dspcap icon indicating copy to clipboard operation
dspcap copied to clipboard

Published 20 hours ago verified publisher icon tdihp

Changed to have to specify namespace and context.

Open ykwyuta opened this issue 4 years ago • 4 comments

I want you to make it mandatory to specify the namespace and context. I find it very dangerous to run a script whose namespace and context are not named. We operate hundreds of Kubernetes clusters on our system, and without explicit context, operators run the risk of accidentally capturing packets in different environments. You may also not be able to deploy privileged containers in the default namespace on clusters that have Pod Security Standards applied.

ykwyuta avatar Oct 06 '21 05:10 ykwyuta

Hi @ykwyuta , thanks for sending this PR! I think supporting namespace is great, , and it is good to also include context, however I'd prefer to have a default value for both, so it always easily work for simpler situations.

Do you think it works for you to have a default following example of projects such as helm? Helm supports --namespace and --kube-context including many other configurations, but always follow the implicit pattern that the current kubectl context does if none is supplied. I'd be happy to make improvement into this direction.

tdihp avatar Nov 08 '21 12:11 tdihp

My apologies @ykwyuta , I didn't check this PR after you made change. I'll check and update.

tdihp avatar Jan 11 '24 02:01 tdihp

@ykwyuta @yukirii I'd like your opinion if it works better that we forward all args of dspcap_start and dspcap_stop to kubectl commands. This way we simply do kubectl "$@" apply -f instead of kubectl --context "$CONTEXT" --namespace "$NAMESPACE"

tdihp avatar Jan 11 '24 09:01 tdihp

I'd prefer that dspcap has a default value and follows to current context of kubectl by default.

This way we simply do kubectl "$@" apply -f instead of kubectl --context "$CONTEXT" --namespace "$NAMESPACE"

Using the method @tdihp suggested, we can easily achieve both using default values and using explicit options when run command.

# Specify namespace explicitly when run dspcap
./dspcap-start --namespace={NAMESPACE}
./dspcap-stop --namespace={NAMESPACE}

# Using default values (following current context)
kubectl config set-context {CONTEXT} --namespace={NAMESPACE}
./dspcap-start
./dspcap-stop

This method is flexible. We can also use other options defined by kubectl options.

# Specify kubeconfig file
./dspcap-start --kubeconfig=/path/to/kubeconfig
./dspcap-stop --kubeconfig=/path/to/kubeconfig

yukirii avatar Jan 15 '24 02:01 yukirii