k3s/vendor/k8s.io/kubectl/pkg/cmd/debug/debug.go

816 lines
28 KiB
Go
Raw Normal View History

2020-03-26 21:07:15 +00:00
/*
Copyright 2020 The Kubernetes Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package debug
import (
"context"
"encoding/json"
2020-03-26 21:07:15 +00:00
"fmt"
"time"
"github.com/docker/distribution/reference"
"github.com/spf13/cobra"
2020-08-10 17:43:49 +00:00
"k8s.io/klog/v2"
2020-03-26 21:07:15 +00:00
corev1 "k8s.io/api/core/v1"
"k8s.io/apimachinery/pkg/api/errors"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apimachinery/pkg/fields"
"k8s.io/apimachinery/pkg/runtime"
"k8s.io/apimachinery/pkg/runtime/schema"
"k8s.io/apimachinery/pkg/types"
2020-03-26 21:07:15 +00:00
utilrand "k8s.io/apimachinery/pkg/util/rand"
"k8s.io/apimachinery/pkg/util/strategicpatch"
2020-03-26 21:07:15 +00:00
"k8s.io/apimachinery/pkg/watch"
"k8s.io/cli-runtime/pkg/genericclioptions"
"k8s.io/cli-runtime/pkg/resource"
corev1client "k8s.io/client-go/kubernetes/typed/core/v1"
"k8s.io/client-go/tools/cache"
watchtools "k8s.io/client-go/tools/watch"
"k8s.io/kubectl/pkg/cmd/attach"
"k8s.io/kubectl/pkg/cmd/exec"
"k8s.io/kubectl/pkg/cmd/logs"
cmdutil "k8s.io/kubectl/pkg/cmd/util"
"k8s.io/kubectl/pkg/polymorphichelpers"
"k8s.io/kubectl/pkg/scheme"
"k8s.io/kubectl/pkg/util/i18n"
"k8s.io/kubectl/pkg/util/interrupt"
"k8s.io/kubectl/pkg/util/templates"
2020-08-10 17:43:49 +00:00
"k8s.io/utils/pointer"
2020-03-26 21:07:15 +00:00
)
var (
2020-08-10 17:43:49 +00:00
debugLong = templates.LongDesc(i18n.T(`
Debug cluster resources using interactive debugging containers.
'debug' provides automation for common debugging tasks for cluster objects identified by
resource and name. Pods will be used by default if no resource is specified.
2020-08-10 17:43:49 +00:00
The action taken by 'debug' varies depending on what resource is specified. Supported
actions include:
* Workload: Create a copy of an existing pod with certain attributes changed,
for example changing the image tag to a new version.
* Workload: Add an ephemeral container to an already running pod, for example to add
debugging utilities without restarting the pod.
* Node: Create a new pod that runs in the node's host namespaces and can access
the node's filesystem.
`))
2020-03-26 21:07:15 +00:00
debugExample = templates.Examples(i18n.T(`
# Create an interactive debugging session in pod mypod and immediately attach to it.
# (requires the EphemeralContainers feature to be enabled in the cluster)
kubectl debug mypod -it --image=busybox
2020-03-26 21:07:15 +00:00
# Create a debug container named debugger using a custom automated debugging image.
# (requires the EphemeralContainers feature to be enabled in the cluster)
kubectl debug --image=myproj/debug-tools -c debugger mypod
# Create a copy of mypod adding a debug container and attach to it
kubectl debug mypod -it --image=busybox --copy-to=my-debugger
# Create a copy of mypod changing the command of mycontainer
kubectl debug mypod -it --copy-to=my-debugger --container=mycontainer -- sh
2020-08-10 17:43:49 +00:00
# Create a copy of mypod changing all container images to busybox
kubectl debug mypod --copy-to=my-debugger --set-image=*=busybox
2020-08-10 17:43:49 +00:00
# Create a copy of mypod adding a debug container and changing container images
kubectl debug mypod -it --copy-to=my-debugger --image=debian --set-image=app=app:debug,sidecar=sidecar:debug
2020-08-10 17:43:49 +00:00
# Create an interactive debugging session on a node and immediately attach to it.
# The container will run in the host namespaces and the host's filesystem will be mounted at /host
kubectl debug node/mynode -it --image=busybox
2020-08-10 17:43:49 +00:00
`))
2020-03-26 21:07:15 +00:00
)
var nameSuffixFunc = utilrand.String
// DebugOptions holds the options for an invocation of kubectl debug.
