kubernetes
/
kubectl
mirror of https://github.com/kubernetes/kubectl.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #98431 from wawa0210/fix-98253 

fix kubectl alpha debug node does not work on tainted(NoExecute) nodes

Kubernetes-commit: 1affd894cf5357559d64d6da7857b63ed760d3be
This commit is contained in:
Kubernetes Publisher 2021-07-06 21:04:42 -07:00
parent 718c271c44 11174082b3
commit 49b701f670
4 changed files with 53 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
go.mod
View File

@ -31,7 +31,7 @@ require (
github.com/stretchr/testify v1.7.0 github.com/stretchr/testify v1.7.0
golang.org/x/sys v0.0.0-20210616094352-59db8d763f22 golang.org/x/sys v0.0.0-20210616094352-59db8d763f22
gopkg.in/yaml.v2 v2.4.0 gopkg.in/yaml.v2 v2.4.0
k8s.io/api v0.0.0-20210705094346-9f69feafab6a k8s.io/api v0.0.0-20210707054401-2c49f10e0b15
k8s.io/apimachinery v0.0.0-20210701054147-830375057167 k8s.io/apimachinery v0.0.0-20210701054147-830375057167
k8s.io/cli-runtime v0.0.0-20210706175927-064ccf28ed41 k8s.io/cli-runtime v0.0.0-20210706175927-064ccf28ed41
k8s.io/client-go v0.0.0-20210706214629-68cb2ddef93f k8s.io/client-go v0.0.0-20210706214629-68cb2ddef93f
@ -47,7 +47,7 @@ require (
) )
replace ( replace (
k8s.io/api => k8s.io/api v0.0.0-20210705094346-9f69feafab6a k8s.io/api => k8s.io/api v0.0.0-20210707054401-2c49f10e0b15
k8s.io/apimachinery => k8s.io/apimachinery v0.0.0-20210701054147-830375057167 k8s.io/apimachinery => k8s.io/apimachinery v0.0.0-20210701054147-830375057167
k8s.io/cli-runtime => k8s.io/cli-runtime v0.0.0-20210706175927-064ccf28ed41 k8s.io/cli-runtime => k8s.io/cli-runtime v0.0.0-20210706175927-064ccf28ed41
k8s.io/client-go => k8s.io/client-go v0.0.0-20210706214629-68cb2ddef93f k8s.io/client-go => k8s.io/client-go v0.0.0-20210706214629-68cb2ddef93f

4
go.sum
View File

@ -738,8 +738,8 @@ honnef.co/go/tools v0.0.0-20190418001031-e561f6794a2a/go.mod h1:rf3lG4BRIbNafJWh
honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt0JzvZhAg= honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt0JzvZhAg=
honnef.co/go/tools v0.0.1-2020.1.3/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= honnef.co/go/tools v0.0.1-2020.1.3/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k=
k8s.io/api v0.0.0-20210705094346-9f69feafab6a h1:IF+SZibisSFDDUi+Gll4HgpnMjzP2lp6YlymxNtbtdw= k8s.io/api v0.0.0-20210707054401-2c49f10e0b15 h1:KDL/0Eab3o5BswoTN53Hp0H1QFN8RGD/x2ItzJN9l4g=
k8s.io/api v0.0.0-20210705094346-9f69feafab6a/go.mod h1:zoURDvOPW5UMFZr2YUU/sStjYnWSPt+x+MM4R94ATgQ= k8s.io/api v0.0.0-20210707054401-2c49f10e0b15/go.mod h1:zoURDvOPW5UMFZr2YUU/sStjYnWSPt+x+MM4R94ATgQ=
k8s.io/apimachinery v0.0.0-20210701054147-830375057167 h1:fob/j8+uMBIVvyo+9bG7GvjFSj0LX3RNuSXW+RcUrwo= k8s.io/apimachinery v0.0.0-20210701054147-830375057167 h1:fob/j8+uMBIVvyo+9bG7GvjFSj0LX3RNuSXW+RcUrwo=
k8s.io/apimachinery v0.0.0-20210701054147-830375057167/go.mod h1:O3oNtNadZdeOMxHFVxOreoznohCpy0z6mocxbZr7oJ0= k8s.io/apimachinery v0.0.0-20210701054147-830375057167/go.mod h1:O3oNtNadZdeOMxHFVxOreoznohCpy0z6mocxbZr7oJ0=
k8s.io/cli-runtime v0.0.0-20210706175927-064ccf28ed41 h1:0me3gLmsHF+cyQ6tSqfhTkeLNhRyZXEskfdBS+r5C1w= k8s.io/cli-runtime v0.0.0-20210706175927-064ccf28ed41 h1:0me3gLmsHF+cyQ6tSqfhTkeLNhRyZXEskfdBS+r5C1w=

