As the move towards using `restClientGetter` interface instead
gigantic `cmd.Factory`, this PR does that change.
Kubernetes-commit: f5b0d728c59fbcca571e4a21ca2f473149e72f03
Since, `explicitNamespace` is set by kubeconfig automatically, we can
safely add this field into ignore list.
Kubernetes-commit: c40f9f8bbb34d9bc58dbf8e6c7f664aacb0c5b91
Currently `kubectl debug` only supports passing names in command line.
However, users might want to pass resources in files by passing `-f` flag like
in all other kubectl commands.
This PR adds this ability.
Kubernetes-commit: e0fedec69d494cf02ac99a83733d7d92f6cc0c51
* feat(debug): add more profiles
Signed-off-by: Jian Zeng <anonymousknight96@gmail.com>
* feat(debug): implment serveral debugging profiles
Including `general`, `baseline` and `restricted`.
I plan to add more profiles afterwards, but I'd like to get early
reviews.
Signed-off-by: Jian Zeng <anonymousknight96@gmail.com>
* test: add some basic tests
Signed-off-by: Jian Zeng <anonymousknight96@gmail.com>
* chore: add some helper functions
Signed-off-by: Jian Zeng <anonymousknight96@gmail.com>
* ensure pod copies always get their probes cleared
not wanting probes to be present is something we want
for all the debug profiles; so an easy place to implement
this is at the time of pod copy generation.
* ensure debug container in pod copy is added before the profile application
The way that the container list modification was defered causes the
debug container to be added after the profile applier runs. We now
make sure to have the container list modification happen before
the profile applier runs.
* make switch over pod copy, ephemeral, or node more clear
* use helper functions
added a helper function to modify a container out of a list that
matches the provided container name.
also added a helper function that adds capabilities to container
security.
* add tests for the debug profiles
* document new debugging profiles in command line help text
* add file header to profiles_test.go
* remove URL to KEP from help text
* move probe removal to the profiles
* remove mustNewProfileApplier in tests
* remove extra whiteline from import block
* remove isPodCopy helper func
* switch baselineProfile to using the modifyEphemeralContainer helper
* rename addCap to addCapability, and don't do deep copy
* fix godoc on modifyEphemeralContainer
* export DebugOptions.Applier for extensibility
* fix unit test
* fix spelling on overriden
* remove debugStyle facilities
* inline setHostNamespace helper func
* remove modifyContainer, modifyEphemeralContainer, and remove probes
their logic have been in-lined at call sites
* remove DebugApplierFunc convenience facility
* fix baseline profile implementation
it shouldn't have SYS_PTRACE base on
https://github.com/kubernetes/enhancements/tree/master/keps/sig-cli/1441-kubectl-debug#profile-baseline
* remove addCapability helper, in-lining at call sites
* address Arda's code review comments
1 use Bool instead of BoolPtr (now deprecated)
2 tweak for loop to continue when container name is not what we expect
3 use our knowledge on how the debug container is generated to simplify
our modification to the security context
4 use our knowledge on how the pod for node debugging is generated to no
longer explicit set pod's HostNework, HostPID and HostIPC fields to
false
* remove tricky defer in generatePodCopyWithDebugContainer
* provide helper functions to make debug profiles more readable
* add note to remind people about updating --profile's help text when adding new profiles
* Implement helper functions with names that improve readability
* add styleUnsupported to replace debugStyle(-1)
* fix godoc on modifyContainer
* drop style prefix from debugStyle values
* put VisitContainers in podutils & use that from debug
* cite source for ContainerType and VisitContainers
* pull in AllContainers ContainerType value
* have VisitContainer take pod spec rather than pod
* in-line modifyContainer
* unexport helper funcs
* put debugStyle at top of file
* merge profile_applier.go into profile.go
* tweak dropCapabilities
* fix allowProcessTracing & add a test for it
* drop mask param from help funcs, since we can already unambiguous identify the container by name
* fix grammar in code comment
---------
Signed-off-by: Jian Zeng <anonymousknight96@gmail.com>
Co-authored-by: Jian Zeng <anonymousknight96@gmail.com>
Kubernetes-commit: d35da348c60a3c7505419741f2546ff8b0e38454
Matches same behavior as for kubectl apply
Signed-off-by: Daniel Lenar <dlenar@vailsys.com>
Kubernetes-commit: d53af227870a8e4434a0bf2f58770ec4dbec241f
* Wire generic context to better handle timeout
* Add integration test for wait timeout
* kubectl wait: Fix integration test always passing issue
Currently, `kubectl wait` integration test always passes even if
it gets an error. Problem is object check is done after errexit is
turned off.