type DebugOptions struct {
Args []string
ArgsOnly bool
Attach bool
Container string
CopyTo string
Replace bool
Env []corev1.EnvVar
Image string
Interactive bool
Namespace string
TargetNames []string
PullPolicy corev1.PullPolicy
Quiet bool
SameNode bool
SetImages map[string]string
ShareProcesses bool
TargetContainer string
TTY bool
attachChanged bool
2020-08-10 17:43:49 +00:00
shareProcessedChanged bool
2020-03-26 21:07:15 +00:00
podClient corev1client.CoreV1Interface
2020-03-26 21:07:15 +00:00
genericclioptions.IOStreams
}
// NewDebugOptions returns a DebugOptions initialized with default values.
func NewDebugOptions(streams genericclioptions.IOStreams) *DebugOptions {
return &DebugOptions{
2020-08-10 17:43:49 +00:00
Args: []string{},
IOStreams: streams,
TargetNames: []string{},
ShareProcesses: true,
2020-03-26 21:07:15 +00:00
}
}
// NewCmdDebug returns a cobra command that runs kubectl debug.
func NewCmdDebug(f cmdutil.Factory, streams genericclioptions.IOStreams) *cobra.Command {
2020-03-26 21:07:15 +00:00
o := NewDebugOptions(streams)
cmd := &cobra.Command{
Use: "debug (POD | TYPE[[.VERSION].GROUP]/NAME) [ -- COMMAND [args...] ]",
2020-03-26 21:07:15 +00:00
DisableFlagsInUseLine: true,
Short: i18n.T("Create debugging sessions for troubleshooting workloads and nodes"),
2020-03-26 21:07:15 +00:00
Long: debugLong,
Example: debugExample,
Run: func(cmd *cobra.Command, args []string) {
cmdutil.CheckErr(o.Complete(f, cmd, args))
cmdutil.CheckErr(o.Validate(cmd))
cmdutil.CheckErr(o.Run(f, cmd))
},
}
addDebugFlags(cmd, o)
return cmd
}
func addDebugFlags(cmd *cobra.Command, opt *DebugOptions) {
cmd.Flags().BoolVar(&opt.ArgsOnly, "arguments-only", opt.ArgsOnly, i18n.T("If specified, everything after -- will be passed to the new container as Args instead of Command."))
2020-08-10 17:43:49 +00:00
cmd.Flags().BoolVar(&opt.Attach, "attach", opt.Attach, i18n.T("If true, wait for the container to start running, and then attach as if 'kubectl attach ...' were called. Default false, unless '-i/--stdin' is set, in which case the default is true."))
cmd.Flags().StringVarP(&opt.Container, "container", "c", opt.Container, i18n.T("Container name to use for debug container."))
cmd.Flags().StringVar(&opt.CopyTo, "copy-to", opt.CopyTo, i18n.T("Create a copy of the target Pod with this name."))
cmd.Flags().BoolVar(&opt.Replace, "replace", opt.Replace, i18n.T("When used with '--copy-to', delete the original Pod."))
2020-03-26 21:07:15 +00:00
cmd.Flags().StringToString("env", nil, i18n.T("Environment variables to set in the container."))
cmd.Flags().StringVar(&opt.Image, "image", opt.Image, i18n.T("Container image to use for debug container."))
cmd.Flags().StringToStringVar(&opt.SetImages, "set-image", opt.SetImages, i18n.T("When used with '--copy-to', a list of name=image pairs for changing container images, similar to how 'kubectl set image' works."))
cmd.Flags().String("image-pull-policy", "", i18n.T("The image pull policy for the container. If left empty, this value will not be specified by the client and defaulted by the server."))
2020-03-26 21:07:15 +00:00
cmd.Flags().BoolVarP(&opt.Interactive, "stdin", "i", opt.Interactive, i18n.T("Keep stdin open on the container(s) in the pod, even if nothing is attached."))
cmd.Flags().BoolVarP(&opt.Quiet, "quiet", "q", opt.Quiet, i18n.T("If true, suppress informational messages."))