15
pkg/cmd/debug/debug.go
View File

@ -372,7 +372,7 @@ func (o *DebugOptions) Run(f cmdutil.Factory, cmd *cobra.Command) error {
// Returns an already created pod and container name for subsequent attach, if applicable. // Returns an already created pod and container name for subsequent attach, if applicable.
func (o *DebugOptions) visitNode(ctx context.Context, node *corev1.Node) (*corev1.Pod, string, error) { func (o *DebugOptions) visitNode(ctx context.Context, node *corev1.Node) (*corev1.Pod, string, error) {
pods := o.podClient.Pods(o.Namespace) pods := o.podClient.Pods(o.Namespace)
newPod, err := pods.Create(ctx, o.generateNodeDebugPod(node.Name), metav1.CreateOptions{}) newPod, err := pods.Create(ctx, o.generateNodeDebugPod(node), metav1.CreateOptions{})
if err != nil { if err != nil {
return nil, "", err return nil, "", err
} }
@ -518,7 +518,7 @@ func (o *DebugOptions) generateDebugContainer(pod *corev1.Pod) *corev1.Ephemeral
// generateNodeDebugPod generates a debugging pod that schedules on the specified node. // generateNodeDebugPod generates a debugging pod that schedules on the specified node.
// The generated pod will run in the host PID, Network & IPC namespaces, and it will have the node's filesystem mounted at /host. // The generated pod will run in the host PID, Network & IPC namespaces, and it will have the node's filesystem mounted at /host.
func (o *DebugOptions) generateNodeDebugPod(node string) *corev1.Pod { func (o *DebugOptions) generateNodeDebugPod(node *corev1.Node) *corev1.Pod {
cn := "debugger" cn := "debugger"
// Setting a user-specified container name doesn't make much difference when there's only one container, // Setting a user-specified container name doesn't make much difference when there's only one container,
// but the argument exists for pod debugging so it might be confusing if it didn't work here. // but the argument exists for pod debugging so it might be confusing if it didn't work here.
@ -529,9 +529,9 @@ func (o *DebugOptions) generateNodeDebugPod(node string) *corev1.Pod {
// The name of the debugging pod is based on the target node, and it's not configurable to // The name of the debugging pod is based on the target node, and it's not configurable to
// limit the number of command line flags. There may be a collision on the name, but this // limit the number of command line flags. There may be a collision on the name, but this
// should be rare enough that it's not worth the API round trip to check. // should be rare enough that it's not worth the API round trip to check.
pn := fmt.Sprintf("node-debugger-%s-%s", node, nameSuffixFunc(5)) pn := fmt.Sprintf("node-debugger-%s-%s", node.Name, nameSuffixFunc(5))
if !o.Quiet { if !o.Quiet {
fmt.Fprintf(o.Out, "Creating debugging pod %s with container %s on node %s.\n", pn, cn, node) fmt.Fprintf(o.Out, "Creating debugging pod %s with container %s on node %s.\n", pn, cn, node.Name)
} }
p := &corev1.Pod{ p := &corev1.Pod{
@ -559,7 +559,7 @@ func (o *DebugOptions) generateNodeDebugPod(node string) *corev1.Pod {
HostIPC: true, HostIPC: true,
HostNetwork: true, HostNetwork: true,
HostPID: true, HostPID: true,
NodeName: node, NodeName: node.Name,
RestartPolicy: corev1.RestartPolicyNever, RestartPolicy: corev1.RestartPolicyNever,
Volumes: []corev1.Volume{ Volumes: []corev1.Volume{
{ {
@ -569,6 +569,11 @@ func (o *DebugOptions) generateNodeDebugPod(node string) *corev1.Pod {
}, },
}, },
}, },
Tolerations: []corev1.Toleration{
{
Operator: corev1.TolerationOpExists,
},
},
}, },
} }