This PR redirects error to output and correctly assures that
object is expected status and if it is not, test should fail.
Kubernetes-commit: 369534c6ec625ed9b251b453215c9578cdeb59bc
`rollout restart` command calculates patches according to the
`kubectl.kubernetes.io/restartedAt` annotation whose time format is
RFC3339. That is sufficient for users. However, if automated scripts
execute `rollout restart` in multiple times within second, commands fails
by returning an error "empty patch".
This PR changes error message to more descriptive format to warn users
that rollout restart does not work subsequent execution within second.
Kubernetes-commit: fb3d9e3ac9d244047efa411e9e6ae162692ad79e
Currently, if user executes `kubectl scale --dry-run`, output has no
indicator showing that this is not applied in reality.
This PR adds dry run suffix to the output as well as more integration
tests to verify it.
Kubernetes-commit: 76ee3788ccbac9003e3f24de9000ebd91c27611f
`kubectl scale` calls visitor two times. Second call fails when
the piped input is passed by returning an
`error: no objects passed to scale` error.
This PR uses the result of first visitor and fixes that piped
input problem. In addition to that, this PR also adds new
scale test to verify.
Kubernetes-commit: 13be899b422a1f68c38e3a9c9d88831db709a32d
`kubectl exec` command supports getting files as inputs. However,
if the file contains multiple resources, it returns unclear error message;
`cannot attach to *v1.List: selector for *v1.List not implemented`.
Since `exec` command does not support multi resources, this PR
handles that and returns descriptive error message earlier.
Kubernetes-commit: 832644f0b38d536be7a5adce9bc62b0902710091
Change i18n.T() to load translations if they have not yet been loaded.
Added new integration tests to test help output translation.
Kubernetes-commit: c0dea5e31af856ed96b8257b5caa952161c8a05b
Changes in kubectl apply --prune to support k8s Inclusive Naming Initiative:
* Deprecated the --prune-whitelist flag.
* Deprecated the PruneWhitelist field on ApplyFlags struct.
* Removed PruneWhitelist field (not used anywhere) from ApplyOptions struct.
* Added --prune-allowlist flag.
* Added PruneAllowlist field on ApplyFlags struct.
* Added unit tests for prune with allowlist
This commit also fixes a bug where the command would fail if you specified
the sameGVK multiple times for --allow-whitelist. Now it only attempts to
prune the unique set of allowed GVKs.
Kubernetes-commit: f7ebf4d8852d4500f24100ca9a4ca665efc1fada
* Add RedactSecrets function
* Move RedactSecrets method to existing RawBytesData case
* Update TestRedactSecrets to use new pattern of os.CreateTemp()
Kubernetes-commit: e721272d10dd6c4d85ff613182ba0eaddcec9272
Cobra provides support for completion descriptions for bash.
It was turned off because of a bug with certain bash menu options which
have been fixed by Cobra 1.3.0.
Signed-off-by: Marc Khouzam <marc.khouzam@gmail.com>
Kubernetes-commit: d72926d4915133550e41de1252fe2a4aa0aa3745
The --cascade flag, has no practical effect when used, so it is being deprecated.
The following flags, which are unused and ignored by kubectl run,
have been deprecated:
--filename
--force
--grace-period
--kustomize
--recursive
--timeout
--wait
Kubernetes-commit: 09804a198c64f0a738ede28e0b2cb045d16980fc
Mark remotecommand.Executor as deprecated and related modifications.
Handle crash when streamer.stream panics
Add a test to verify if stream is closed after connection being closed
Remove blank line and update waiting time to 1s to avoid test flakes in CI.
Refine the tests of StreamExecutor according to comments.
Remove the comment of context controlling the negotiation progress and misc.
Signed-off-by: arkbriar <arkbriar@gmail.com>
Kubernetes-commit: 42808c8343671e6783ba4c901dcd619bed648c3d
This PR changes `kubectl apiresources` command by using restclientgetter
instead of cmdutil.Factory for loose coupling and a couple of minor refactorings.