2020-08-10 17:43:49 +00:00
cmd.Flags().BoolVar(&opt.SameNode, "same-node", opt.SameNode, i18n.T("When used with '--copy-to', schedule the copy of target Pod on the same node."))
cmd.Flags().BoolVar(&opt.ShareProcesses, "share-processes", opt.ShareProcesses, i18n.T("When used with '--copy-to', enable process namespace sharing in the copy."))
cmd.Flags().StringVar(&opt.TargetContainer, "target", "", i18n.T("When using an ephemeral container, target processes in this container name."))
2020-08-10 17:43:49 +00:00
cmd.Flags().BoolVarP(&opt.TTY, "tty", "t", opt.TTY, i18n.T("Allocate a TTY for the debugging container."))
2020-03-26 21:07:15 +00:00
}
// Complete finishes run-time initialization of debug.DebugOptions.
func (o *DebugOptions) Complete(f cmdutil.Factory, cmd *cobra.Command, args []string) error {
var err error
o.PullPolicy = corev1.PullPolicy(cmdutil.GetFlagString(cmd, "image-pull-policy"))
// Arguments
argsLen := cmd.ArgsLenAtDash()
2020-08-10 17:43:49 +00:00
o.TargetNames = args
2020-03-26 21:07:15 +00:00
// If there is a dash and there are args after the dash, extract the args.
if argsLen >= 0 && len(args) > argsLen {
2020-08-10 17:43:49 +00:00
o.TargetNames, o.Args = args[:argsLen], args[argsLen:]
2020-03-26 21:07:15 +00:00
}
// Attach
attachFlag := cmd.Flags().Lookup("attach")
if !attachFlag.Changed && o.Interactive {
o.Attach = true
}
// Environment
envStrings, err := cmd.Flags().GetStringToString("env")
if err != nil {
return fmt.Errorf("internal error getting env flag: %v", err)
}
for k, v := range envStrings {
o.Env = append(o.Env, corev1.EnvVar{Name: k, Value: v})
}
// Namespace
o.Namespace, _, err = f.ToRawKubeConfigLoader().Namespace()
if err != nil {
return err
}
// Record flags that the user explicitly changed from their defaults
o.attachChanged = cmd.Flags().Changed("attach")
2020-08-10 17:43:49 +00:00
o.shareProcessedChanged = cmd.Flags().Changed("share-processes")
2020-03-26 21:07:15 +00:00
return nil
}
// Validate checks that the provided debug options are specified.
func (o *DebugOptions) Validate(cmd *cobra.Command) error {
// Attach
if o.Attach && o.attachChanged && len(o.Image) == 0 && len(o.Container) == 0 {
return fmt.Errorf("you must specify --container or create a new container using --image in order to attach.")
2020-03-26 21:07:15 +00:00
}
// CopyTo
if len(o.CopyTo) > 0 {
if len(o.Image) == 0 && len(o.SetImages) == 0 && len(o.Args) == 0 {
return fmt.Errorf("you must specify --image, --set-image or command arguments.")
}
if len(o.Args) > 0 && len(o.Container) == 0 && len(o.Image) == 0 {
return fmt.Errorf("you must specify an existing container or a new image when specifying args.")
}
} else {
// These flags are exclusive to --copy-to
switch {
case o.Replace:
return fmt.Errorf("--replace may only be used with --copy-to.")
case o.SameNode:
return fmt.Errorf("--same-node may only be used with --copy-to.")
case len(o.SetImages) > 0:
return fmt.Errorf("--set-image may only be used with --copy-to.")
case len(o.Image) == 0:
return fmt.Errorf("you must specify --image when not using --copy-to.")
}
}
// Image
if len(o.Image) > 0 && !reference.ReferenceRegexp.MatchString(o.Image) {
return fmt.Errorf("invalid image name %q: %v", o.Image, reference.ErrReferenceInvalidFormat)
2020-03-26 21:07:15 +00:00
}
// Name
2020-08-10 17:43:49 +00:00
if len(o.TargetNames) == 0 {
2020-03-26 21:07:15 +00:00
return fmt.Errorf("NAME is required for debug")
}
// Pull Policy
switch o.PullPolicy {
case corev1.PullAlways, corev1.PullIfNotPresent, corev1.PullNever, "":
// continue
default:
return fmt.Errorf("invalid image pull policy: %s", o.PullPolicy)
}
// SetImages
for name, image := range o.SetImages {
if !reference.ReferenceRegexp.MatchString(image) {
return fmt.Errorf("invalid image name %q for container %q: %v", image, name, reference.ErrReferenceInvalidFormat)
}
}
// TargetContainer
if len(o.TargetContainer) > 0 {
if len(o.CopyTo) > 0 {
return fmt.Errorf("--target is incompatible with --copy-to. Use --share-processes instead.")
