kubectl debug: Add ability passing additional parameters into profiles

[ardaguclu]

What would you like to be added?

According to the kubectl debug debugging-profiles enhancement proposal, there are/will be pre-determined and static profiles which user can choose via profile flag. This is totally acceptable to avoid lots of feature multiplications and possibly a lot of flag requests to preserve the simplicity of use of debug command.

However, after the discussion in https://github.com/kubernetes/kubectl/issues/1252, the path debug command evolving looks like there will be a need to provide a way to at least support some sort of extensibility in debug profiles via flags(not preferable) or yaml|json files provided by user(preferable and probably need a KEP as stated in issue). Because even though, there are huge number of profiles being added, still users will want to change some part(ie. securityContext?).

Furthermore, downstream CLIs can not easily embrace kubectl debug debugging profiles, because these tools might need different kind of profiles possibly populated by user interaction(exactly the case discussed above and does not matter via flags or files).

I'm proposing a new ExtraArgs field. This field will be passed to applier and will provide a way to customize debugging profiles. Very likely, this field will be empty for current debugging profiles but it will open a door to customize profiles in some circumstances.

To sum up, what I'm proposing in this draft PR https://github.com/kubernetes/kubernetes/pull/111457/files

Why is this needed?

As explained above;

• some(rare?) cases, static debugging profiles might be needed to customize by user
• in the future, users can fully customize some template based profiles

[k8s-ci-robot]

@ardaguclu: This issue is currently awaiting triage.

If a SIG or subproject determines this is a relevant issue, they will accept it by applying the triage/accepted label and provide further guidance.

The triage/accepted label can be added by org members by writing /triage accepted in a comment.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[ardaguclu]

/sig cli

[ardaguclu]

@verb would you mind if I ask your opinions about this feature?. Thanks.

cc: @soltysh @KnVerey @eddiezane @brianpursley

[ardaguclu]

cc: @knight42

[ardaguclu]

/transfer kubectl

[eddiezane]

cc @verb

[k8s-triage-robot]

The Kubernetes project currently lacks enough contributors to adequately respond to all issues and PRs.

This bot triages issues and PRs according to the following rules:

• After 90d of inactivity, lifecycle/stale is applied
• After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
• After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

• Mark this issue or PR as fresh with /remove-lifecycle stale
• Mark this issue or PR as rotten with /lifecycle rotten
• Close this issue or PR with /close
• Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle stale

[k8s-triage-robot]

The Kubernetes project currently lacks enough active contributors to adequately respond to all issues and PRs.

This bot triages issues and PRs according to the following rules:

• After 90d of inactivity, lifecycle/stale is applied
• After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
• After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

• Mark this issue or PR as fresh with /remove-lifecycle rotten
• Close this issue or PR with /close
• Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle rotten

[ardaguclu]

/remove lifecycle/stale

[k8s-triage-robot]

The Kubernetes project currently lacks enough active contributors to adequately respond to all issues and PRs.

This bot triages issues according to the following rules:

• After 90d of inactivity, lifecycle/stale is applied
• After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
• After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

• Reopen this issue with /reopen
• Mark this issue as fresh with /remove-lifecycle rotten
• Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/close not-planned

[k8s-ci-robot]

@k8s-triage-robot: Closing this issue, marking it as "Not Planned".

In response to this:

The Kubernetes project currently lacks enough active contributors to adequately respond to all issues and PRs.

This bot triages issues according to the following rules:

• After 90d of inactivity, lifecycle/stale is applied
• After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
• After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

• Reopen this issue with /reopen
• Mark this issue as fresh with /remove-lifecycle rotten
• Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/close not-planned

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[CharlieC3]

Can this be re-opened? Being able to add a securityContext to an ephemeral container is important to me, otherwise I cannot use them. My only alternative is to expand the security context of the pod's regular containers, but that comes with some obvious security risks I'd like to avoid in the long-run.

[verb]

Can this be re-opened? Being able to add a securityContext to an ephemeral container is important to me, otherwise I cannot use them. My only alternative is to expand the security context of the pod's regular containers, but that comes with some obvious security risks I'd like to avoid in the long-run.

I believe that @ardaguclu is indeed working on a new KEP for this, so I'll reopen.

/reopen /remove-lifecycle rotten

Feel free to close if the the user-defined profiles is being tracked elsewhere, though.

[k8s-ci-robot]

@verb: Reopened this issue.

In response to this:

Can this be re-opened? Being able to add a securityContext to an ephemeral container is important to me, otherwise I cannot use them. My only alternative is to expand the security context of the pod's regular containers, but that comes with some obvious security risks I'd like to avoid in the long-run.

I believe that @ardaguclu is indeed working on a new KEP for this, so I'll reopen.

/reopen /remove-lifecycle rotten

Feel free to close if the the user-defined profiles is being tracked elsewhere, though.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[ardaguclu]

Yes, @verb is right. I have plans to write a KEP for the custom profiling, although I couldn't have found time yet :)

[ardaguclu]

As the comments I dropped in https://github.com/kubernetes/kubectl/issues/1364#issuecomment-1552899075, I'm closing this issue to better manage all requests in the KEP.

/close

[k8s-ci-robot]

@ardaguclu: Closing this issue.

In response to this:

As the comments I dropped in https://github.com/kubernetes/kubectl/issues/1364#issuecomment-1552899075, I'm closing this issue to better manage all requests in the KEP.

/close

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.