* feat(debug): add more profiles
Signed-off-by: Jian Zeng <anonymousknight96@gmail.com>
* feat(debug): implment serveral debugging profiles
Including `general`, `baseline` and `restricted`.
I plan to add more profiles afterwards, but I'd like to get early
reviews.
Signed-off-by: Jian Zeng <anonymousknight96@gmail.com>
* test: add some basic tests
Signed-off-by: Jian Zeng <anonymousknight96@gmail.com>
* chore: add some helper functions
Signed-off-by: Jian Zeng <anonymousknight96@gmail.com>
* ensure pod copies always get their probes cleared
not wanting probes to be present is something we want
for all the debug profiles; so an easy place to implement
this is at the time of pod copy generation.
* ensure debug container in pod copy is added before the profile application
The way that the container list modification was defered causes the
debug container to be added after the profile applier runs. We now
make sure to have the container list modification happen before
the profile applier runs.
* make switch over pod copy, ephemeral, or node more clear
* use helper functions
added a helper function to modify a container out of a list that
matches the provided container name.
also added a helper function that adds capabilities to container
security.
* add tests for the debug profiles
* document new debugging profiles in command line help text
* add file header to profiles_test.go
* remove URL to KEP from help text
* move probe removal to the profiles
* remove mustNewProfileApplier in tests
* remove extra whiteline from import block
* remove isPodCopy helper func
* switch baselineProfile to using the modifyEphemeralContainer helper
* rename addCap to addCapability, and don't do deep copy
* fix godoc on modifyEphemeralContainer
* export DebugOptions.Applier for extensibility
* fix unit test
* fix spelling on overriden
* remove debugStyle facilities
* inline setHostNamespace helper func
* remove modifyContainer, modifyEphemeralContainer, and remove probes
their logic have been in-lined at call sites
* remove DebugApplierFunc convenience facility
* fix baseline profile implementation
it shouldn't have SYS_PTRACE base on
https://github.com/kubernetes/enhancements/tree/master/keps/sig-cli/1441-kubectl-debug#profile-baseline
* remove addCapability helper, in-lining at call sites
* address Arda's code review comments
1 use Bool instead of BoolPtr (now deprecated)
2 tweak for loop to continue when container name is not what we expect
3 use our knowledge on how the debug container is generated to simplify
our modification to the security context
4 use our knowledge on how the pod for node debugging is generated to no
longer explicit set pod's HostNework, HostPID and HostIPC fields to
false
* remove tricky defer in generatePodCopyWithDebugContainer
* provide helper functions to make debug profiles more readable
* add note to remind people about updating --profile's help text when adding new profiles
* Implement helper functions with names that improve readability
* add styleUnsupported to replace debugStyle(-1)
* fix godoc on modifyContainer
* drop style prefix from debugStyle values
* put VisitContainers in podutils & use that from debug
* cite source for ContainerType and VisitContainers
* pull in AllContainers ContainerType value
* have VisitContainer take pod spec rather than pod
* in-line modifyContainer
* unexport helper funcs
* put debugStyle at top of file
* merge profile_applier.go into profile.go
* tweak dropCapabilities
* fix allowProcessTracing & add a test for it
* drop mask param from help funcs, since we can already unambiguous identify the container by name
* fix grammar in code comment
---------
Signed-off-by: Jian Zeng <anonymousknight96@gmail.com>
Co-authored-by: Jian Zeng <anonymousknight96@gmail.com>
Kubernetes-commit: d35da348c60a3c7505419741f2546ff8b0e38454
If gomega.Eventually/Consistently run into a situation where it observes some
state of e.g. a pod which does not satisfy the condition and then further
polling fails with API server errors, gomega will report both the most recent
pod state and API error instead of just the API error.
Kubernetes-commit: aa1279b5eb79177f5351368d8d9159982b1bfb5e
Bumping version to include changes that
better handle TLS errors. Bump nescessary
to prepare for when the version of Go is
bumped to 1.20
Signed-off-by: Madhav Jivrajani <madhav.jiv@gmail.com>
Kubernetes-commit: 8b064fa4be71b5f1b498fabb5caade3c57f5d434
The new ginkgo release adds sorting of specs. This was triggered by
the observation that parallel test execution of Kubernetes E2E tests
sometimes ran the same spec twice and (presumably) other specs not at all
because spec order was random due to iteration over a map.
Sorting should avoid that problem.
Kubernetes-commit: baf832d80d798d53ceb7d4de3a39330c6eda5c6a
Matches same behavior as for kubectl apply
Signed-off-by: Daniel Lenar <dlenar@vailsys.com>
Kubernetes-commit: d53af227870a8e4434a0bf2f58770ec4dbec241f
Anish Ramasekar
Shang Jian Ding
Kubernetes Publisher
Artem Minyaylov
Sergey Kanzhelev
Thomas Guettler
Alexander Zielenski
Patrick Ohly
kidddddddddddddddddddddd
Sean Sullivan
Mike Danese
Jordan Liggitt
David Porter
Amir Alavi
Madhav Jivrajani
Olivier Lemasle
Daniel Lenar