}
if !o.Quiet {
// If the runtime doesn't support container namespace targeting this will fail silently, which has caused
// some confusion (ex: https://issues.k8s.io/98362), so print a warning. This can be removed when
// EphemeralContainers are generally available.
fmt.Fprintf(o.Out, "Targeting container %q. If you don't see processes from this container it may be because the container runtime doesn't support this feature.\n", o.TargetContainer)
// TODO(verb): Add a list of supported container runtimes to https://kubernetes.io/docs/concepts/workloads/pods/ephemeral-containers/ and then link here.
}
2020-08-10 17:43:49 +00:00
}
2020-03-26 21:07:15 +00:00
// TTY
if o.TTY && !o.Interactive {
return fmt.Errorf("-i/--stdin is required for containers with -t/--tty=true")
}
return nil
}
// Run executes a kubectl debug.
func (o *DebugOptions) Run(f cmdutil.Factory, cmd *cobra.Command) error {
2020-08-10 17:43:49 +00:00
ctx := context.Background()
clientset, err := f.KubernetesClientSet()
if err != nil {
return fmt.Errorf("internal error getting clientset: %v", err)
}
o.podClient = clientset.CoreV1()
r := f.NewBuilder().
2020-03-26 21:07:15 +00:00
WithScheme(scheme.Scheme, scheme.Scheme.PrioritizedVersionsAllGroups()...).
2020-08-10 17:43:49 +00:00
NamespaceParam(o.Namespace).DefaultNamespace().ResourceNames("pods", o.TargetNames...).
2020-03-26 21:07:15 +00:00
Do()
if err := r.Err(); err != nil {
return err
}
err = r.Visit(func(info *resource.Info, err error) error {
2020-03-26 21:07:15 +00:00
if err != nil {
// TODO(verb): configurable early return
return err
}
2020-08-10 17:43:49 +00:00
var (
debugPod *corev1.Pod
containerName string
visitErr error
)
switch obj := info.Object.(type) {
case *corev1.Node:
debugPod, containerName, visitErr = o.visitNode(ctx, obj)
case *corev1.Pod:
debugPod, containerName, visitErr = o.visitPod(ctx, obj)
default:
visitErr = fmt.Errorf("%q not supported by debug", info.Mapping.GroupVersionKind)
2020-03-26 21:07:15 +00:00
}
2020-08-10 17:43:49 +00:00
if visitErr != nil {
return visitErr
2020-03-26 21:07:15 +00:00
}
if o.Attach && len(containerName) > 0 {
2020-03-26 21:07:15 +00:00
opts := &attach.AttachOptions{
StreamOptions: exec.StreamOptions{
IOStreams: o.IOStreams,
Stdin: o.Interactive,
TTY: o.TTY,
Quiet: o.Quiet,
},
2020-08-10 17:43:49 +00:00
// TODO(verb): kubectl prints an incorrect "Session ended" message for debug containers.
2020-03-26 21:07:15 +00:00
CommandName: cmd.Parent().CommandPath() + " attach",
Attach: &attach.DefaultRemoteAttach{},
}
config, err := f.ToRESTConfig()
if err != nil {
return err
}
opts.Config = config
opts.AttachFunc = attach.DefaultAttachFunc
2020-08-10 17:43:49 +00:00
if err := handleAttachPod(ctx, f, o.podClient, debugPod.Namespace, debugPod.Name, containerName, opts); err != nil {
2020-03-26 21:07:15 +00:00
return err
}
}
return nil
})
return err
}
2020-08-10 17:43:49 +00:00
// visitNode handles debugging for node targets by creating a privileged pod running in the host namespaces.