This PR also unleashes migration of other commands depending on apiresources
via completion.
Kubernetes-commit: 50c93bfe04557eccb38b46cc4b99a6a3ec13f85b
certificates/v1beta1 was deprecated in 1.19 and we can safely clear it's
dependencies in `kubectl certificates` command.
Kubernetes-commit: 48b8ee0d3ba40a19d40a7404f890031fe22bc111
When doing completion for arguments or flags for a plugin, kubectl will
call "kubectl_complete-<plugin>" to obtain the list of completions.
For example, for "krew" plugin, when the user triggers completion using:
$ kubectl krew <tab><tab>
kubectl will look for an executable file called "kubectl_complete-krew".
This file should print the list of valid completions for the plugin to
stdout. Using cobra.ShellCompDirective as the last line of the output
is supported as is done by Cobra.
We also clear global flags when doing plugin completion because plugins
don't necessarily accept the global kubectl flags. If some plugins do,
they will need to include such flags in their kubectl_complete-<plugin>
output.
Signed-off-by: Marc Khouzam <marc.khouzam@montreal.ca>
Kubernetes-commit: befc8da7efa5d961d9ade4eadc706292c7ca5a64
This commit allows us to get shell completion for kubectl plugins.
For example, with the use of a plugin named 'kubectl-krew', completing
kubectl k<tab>
will include 'krew' in the list of possible completions.
Because the shell completion scripts are generated by Cobra, this commit
took the approach of registering every plugin as a Cobra command. This
makes Cobra aware of each plugin command when generating completions.
For efficiency, searching for plugins and registering them as Cobra
commands is only done when needed, which is when calling the
'kubectl completion' command in the case of bash, as it includes all
commands and subcommands directly in the bash generated script.
For the other shells, this will need to be done for the
'kubectl __complete' command, in a follow-up command.
Co-authored-by: Marc Khouzam <marc.khouzam@montreal.ca>
Signed-off-by: Kazuki Suda <kazuki.suda@gmail.com>
Kubernetes-commit: 3db3ff53cdf4b106365c5de9194153fc371868a7
Add categories column to show which categories each
resource type belongs to.
Add --categories flag to allow filtering the output to
a specific category or set of categories.
Change verbs column to display verbs in a comma-delimited
list, consistent with other multi-value columns in the output.
Kubernetes-commit: a1330a405497479ea30319258e75435ba8321d61
`kubectl patch` commands fails when patch type is strategic merge
patch for CRDs. This PR handles `UnsupportedMediaType` error and
shows descriptive message to user.
Kubernetes-commit: dc2c0ad831f71349befdfa57d4367c4ea57d4a6c
Fix rollout history bug where the latest revision was
always shown when requesting a specific revision and
specifying an output.
Add unit and integration tests for rollout history.
Kubernetes-commit: 693e1299a6a75ffe358c41626532cdf2567c267b
To preserve loose coupling, it is needed to pass `RESTClientGetter`
instead `cmdutil.Factory` for all kubectl commands.
This PR removes `cmdutil.Factory` usage in `cluster-info` command and
instead passes `RESTClientGetter`.
Kubernetes-commit: 60680fc1d5458994aa29892e581aaf966d64ae91
To preserve loose coupling, it is needed to pass `RESTClientGetter`
instead `cmdutil.Factory` for all kubectl commands.
This PR removes `cmdutil.Factory` usage and instead
passes `RESTClientGetter` as well as required changes in unit tests.
Kubernetes-commit: 55cb8ba1ebe68d2fa6b33f1e474419b895eb31ea
Currently `kubectl apply` determines correct patch type for given
GVKs by trying to register schema and if it succeeds, it uses
strategic-merge-patch.
But OpenAPI endpoint already stores which patch types are supported
by GVKs. This PR checks OpenAPI endpoint to retrieve patch type,
if OpenAPI is enabled. If it is not enabled, patch type determination
will be done as conventional registration method.
Kubernetes-commit: cddbb0c56397448ac0489f0473a26601c1feece8
* Prepend reactor not watch reactor
This forces the object to be created first it looks like, avoiding a race condition in testing.
