Add support for setting security context into ephemeral container specs

[gberche-orange]

As a kubectl-netshoot user, In order to use strace to debug a program (e.g. infering data sent over an encrypted connection) I need an kubectl-netshoot option to craft the ephemeral container with a security context such as "securityContext": {"capabilities": {"add": ["SYS_PTRACE"]}},or

More background into https://betterprogramming.pub/debugging-kubernetes-pods-deep-dive-d6b2814cd8ce

Unfortunately, I didn’t find a way to pass extra permissions to the ephemeral container from kubectl command. So we will construct and send an HTTP request to kube API server without the use of kubectl command.

curl -v -XPATCH -H "Content-Type: application/json-patch+json" \
'http://127.0.0.1:8001/api/v1/namespaces/default/pods/nginx-8f458dc5b-wkvq4/ephemeralcontainers' \
--data-binary @- << EOF
[{
"op": "add", "path": "/spec/ephemeralContainers/-",
"value": {
"command":[ "/bin/sh" ],
"stdin": true, "tty": true,
"image": "nicolaka/netshoot",
"name": "debug-strace",
"securityContext": {"capabilities": {"add": ["SYS_PTRACE"]}},
"targetContainerName": "nginx" }}]
EOF

Now, You can strace without getting permission denied.