// Returns an already created pod and container name for subsequent attach, if applicable.
func (o *DebugOptions) visitNode(ctx context.Context, node *corev1.Node) (*corev1.Pod, string, error) {
pods := o.podClient.Pods(o.Namespace)
newPod, err := pods.Create(ctx, o.generateNodeDebugPod(node), metav1.CreateOptions{})
2020-08-10 17:43:49 +00:00
if err != nil {
return nil, "", err
}
return newPod, newPod.Spec.Containers[0].Name, nil
}
// visitPod handles debugging for pod targets by (depending on options):
// 1. Creating an ephemeral debug container in an existing pod, OR
// 2. Making a copy of pod with certain attributes changed
// visitPod returns a pod and debug container name for subsequent attach, if applicable.
func (o *DebugOptions) visitPod(ctx context.Context, pod *corev1.Pod) (*corev1.Pod, string, error) {
if len(o.CopyTo) > 0 {
return o.debugByCopy(ctx, pod)
2020-03-26 21:07:15 +00:00
}
2020-08-10 17:43:49 +00:00
return o.debugByEphemeralContainer(ctx, pod)
}
// debugByEphemeralContainer runs an EphemeralContainer in the target Pod for use as a debug container
func (o *DebugOptions) debugByEphemeralContainer(ctx context.Context, pod *corev1.Pod) (*corev1.Pod, string, error) {
klog.V(2).Infof("existing ephemeral containers: %v", pod.Spec.EphemeralContainers)
podJS, err := json.Marshal(pod)
if err != nil {
return nil, "", fmt.Errorf("error creating JSON for pod: %v", err)
}
debugContainer := o.generateDebugContainer(pod)
klog.V(2).Infof("new ephemeral container: %#v", debugContainer)
debugPod := pod.DeepCopy()
debugPod.Spec.EphemeralContainers = append(debugPod.Spec.EphemeralContainers, *debugContainer)
debugJS, err := json.Marshal(debugPod)
if err != nil {
return nil, "", fmt.Errorf("error creating JSON for debug container: %v", err)
}
patch, err := strategicpatch.CreateTwoWayMergePatch(podJS, debugJS, pod)
if err != nil {
return nil, "", fmt.Errorf("error creating patch to add debug container: %v", err)
}
klog.V(2).Infof("generated strategic merge patch for debug container: %s", patch)
2020-08-10 17:43:49 +00:00
pods := o.podClient.Pods(pod.Namespace)
result, err := pods.Patch(ctx, pod.Name, types.StrategicMergePatchType, patch, metav1.PatchOptions{}, "ephemeralcontainers")
2020-08-10 17:43:49 +00:00
if err != nil {
// The apiserver will return a 404 when the EphemeralContainers feature is disabled because the `/ephemeralcontainers` subresource
// is missing. Unlike the 404 returned by a missing pod, the status details will be empty.
if serr, ok := err.(*errors.StatusError); ok && serr.Status().Reason == metav1.StatusReasonNotFound && serr.ErrStatus.Details.Name == "" {
2020-08-10 17:43:49 +00:00
return nil, "", fmt.Errorf("ephemeral containers are disabled for this cluster (error from server: %q).", err)
}
// The Kind used for the /ephemeralcontainers subresource changed in 1.22. When presented with an unexpected
// Kind the api server will respond with a not-registered error. When this happens we can optimistically try
// using the old API.
if runtime.IsNotRegisteredError(err) {
klog.V(1).Infof("Falling back to legacy API because server returned error: %v", err)
return o.debugByEphemeralContainerLegacy(ctx, pod, debugContainer)
}
2020-08-10 17:43:49 +00:00
return nil, "", err
2020-03-26 21:07:15 +00:00
}
2020-08-10 17:43:49 +00:00
return result, debugContainer.Name, nil
}
// debugByEphemeralContainerLegacy adds debugContainer as an ephemeral container using the pre-1.22 /ephemeralcontainers API
// This may be removed when we no longer wish to support releases prior to 1.22.
func (o *DebugOptions) debugByEphemeralContainerLegacy(ctx context.Context, pod *corev1.Pod, debugContainer *corev1.EphemeralContainer) (*corev1.Pod, string, error) {
// We no longer have the v1.EphemeralContainers Kind since it was removed in 1.22, but
// we can present a JSON 6902 patch that the api server will apply.
patch, err := json.Marshal([]map[string]interface{}{{
"op": "add",
"path": "/ephemeralContainers/-",
"value": debugContainer,
}})
2020-08-10 17:43:49 +00:00
if err != nil {
return nil, "", fmt.Errorf("error creating JSON 6902 patch for old /ephemeralcontainers API: %s", err)
}
result := o.podClient.RESTClient().Patch(types.JSONPatchType).
Namespace(pod.Namespace).
Resource("pods").
Name(pod.Name).
SubResource("ephemeralcontainers").
Body(patch).