Use PrependReactor instead of PrependWatchReactor
Decrease test timeouts
No need to be this long
Revert use of new scheme to reuse same scheme for all tests
Allow 1 to 2 actions in stale observed generation failure
Allow range of test action lengths
Reduce test flakiness
Fix TestWaitForJSONPathCondition/handles_watch_condition_change
Set delete wait options properly
cherry pick original changes back into branch
* Revert delete timeout setting change
* Remove validateActions functions
* Remove go-spew
Kubernetes-commit: dcc54dec19fa5f4605cf679af5289b173ce6015f
In order to promote kubectl alpha events to beta,
it should at least support flags which is already
supported by kubectl get events as well as new flags.
This PR adds;
--output: json|yaml support and does essential refactorings to
integrate other printing options easier in the future.
--no-headers: kubectl get events can hide headers when this flag is set for default printing.
Adds this ability to hide headers also for kubectl alpha events.
This flag has no effect when output is json or yaml for both commands.
--types: This will be used to filter certain events to be printed and
discard others(default behavior is same with --event=Normal,Warning).
Kubernetes-commit: 63b8684cd32f96f3a1e5c5a5fd05e8194f2140fc
Changes kubectl diff to exclude managedFields by default.
Adds a new --show-managed-fields flag that allows you to
include managed fields in the diff.
Kubernetes-commit: e88470c31f74cbb1ed685ef1bc2ba91e74fc1c5e
- Run hack/update-codegen.sh
- Run hack/update-generated-device-plugin.sh
- Run hack/update-generated-protobuf.sh
- Run hack/update-generated-runtime.sh
- Run hack/update-generated-swagger-docs.sh
- Run hack/update-openapi-spec.sh
- Run hack/update-gofmt.sh
Signed-off-by: Davanum Srinivas <davanum@gmail.com>
Kubernetes-commit: a9593d634c6a053848413e600dadbf974627515f
This PR adds validation to check that `dry-run` and `force` flags
are not used at the same time. Because when `force` flag is set,
`dry-run` is discarded and objects are replaced already.
Kubernetes-commit: e389b2723e6af29a9f70509fe8ff6e5121c30681
* move to using informers for getObjAndCheckCondition
* move to using informers for IsDeleted
* update tests to handle new informer methodology
* set minimum timeout to 1s because informer can't handle less for caching reasons
* fix null return for deletes issue
Kubernetes-commit: 171431ca2c009c0a576fa288b7df892b59299389
This commit makes adjustments in rollout status command to make it
unit testable. In addition to that, unit tests for rollout status
command is added.
Kubernetes-commit: f21e5983a95ab4e72aa0ddd9ae465a613490b422
This commit removes passing source field as parameter. Instead,
this commit returns error verb and error functions to caller function.
Caller function can add source field by generating correct message.
Kubernetes-commit: d336f7df874dc978ebd97971e1fc93d891c21e7d
Patch type determination is done by checking existence
of resource in schema and if it exists, it uses strategic merge patch.
Otherwise, like for CRDs, it uses merge patch type.
Currently, this code portion is not easily extensible and this PR
splits required checks into their own function to increase extensibility.
Kubernetes-commit: 15512210e3e14b0c827d13334394d658dc7ddc88
The following flags, which do not apply to kubectl run,
have been removed:
--cascade
--filename
--force
--grace-period
--kustomize
--recursive
--timeout
--wait
These flags were being added to the run command to support
pod deletion after attach, but they are not used if set, so
they effectively do nothing.
This PR also displays an error message if the pod fails to be
deleted (when the --rm flag is used). Previously any error
during deletion would be suppressed and the pod would remain.
This PR also adds some unit tests for run and attach with and
without the --rm flag. As such, some minor refactoring of the
run command has been done to support mocking dependencies.
Kubernetes-commit: 25e713ba777ec1158fad749e9467601526ba096a
validate flag does not have default value defined when there is no
parameter passed, therefore it tries to use next irrelevant flag.
This PR defines NoOptDefVal for validate flag which is set "strict".
Kubernetes-commit: 0245e74590a658ea911f1e5cacd270960883af2d
Validate function is used to validate command options and should not get
any additional parameter. To preserve compatibility across all
kubectl commands, this PR removes all parameters in validate functions.
