid)

The specific case of probes can be mitigated by using a profile that automatically removes probes (such as general) but this introduces some other limitations if your debugging job requires other capabilities.

I saw kubernetes/kubernetes#123149 which implements this using --keep-* parameters. For my use-case and I would prefer being able to distribute custom profiles as YAML or JSON as it allows non power-user to use different debugging profiles without changing several kubectl arguments.

For client-side patching, Strategic Merge Patch directives are used (or used to? I know it exists as well in Kustomize.). Following this document, a patch to remove probes and a specific env variable could look like:

{
  "env": [
    {
      "name": "DELETE_ME",
      "$patch": "delete"
    }
  ],
  "livenessProbe": null,
  "readinessProbe": null
}
@Sayrus Sayrus added the kind/feature Categorizes issue or PR as related to a new feature. label Mar 6, 2024
@k8s-ci-robot k8s-ci-robot added the needs-triage Indicates an issue or PR lacks a `triage/foo` label and requires one. label Mar 6, 2024
@ardaguclu
Copy link
Member

ardaguclu commented Mar 7, 2024
edited

Thanks for opening this issue. As we discussed async on Slack Email, I agree with that probes should be manageable via flag because I don't think --custom flag will ever be able to support removal of fields;
/triage accepted
/priority backlog

@k8s-ci-robot k8s-ci-robot added triage/accepted Indicates an issue or PR is ready to be actively worked on. priority/backlog Higher priority than priority/awaiting-more-evidence. and removed needs-triage Indicates an issue or PR lacks a `triage/foo` label and requires one. labels Mar 7, 2024
@ardaguclu ardaguclu mentioned this issue May 7, 2024
Merged
@ardaguclu
Copy link
Member

This is fixed by kubernetes/kubernetes#123149

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
kind/feature Categorizes issue or PR as related to a new feature. priority/backlog Higher priority than priority/awaiting-more-evidence. triage/accepted Indicates an issue or PR is ready to be actively worked on.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@ardaguclu @k8s-ci-robot @Sayrus