Do(ctx)
if err := result.Error(); err != nil {
return nil, "", err
2020-03-26 21:07:15 +00:00
}
2020-08-10 17:43:49 +00:00
newPod, err := o.podClient.Pods(pod.Namespace).Get(ctx, pod.Name, metav1.GetOptions{})
if err != nil {
return nil, "", err
}
return newPod, debugContainer.Name, nil
2020-08-10 17:43:49 +00:00
}
// debugByCopy runs a copy of the target Pod with a debug container added or an original container modified
func (o *DebugOptions) debugByCopy(ctx context.Context, pod *corev1.Pod) (*corev1.Pod, string, error) {
copied, dc, err := o.generatePodCopyWithDebugContainer(pod)
if err != nil {
return nil, "", err
}
created, err := o.podClient.Pods(copied.Namespace).Create(ctx, copied, metav1.CreateOptions{})
2020-08-10 17:43:49 +00:00
if err != nil {
return nil, "", err
}
if o.Replace {
err := o.podClient.Pods(pod.Namespace).Delete(ctx, pod.Name, *metav1.NewDeleteOptions(0))
if err != nil {
return nil, "", err
}
}
return created, dc, nil
2020-03-26 21:07:15 +00:00
}
// generateDebugContainer returns an EphemeralContainer suitable for use as a debug container
// in the given pod.
func (o *DebugOptions) generateDebugContainer(pod *corev1.Pod) *corev1.EphemeralContainer {
2020-08-10 17:43:49 +00:00
name := o.computeDebugContainerName(pod)
2020-03-26 21:07:15 +00:00
ec := &corev1.EphemeralContainer{
EphemeralContainerCommon: corev1.EphemeralContainerCommon{
Name: name,
Env: o.Env,
Image: o.Image,
ImagePullPolicy: o.PullPolicy,
Stdin: o.Interactive,
TerminationMessagePolicy: corev1.TerminationMessageReadFile,
TTY: o.TTY,
},
TargetContainerName: o.TargetContainer,
2020-03-26 21:07:15 +00:00
}
if o.ArgsOnly {
ec.Args = o.Args
} else {
ec.Command = o.Args
}
return ec
}
2020-08-10 17:43:49 +00:00
// generateNodeDebugPod generates a debugging pod that schedules on the specified node.
// The generated pod will run in the host PID, Network & IPC namespaces, and it will have the node's filesystem mounted at /host.
func (o *DebugOptions) generateNodeDebugPod(node *corev1.Node) *corev1.Pod {
2020-08-10 17:43:49 +00:00
cn := "debugger"
// Setting a user-specified container name doesn't make much difference when there's only one container,
// but the argument exists for pod debugging so it might be confusing if it didn't work here.
if len(o.Container) > 0 {
cn = o.Container
}
2020-03-26 21:07:15 +00:00
2020-08-10 17:43:49 +00:00
// The name of the debugging pod is based on the target node, and it's not configurable to
// limit the number of command line flags. There may be a collision on the name, but this
// should be rare enough that it's not worth the API round trip to check.
pn := fmt.Sprintf("node-debugger-%s-%s", node.Name, nameSuffixFunc(5))
2020-08-10 17:43:49 +00:00
if !o.Quiet {
fmt.Fprintf(o.Out, "Creating debugging pod %s with container %s on node %s.\n", pn, cn, node.Name)
2020-08-10 17:43:49 +00:00
}
p := &corev1.Pod{
ObjectMeta: metav1.ObjectMeta{
Name: pn,
},
Spec: corev1.PodSpec{
Containers: []corev1.Container{
{
Name: cn,
Env: o.Env,
Image: o.Image,
ImagePullPolicy: o.PullPolicy,
Stdin: o.Interactive,
TerminationMessagePolicy: corev1.TerminationMessageReadFile,
TTY: o.TTY,
VolumeMounts: []corev1.VolumeMount{
{
MountPath: "/host",
Name: "host-root",
},
},
},
},
HostIPC: true,
HostNetwork: true,
HostPID: true,
NodeName: node.Name,
2020-08-10 17:43:49 +00:00
RestartPolicy: corev1.RestartPolicyNever,
Volumes: []corev1.Volume{
{
Name: "host-root",
VolumeSource: corev1.VolumeSource{
HostPath: &corev1.HostPathVolumeSource{Path: "/"},
},
},
},
Tolerations: []corev1.Toleration{