Kubernetes-commit: 8fb423bfabe0d53934cc94c154c7da2dc3ce1332
* Do not propose to use '--overwrite' when labeling with the same value
* Check expected error value in label_test.TestLabelFunc
Kubernetes-commit: 10eb7092f854c71122c03752465e868bce23c0b6
* Fix: kubectl create -f and kubectl delete -f are not glob friendly
* gofmt fix
* removing unused receiver
* adding extra test
* log paths used
* fixing bad merge
* klog/v2 mod
* rebase fixes
* better error fmt
* error fmt unit test
* PR comments and tests
* Add reference to globbing to help snippets
Kubernetes-commit: 2cb3c7f706dbf266820fbde2e1b23a320e5d3de7
ServerResources function was deprecated and instead ServerGroupsAndResources
function is suggested.
This PR removes ServerResources function and move every place to use ServerGroupsAndResources.
Kubernetes-commit: ef39a8914291ba200bd5486c88a7575ffd4b7d1d
This commit teaches the shell completion logic how to handle the
<type>/<name> form for resource specification.
It also teaches the 'exec' command how to complete its '--container/-c'
flag using container names.
Also, for commands that work on pods, kubectl will now also suggest
completion choices of the form <type>/<name> for resource types that
contain pods (see below for more details).
The following commands can now have completion of the <type>/<name>
form. Commands that accept any resource type:
annotate
apply edit-last-applied
apply view-last-applied
delete
describe
edit
get
label
patch
Commands that accept a subset of resource types:
autoscale
expose
rollout history
rollout pause
rollout restart
rollout resume
rollout status
rollout undo
scale
taint
Commands that apply to resource types that contain pods:
attach
exec
logs
port-foward
For these last four commands, the possible resource types are now
included in the completion choices. For example:
kubectl exec d<TAB>
will suggest
daemonsets/ deployments/
Signed-off-by: Marc Khouzam <marc.khouzam@montreal.ca>
Kubernetes-commit: cf66f5c3cbd0a0e2f223af438ee4c6bc7e4a907c
Some of these changes are cosmetic (repeatedly calling klog.V instead of
reusing the result), others address real issues:
- Logging a message only above a certain verbosity threshold without
recording that verbosity level (if klog.V().Enabled() { klog.Info... }):
this matters when using a logging backend which records the verbosity
level.
- Passing a format string with parameters to a logging function that
doesn't do string formatting.
All of these locations where found by the enhanced logcheck tool from
https://github.com/kubernetes/klog/pull/297.
In some cases it reports false positives, but those can be suppressed with
source code comments.
Kubernetes-commit: edffc700a43e610f641907290a5152ca593bad79
to match their kubectl config subcommand names and reflect that they
are used for setting values, not just creating.
Deprecated NewCmdConfigSetAuthInfo in favor of NewCmdConfigSetCredentials.
Did some minor refactoring of one of the complete functions to eliminate
an unused argument and not wrap returned errors that do not add detail.
Kubernetes-commit: 48007fc32bb473d1d0d7d7c24b9daa2157e433d1
This PR removes `DiscoveryClient` field in diff command. Because
it is not used anywhere in diff command.
Kubernetes-commit: 5fdf97ad8e3a9b7a16479a5ec4ebff3d38c55a18
Expiration seconds is great for an unambiguous REST API. It it not
a great input for a command line meant to be used by humans.
Signed-off-by: Monis Khan <mok@vmware.com>
Kubernetes-commit: 6b9d556c9dc1fca37349833d38f8921f436e1874
* kubectl debug: print container messages
This provides feedback to the user, for example that the server is
unable to pull the debug container image.
* Label debug container updates as warnings
Co-authored-by: Eddie Zaneski <eddiezane@gmail.com>
Co-authored-by: Eddie Zaneski <eddiezane@gmail.com>
Kubernetes-commit: 90956e6d3e9df02d932f9954911b89a3fd1619fb
When it initially landed in kubernetes/kubernetes@c6e9ad066e (Initial
node drain implementation for #3885, 2015-08-30,
kubernetes/kubernetes#16698), the drain logic looked in a created-by
annotation for recognized kinds [1], so listing the set of recognized
kinds was a clear approach.
Sometime later, the source moved into ownerReferences, but the
hard-coded set of recognized controller kinds remained.
