kubectl icon indicating copy to clipboard operation
kubectl copied to clipboard
verified publisher icon kubernetes

debug: ability to disable health check probes on pod copies

Open rcoup opened this issue 4 years ago • 10 comments

Debugging pods by creating a copy (specifically changing the container image or the running command) can lead to the pod being restarted via liveness & startup health check failures.

eg: if I have a http service with a httpGet liveness probe configured, starting a debug container via kubectl debug myapp -it --copy-to=myapp-debug --container=myapp -- sh won't be listening on a port, and will fail the liveness checks and be restarted, killing my debug shell.

What would you like to be added:

An easy way of disabling liveness & startup probes for debug pod copies, and doing it by default. Longer discussion on readiness probes follows below.

Why is this needed:

Debug shells dying every few seconds is a bit a hindrance to debugging. 😄

Readiness Probes:

These prevent pods from receiving traffic, so they're IMO conceptually useful to keep: if I start a http service in my debug pod with verbose logging enabled, having it receive traffic could be a good idea. Ctrl-C it and it'd go back to being unready and stop receiving traffic. Not copying readiness probes marks the pod as always ready.

Labels aren't copied by default to debug pods, so to get any service traffic routed I need to add labels to my running debug pod.

Alternative viewpoint: if I was making & stepping through test requests with a daemon running in a debugger, kubernetes doing GET /healthz every 3 seconds could be extremely annoying.

Ideas:

  1. Don't copy liveness & startup probes when using --copy-to=, only readiness probes
  2. Don't copy any probes when using --copy-to=.
  3. Adding a --copy-probes=all|none|(liveness|readiness|startup,...) flag, with default as readiness
  4. (3), with default as none

(2) is probably the simplest approach that covers the most use cases.

rcoup avatar Jun 08 '21 09:06 rcoup

/cc @verb

eddiezane avatar Jun 10 '21 19:06 eddiezane

Thanks for the feedback @rcoup. I agree, and I think this is part of a bigger issue where we need a bit more configurability in kubectl debug. I'll add this to the list of issues we're tracking in kubernetes/enhancements#1441.

I think I also agree that your second idea seems like a better default, regardless of the above, but I need to think about it a bit more.

/triage accepted

verb avatar Jun 14 '21 14:06 verb

/assign verb

lauchokyip avatar Aug 20 '21 10:08 lauchokyip

The Kubernetes project currently lacks enough contributors to adequately respond to all issues and PRs.

This bot triages issues and PRs according to the following rules:

  • After 90d of inactivity, lifecycle/stale is applied
  • After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
  • After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

  • Mark this issue or PR as fresh with /remove-lifecycle stale
  • Mark this issue or PR as rotten with /lifecycle rotten
  • Close this issue or PR with /close
  • Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle stale

k8s-triage-robot avatar Nov 18 '21 11:11 k8s-triage-robot

The Kubernetes project currently lacks enough active contributors to adequately respond to all issues and PRs.

This bot triages issues and PRs according to the following rules:

  • After 90d of inactivity, lifecycle/stale is applied
  • After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
  • After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

  • Mark this issue or PR as fresh with /remove-lifecycle rotten
  • Close this issue or PR with /close
  • Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle rotten

k8s-triage-robot avatar Dec 18 '21 12:12 k8s-triage-robot

The Kubernetes project currently lacks enough active contributors to adequately respond to all issues and PRs.

This bot triages issues and PRs according to the following rules:

  • After 90d of inactivity, lifecycle/stale is applied
  • After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
  • After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

  • Reopen this issue or PR with /reopen
  • Mark this issue or PR as fresh with /remove-lifecycle rotten
  • Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/close

k8s-triage-robot avatar Jan 17 '22 12:01 k8s-triage-robot

@k8s-triage-robot: Closing this issue.

In response to this:

The Kubernetes project currently lacks enough active contributors to adequately respond to all issues and PRs.

This bot triages issues and PRs according to the following rules:

  • After 90d of inactivity, lifecycle/stale is applied
  • After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
  • After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

  • Reopen this issue or PR with /reopen
  • Mark this issue or PR as fresh with /remove-lifecycle rotten
  • Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/close

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

k8s-ci-robot avatar Jan 17 '22 12:01 k8s-ci-robot

/reopen /remove-lifecycle rotten

Should be fixed by https://github.com/kubernetes/kubernetes/pull/110526

gautierdelorme avatar Jul 04 '22 14:07 gautierdelorme

@gautierdelorme: Reopened this issue.

In response to this:

/reopen /remove-lifecycle rotten

Should be fixed by https://github.com/kubernetes/kubernetes/pull/110526

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

k8s-ci-robot avatar Jul 04 '22 14:07 k8s-ci-robot

The Kubernetes project currently lacks enough contributors to adequately respond to all issues and PRs.

This bot triages issues and PRs according to the following rules:

  • After 90d of inactivity, lifecycle/stale is applied
  • After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
  • After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

  • Mark this issue or PR as fresh with /remove-lifecycle stale
  • Mark this issue or PR as rotten with /lifecycle rotten
  • Close this issue or PR with /close
  • Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle stale

k8s-triage-robot avatar Oct 02 '22 15:10 k8s-triage-robot

The Kubernetes project currently lacks enough active contributors to adequately respond to all issues and PRs.

This bot triages issues and PRs according to the following rules:

  • After 90d of inactivity, lifecycle/stale is applied
  • After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
  • After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

  • Mark this issue or PR as fresh with /remove-lifecycle rotten
  • Close this issue or PR with /close
  • Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle rotten

k8s-triage-robot avatar Nov 01 '22 15:11 k8s-triage-robot

The Kubernetes project currently lacks enough active contributors to adequately respond to all issues and PRs.

This bot triages issues according to the following rules:

  • After 90d of inactivity, lifecycle/stale is applied
  • After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
  • After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

  • Reopen this issue with /reopen
  • Mark this issue as fresh with /remove-lifecycle rotten
  • Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/close not-planned

k8s-triage-robot avatar Dec 01 '22 16:12 k8s-triage-robot

@k8s-triage-robot: Closing this issue, marking it as "Not Planned".

In response to this:

The Kubernetes project currently lacks enough active contributors to adequately respond to all issues and PRs.

This bot triages issues according to the following rules:

  • After 90d of inactivity, lifecycle/stale is applied
  • After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
  • After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

  • Reopen this issue with /reopen
  • Mark this issue as fresh with /remove-lifecycle rotten
  • Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/close not-planned

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

k8s-ci-robot avatar Dec 01 '22 16:12 k8s-ci-robot