{
Operator: corev1.TolerationOpExists,
},
},
2020-08-10 17:43:49 +00:00
},
}
if o.ArgsOnly {
p.Spec.Containers[0].Args = o.Args
} else {
p.Spec.Containers[0].Command = o.Args
}
return p
}
// generatePodCopyWithDebugContainer takes a Pod and returns a copy and the debug container name of that copy
func (o *DebugOptions) generatePodCopyWithDebugContainer(pod *corev1.Pod) (*corev1.Pod, string, error) {
2020-08-10 17:43:49 +00:00
copied := &corev1.Pod{
ObjectMeta: metav1.ObjectMeta{
Name: o.CopyTo,
Namespace: pod.Namespace,
Annotations: pod.Annotations,
},
Spec: *pod.Spec.DeepCopy(),
}
// set EphemeralContainers to nil so that the copy of pod can be created
copied.Spec.EphemeralContainers = nil
2020-08-10 17:43:49 +00:00
// change ShareProcessNamespace configuration only when commanded explicitly
if o.shareProcessedChanged {
copied.Spec.ShareProcessNamespace = pointer.BoolPtr(o.ShareProcesses)
}
if !o.SameNode {
copied.Spec.NodeName = ""
}
// Apply image mutations
for i, c := range copied.Spec.Containers {
override := o.SetImages["*"]
if img, ok := o.SetImages[c.Name]; ok {
override = img
}
if len(override) > 0 {
copied.Spec.Containers[i].Image = override
}
}
name, containerByName := o.Container, containerNameToRef(copied)
c, ok := containerByName[name]
if !ok {
// Adding a new debug container
if len(o.Image) == 0 {
if len(o.SetImages) > 0 {
// This was a --set-image only invocation
return copied, "", nil
}
return nil, "", fmt.Errorf("you must specify image when creating new container")
}
if len(name) == 0 {
name = o.computeDebugContainerName(copied)
}
c = &corev1.Container{
Name: name,
TerminationMessagePolicy: corev1.TerminationMessageReadFile,
}
defer func() {
copied.Spec.Containers = append(copied.Spec.Containers, *c)
}()
}
if len(o.Args) > 0 {
if o.ArgsOnly {
c.Args = o.Args
} else {
c.Command = o.Args
c.Args = nil
}
}
if len(o.Env) > 0 {
2020-08-10 17:43:49 +00:00
c.Env = o.Env
}
if len(o.Image) > 0 {
c.Image = o.Image
2020-08-10 17:43:49 +00:00
}
if len(o.PullPolicy) > 0 {
c.ImagePullPolicy = o.PullPolicy
2020-08-10 17:43:49 +00:00
}
c.Stdin = o.Interactive
c.TTY = o.TTY
return copied, name, nil
2020-08-10 17:43:49 +00:00
}
func (o *DebugOptions) computeDebugContainerName(pod *corev1.Pod) string {
if len(o.Container) > 0 {
return o.Container
}
name := o.Container
if len(name) == 0 {
cn, containerByName := "", containerNameToRef(pod)
for len(cn) == 0 || (containerByName[cn] != nil) {
cn = fmt.Sprintf("debugger-%s", nameSuffixFunc(5))
2020-03-26 21:07:15 +00:00
}
2020-08-10 17:43:49 +00:00
if !o.Quiet {
fmt.Fprintf(o.Out, "Defaulting debug container name to %s.\n", cn)
2020-03-26 21:07:15 +00:00
}
2020-08-10 17:43:49 +00:00
name = cn
}
return name
}
2020-03-26 21:07:15 +00:00
2020-08-10 17:43:49 +00:00
func containerNameToRef(pod *corev1.Pod) map[string]*corev1.Container {
names := map[string]*corev1.Container{}
for i := range pod.Spec.Containers {
ref := &pod.Spec.Containers[i]
names[ref.Name] = ref
}
for i := range pod.Spec.InitContainers {
ref := &pod.Spec.InitContainers[i]
2020-08-10 17:43:49 +00:00
names[ref.Name] = ref
}
for i := range pod.Spec.EphemeralContainers {
ref := (*corev1.Container)(&pod.Spec.EphemeralContainers[i].EphemeralContainerCommon)
2020-08-10 17:43:49 +00:00
names[ref.Name] = ref
2020-03-26 21:07:15 +00:00
}
2020-08-10 17:43:49 +00:00
return names
}
// waitForContainer watches the given pod until the container is running
func waitForContainer(ctx context.Context, podClient corev1client.PodsGetter, ns, podName, containerName string) (*corev1.Pod, error) {