40
pkg/cmd/debug/debug_test.go
View File

@ -18,13 +18,13 @@ package debug
import ( import (
"fmt" "fmt"
"github.com/spf13/cobra"
"strings" "strings"
"testing" "testing"
"time" "time"
"github.com/google/go-cmp/cmp" "github.com/google/go-cmp/cmp"
"github.com/google/go-cmp/cmp/cmpopts" "github.com/google/go-cmp/cmp/cmpopts"
"github.com/spf13/cobra"
corev1 "k8s.io/api/core/v1" corev1 "k8s.io/api/core/v1"
v1 "k8s.io/api/core/v1" v1 "k8s.io/api/core/v1"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
@ -1027,13 +1027,18 @@ func TestGenerateNodeDebugPod(t *testing.T) {
} }
for _, tc := range []struct { for _, tc := range []struct {
name, nodeName string name string
node *corev1.Node
opts *DebugOptions opts *DebugOptions
expected *corev1.Pod expected *corev1.Pod
}{ }{
{ {
name: "minimum options", name: "minimum options",
nodeName: "node-XXX", node: &corev1.Node{
ObjectMeta: metav1.ObjectMeta{
Name: "node-XXX",
},
},
opts: &DebugOptions{ opts: &DebugOptions{
Image: "busybox", Image: "busybox",
PullPolicy: corev1.PullIfNotPresent, PullPolicy: corev1.PullIfNotPresent,
@ -1070,12 +1075,21 @@ func TestGenerateNodeDebugPod(t *testing.T) {
}, },
}, },
}, },
Tolerations: []corev1.Toleration{
{
Operator: corev1.TolerationOpExists,
},
},
}, },
}, },
}, },
{ {
name: "debug args as container command", name: "debug args as container command",
nodeName: "node-XXX", node: &corev1.Node{
ObjectMeta: metav1.ObjectMeta{
Name: "node-XXX",
},
},
opts: &DebugOptions{ opts: &DebugOptions{
Args: []string{"/bin/echo", "one", "two", "three"}, Args: []string{"/bin/echo", "one", "two", "three"},
Container: "custom-debugger", Container: "custom-debugger",
@ -1115,12 +1129,21 @@ func TestGenerateNodeDebugPod(t *testing.T) {
}, },
}, },
}, },
Tolerations: []corev1.Toleration{
{
Operator: corev1.TolerationOpExists,
},
},
}, },
}, },
}, },
{ {
name: "debug args as container args", name: "debug args as container args",
nodeName: "node-XXX", node: &corev1.Node{
ObjectMeta: metav1.ObjectMeta{
Name: "node-XXX",
},
},
opts: &DebugOptions{ opts: &DebugOptions{
ArgsOnly: true, ArgsOnly: true,
Container: "custom-debugger", Container: "custom-debugger",
@ -1161,6 +1184,11 @@ func TestGenerateNodeDebugPod(t *testing.T) {
}, },
}, },
}, },
Tolerations: []corev1.Toleration{
{
Operator: corev1.TolerationOpExists,
},
},
}, },
}, },
}, },
@ -1169,7 +1197,7 @@ func TestGenerateNodeDebugPod(t *testing.T) {
tc.opts.IOStreams = genericclioptions.NewTestIOStreamsDiscard() tc.opts.IOStreams = genericclioptions.NewTestIOStreamsDiscard()
suffixCounter = 0 suffixCounter = 0
pod := tc.opts.generateNodeDebugPod(tc.nodeName) pod := tc.opts.generateNodeDebugPod(tc.node)
if diff := cmp.Diff(tc.expected, pod); diff != "" { if diff := cmp.Diff(tc.expected, pod); diff != "" {
t.Error("unexpected diff in generated object: (-want +got):\n", diff) t.Error("unexpected diff in generated object: (-want +got):\n", diff)
} }