When kubernetes/kubernetes@2f1108451f (Remove hard-coded
pod-controller check, 2017-12-05, kubernetes/kubernetes#56864) removed
the hard-coded set of recognized controller kinds, it should have also
updated these messages to remove stale references to the previous
hard-coded values. This commit catches the message strings up with
that commit.
[1]: c6e9ad066e (diff-211259b8a8ec42f105264c10897dad48029badb538684e60e43eaead68c3d219R216)
Kubernetes-commit: 587f4f04cc5fc18f4e85ed6a4a06bbf1bfee0496
When CRDs are deleted, discovery local cache is not invalidated.
This brings about `resource not found` error when new CRD with same name is created
with different fields(ie. changing scope from cluster-wide to namespaced).
Because this already deleted CRD still stays in serverresources.json and kubectl tries to use it.
This local cached files have 10 minutes TTL. After deletion, if user waits 10 minutes,
files will be expired and deleted and there will be no errors. However, 10 minutes is a long time
and cache needs to be invalidated after deletion occurs.
This PR adds a document into delete command by noting that there might be a need to invalidate discovery
cache when CRD is deleted. In addition to that this PR adds a test to catch this behavior.
Kubernetes-commit: 43d8b3459baec794c8a3a858c04f1562a09886a3
* add test case for issue 106277 - fix edit of non-registered custom API types
* remove unneeded struct, as suggested
Kubernetes-commit: ea2dff12e6df93ac27684707ea48f7781eb669b5
* cmd/kubectl: make 'kubectl logs' default to the first container.
While running 'kubectl logs <pod>', If '-c' is omited and the pod has more than one container, and no default container can be determined from annotations, this command shows an error message and exits. With this fix, it defaults to the first container in such scenarios and show its logs. This aligns behavior with what 'kubectl exec' does currently, and is more in line with KEP SIG-CLI 2227 design.
* fix unit test(forgotten)
* fix spelling typo
Kubernetes-commit: 0977a5d7cda59d5bd324bf2730846905e072fbbf
When the wait command was added in 76794643c5 (add wait, 2018-05-18, #64034),
this comparison was via ToLower. It moved to use Unicode case folding
[1,2] in f4940cf55f (Staticcheck:
vendor/k8s.io/kubectl/pkg/scale|describe/versioned|cmd/top|cmd/util/editor|cmd/top,
2020-01-21, #87403).
[1]: https://pkg.go.dev/strings#EqualFold
[2]: http://www.unicode.org/reports/tr30/tr30-1.html
Kubernetes-commit: f69d52338b21da938021af37f49f49a83016534d
This is a follow up to #105520 which only changed the new default config flags in the `NewKubectlCommand` function if `kubeConfigFlags == nil`. However they are not nil because they were initialized before here:
2fe968deb6/staging/src/k8s.io/kubectl/pkg/cmd/cmd.go (L97)
This fix uses the same defaults for both functions
Signed-off-by: Jonny Langefeld <jonny.langefeld@gmail.com>
Kubernetes-commit: c4fbd35cf4bdc76b86dd74e468b69328f5aa20f9
* Enable setting proxyurl in kubeconfig via kubectl config
This PR enables setting `proxy-url` in kubeconfig via kubectl config.
* Add godoc for proxy-url unit tests
Kubernetes-commit: afdde383210294c3da573decc44b5ce55cffcb94
For 1.23, we removed the kubectl `--dry-run` empty default value (`--dry-run`)
and boolean values (`--dry-run=true` and `--dry-run=false`). This change
required requiring users to specify `--dry-run=client` or `--dry-run=server`
due to a deprecation. This change was made in #105327.
After reconsideration, this change is not worth the churn for users.
It's likely that many users rely on these values for automated and manual use
cases.
This change reverts #105327 and re-introduces the values `--dry-run`,
`--dry-run=true`, and `--dry-run=false`.
Kubernetes-commit: cc4998b2b131ca9906b847600bd5ad3be70eff3a
This PR does some refactors for diff/prune;
- GetRESTMappings takes value array instead reference
- Move getObjectName into diff instead prune
- License, etc. changes
Kubernetes-commit: 6c449dd272c95f2aeb3bb77e67d312d8df21bd62
This PR introduces new prune and it's dependent parameters to simulate
`kubectl apply --prune` command.
Kubernetes-commit: 56c19f1056ad6d4a4bb926fe90e37f56a31c4e2f
Arda Güçlü