// TODO: expose the timeout
ctx, cancel := watchtools.ContextWithOptionalTimeout(ctx, 0*time.Second)
defer cancel()
2020-03-26 21:07:15 +00:00
fieldSelector := fields.OneTermEqualSelector("metadata.name", podName).String()
lw := &cache.ListWatch{
ListFunc: func(options metav1.ListOptions) (runtime.Object, error) {
options.FieldSelector = fieldSelector
return podClient.Pods(ns).List(ctx, options)
},
WatchFunc: func(options metav1.ListOptions) (watch.Interface, error) {
options.FieldSelector = fieldSelector
return podClient.Pods(ns).Watch(ctx, options)
},
}
intr := interrupt.New(nil, cancel)
var result *corev1.Pod
err := intr.Run(func() error {
2020-08-10 17:43:49 +00:00
ev, err := watchtools.UntilWithSync(ctx, lw, &corev1.Pod{}, nil, func(ev watch.Event) (bool, error) {
2020-03-26 21:07:15 +00:00
switch ev.Type {
case watch.Deleted:
return false, errors.NewNotFound(schema.GroupResource{Resource: "pods"}, "")
}
p, ok := ev.Object.(*corev1.Pod)
if !ok {
return false, fmt.Errorf("watch did not return a pod: %v", ev.Object)
}
2020-08-10 17:43:49 +00:00
s := getContainerStatusByName(p, containerName)
if s == nil {
return false, nil
}
klog.V(2).Infof("debug container status is %v", s)
if s.State.Running != nil || s.State.Terminated != nil {
return true, nil
2020-03-26 21:07:15 +00:00
}
return false, nil
})
if ev != nil {
result = ev.Object.(*corev1.Pod)
}
return err
})
return result, err
}
2020-08-10 17:43:49 +00:00
func handleAttachPod(ctx context.Context, f cmdutil.Factory, podClient corev1client.PodsGetter, ns, podName, containerName string, opts *attach.AttachOptions) error {
pod, err := waitForContainer(ctx, podClient, ns, podName, containerName)
2020-03-26 21:07:15 +00:00
if err != nil {
return err
}
opts.Namespace = ns
opts.Pod = pod
opts.PodName = podName
2020-08-10 17:43:49 +00:00
opts.ContainerName = containerName
2020-03-26 21:07:15 +00:00
if opts.AttachFunc == nil {
opts.AttachFunc = attach.DefaultAttachFunc
}
2020-08-10 17:43:49 +00:00
status := getContainerStatusByName(pod, containerName)
if status == nil {
// impossible path
return fmt.Errorf("error getting container status of container name %q: %+v", containerName, err)
2020-03-26 21:07:15 +00:00
}
if status.State.Terminated != nil {
klog.V(1).Info("Ephemeral container terminated, falling back to logs")
return logOpts(f, pod, opts)
}
if err := opts.Run(); err != nil {
fmt.Fprintf(opts.ErrOut, "Error attaching, falling back to logs: %v\n", err)
return logOpts(f, pod, opts)
}
return nil
}
2020-08-10 17:43:49 +00:00
func getContainerStatusByName(pod *corev1.Pod, containerName string) *corev1.ContainerStatus {
allContainerStatus := [][]corev1.ContainerStatus{pod.Status.InitContainerStatuses, pod.Status.ContainerStatuses, pod.Status.EphemeralContainerStatuses}
for _, statusSlice := range allContainerStatus {
for i := range statusSlice {
if statusSlice[i].Name == containerName {
return &statusSlice[i]
}
}
}
return nil
}
2020-03-26 21:07:15 +00:00
// logOpts logs output from opts to the pods log.
func logOpts(restClientGetter genericclioptions.RESTClientGetter, pod *corev1.Pod, opts *attach.AttachOptions) error {
ctrName, err := opts.GetContainerName(pod)
if err != nil {
return err
}
requests, err := polymorphichelpers.LogsForObjectFn(restClientGetter, pod, &corev1.PodLogOptions{Container: ctrName}, opts.GetPodTimeout, false)
if err != nil {
return err
}
for _, request := range requests {
if err := logs.DefaultConsumeRequest(request, opts.Out); err != nil {
return err
}
}
return nil
}