kubectl icon indicating copy to clipboard operation
kubectl copied to clipboard
verified publisher icon kubernetes

Kubectl debug - allow to specify image pull secret

Open mb-stx opened this issue 1 year ago • 11 comments

This is a Feature Request

What would you like to be added Add new option to kubectl debug command to be able to specify image pull secret. Currently (v 1.31) there is only the option to specify image and image pull policy, but image pull secret is missing.

Why is this needed When running in air-gapped environments images are pulled from internal repositories often by using credentials. In this case kubectl debug command is not usable, because image is not publicly available and it fails with ImagePull error. In general this will allow to debug pods in more restricted environments.

Comments

Thanks!

mb-stx avatar Oct 03 '24 13:10 mb-stx

This issue is currently awaiting triage.

SIG Docs takes a lead on issue triage for this website, but any Kubernetes member can accept issues by applying the triage/accepted label.

The triage/accepted label can be added by org members by writing /triage accepted in a comment.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

k8s-ci-robot avatar Oct 03 '24 13:10 k8s-ci-robot

/transfer kubernetes

(Doesn't look like a docs issue)

dipesh-rawat avatar Oct 03 '24 16:10 dipesh-rawat

/sig cli

mb-stx avatar Oct 03 '24 17:10 mb-stx

/area kubectl

SayakMukhopadhyay avatar Oct 09 '24 11:10 SayakMukhopadhyay

@chengjoey to the best of my knowledge, it does not belong to the API. Image pull secrets are at the pod level not the container so in this case it's rather a cli issue.

sgaist avatar Oct 14 '24 19:10 sgaist

@chengjoey to the best of my knowledge, it does not belong to the API. Image pull secrets are at the pod level not the container so in this case it's rather a cli issue.

oh Yes, I mixed up the fields. I will delete my comment to avoid any impact. Thank you for your reply.

chengjoey avatar Oct 15 '24 01:10 chengjoey

/transfer kubectl

ardaguclu avatar Oct 15 '24 10:10 ardaguclu

I dropped my comments about this issue in https://github.com/kubernetes/kubernetes/pull/128061#discussion_r1800868011. I'll mark triage/accepted with a note that this requires an agreement on the KEP before any PR.

/triage accepted /priority backlog

ardaguclu avatar Oct 15 '24 10:10 ardaguclu

is there an update on when this will be available? I am facing the same issue, and do see the PR is open for it

JunaidChaudry avatar Apr 21 '25 18:04 JunaidChaudry

@JunaidChaudry the progress is tracked here: https://github.com/kubernetes/kubernetes/pull/131130

bdnr avatar Apr 22 '25 06:04 bdnr

As a workaround, patching the default service account in the namespace where the debug pod is launched worked for me: kubectl patch serviceaccounts default -p '{"imagePullSecrets": [{"name": "<secret name>"}]}'

engedics avatar Oct 30 '25 16:10 engedics