ADD: add the pod labels configmap in fork mode

Author: calmkart

README.md

@@ -85,6 +85,12 @@ kubectl debug POD_NAME --agentless
 # you can fork a new pod and diagnose the problem in the forked pod
 kubectl debug POD_NAME --fork
 
+# in fork mode, if you want to copy pod with labels,you can use kubernetes configMap to set labels
+# configmap's data need to be labels key:value 
+# configMap name use --pod-labels-configmap-name to set, default is kubectl-debug-pod-labels-configmap
+# configMap namespace use --pod-labels-configmap-namespace to set, default is default
+kubectl debug POD_NAME --fork --pod-labels-configmap-name <k8s_configmap_name> --pod-labels-configmap-namespace <namespace>
+
 # if the node ip is not directly accessible, try port-forward mode
 kubectl debug POD_NAME --port-forward --daemonset-ns=kube-system --daemonset-name=debug-agent
 
@@ -105,6 +111,23 @@ Example:
 # https://kubernetes.io/docs/concepts/configuration/secret/
 echo -n '{Username: calmkart, Password: calmkart}' > ./registrySecret.txt
 kubectl create secret generic kubectl-debug-registry-secret --from-file=./registrySecret.txt
+
+# how to create a pod labels configmap in fork mode
+# take the labels <calmkart=calmkart, test=test, app=app> as an example
+# refer to the official kubernetes documentation for more ways to create
+# https://kubernetes.io/docs/tasks/configure-pod-container/configure-pod-configmap/#create-a-configmap
+cat <<EOF >./pod-labels-configmap.yaml
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: kubectl-debug-pod-labels-configmap
+  namespace: default
+data:
+  test: test
+  app: app
+  calmkart: calmkart
+EOF
+kubectl apply -f ./pod-labels-configmap.yaml
 ```
 
 * You can configure the default arguments to simplify usage, refer to [Configuration](#configuration)
@@ -177,6 +200,12 @@ command:
 # default namspace is default
 RegistrySecretName: my-debug-secret
 RegistrySecretNamespace: debug
+# in fork mode, if you want to copy pod with labels,you can use kubernetes configMap to set labels
+# configmap's data need to be labels key:value 
+# configMap name use --pod-labels-configmap-name to set, default is kubectl-debug-pod-labels-configmap
+# configMap namespace use --pod-labels-configmap-namespace to set, default is default
+podLabelsConfigmapName: my-fork-pod-labels-configmap
+podLabelsConfigmapNamespace: debug
 ```
 
 If the debug-agent is not accessible from host port, it is recommended to set `portForward: true` to using port-forawrd mode.

docs/zh-cn.md

@@ -52,7 +52,6 @@ sudo mv kubectl-debug /usr/local/bin/
 Windows 用户可以从 [release page](https://github.com/aylei/kubectl-debug/releases/tag/v0.1.1) 进行下载并添加到 PATH 中
 
 ## (可选) 安装 debug-agent DaemonSet   
-
 `kubectl-debug` 包含两部分, 一部分是用户侧的 kubectl 插件, 另一部分是部署在所有 k8s 节点上的 agent(用于启动"新容器", 同时也作为 SPDY 连接的中继). 在 `agentless` 中, `kubectl-debug` 会在 debug 开始时创建 debug-agent Pod, 并在结束后自动清理.
 
 `agentless` 虽然方便, 但会让 debug 的启动速度显著下降, 你可以通过预先安装 debug-agent 的 DaemonSet 来使用 agent 模式, 加快启动速度:
@@ -79,6 +78,12 @@ kubectl debug POD_NAME --agentless
 # 假如 Pod 处于 CrashLookBackoff 状态无法连接, 可以复制一个完全相同的 Pod 来进行诊断
 kubectl debug POD_NAME --fork
 
+# 当使用fork mode时,如果需要复制出来的pod带有labels,可以通过kubernetes的configMap设置labels
+# configMap的data应为labels键值对
+# 使用的configMap名通过 --pod-labels-configmap-name 设置,默认为kubectl-debug-pod-labels-configmap
+# 使用的configMap命名空间通过 --pod-labels-configmap-namespace 设置,默认为default
+kubectl debug POD_NAME --fork --pod-labels-configmap-name <k8s_configmap_name> --pod-labels-configmap-namespace <namespace>
+
 # 假如 Node 没有公网 IP 或无法直接访问(防火墙等原因), 请使用 port-forward 模式
 kubectl debug POD_NAME --port-forward --daemonset-ns=kube-system --daemonset-name=debug-agent
 
@@ -99,6 +104,23 @@ kubectl-debug POD_NAME --image calmkart/netshoot:latest --registry-secret-name <
 # https://kubernetes.io/docs/concepts/configuration/secret/
 echo -n '{Username: calmkart, Password: calmkart}' > ./registrySecret.txt
 kubectl create secret generic kubectl-debug-registry-secret --from-file=./registrySecret.txt
+
+# 怎样创建一个用于fork mode的pod labels configmap
+# 以labels为 <calmkart=calmkart, test=test, app=app> 为例
+# 更多创建方式可以参考kubernets官方文档
+# https://kubernetes.io/docs/tasks/configure-pod-container/configure-pod-configmap/#create-a-configmap
+cat <<EOF >./pod-labels-configmap.yaml
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: kubectl-debug-pod-labels-configmap
+  namespace: default
+data:
+  test: test
+  app: app
+  calmkart: calmkart
+EOF
+kubectl apply -f ./pod-labels-configmap.yaml
 ```
 
 # 构建项目
@@ -168,6 +190,12 @@ command:
 # 默认RegistrySecretName为kubectl-debug-registry-secret,默认RegistrySecretNamespace为default
 RegistrySecretName: my-debug-secret
 RegistrySecretNamespace: debug
+# 当使用fork mode时,如果需要复制出来的pod带有labels,可以通过kubernetes的configMap设置labels
+# configMap的data应为labels键值对
+# 使用的configMap名通过 --pod-labels-configmap-name 设置,默认为kubectl-debug-pod-labels-configmap
+# 使用的configMap命名空间通过 --pod-labels-configmap-namespace 设置,默认为default
+podLabelsConfigmapName: my-fork-pod-labels-configmap
+podLabelsConfigmapNamespace: debug
 ```
 
 > `kubectl-debug` 会将容器的 entrypoint 直接覆盖掉, 这是为了避免在 debug 时不小心启动非 shell 进程.

pkg/plugin/cmd.go

@@ -77,6 +77,9 @@ You may set default configuration such as image and command in the config file,
 
 	defaultRegistrySecretName      = "kubectl-debug-registry-secret"
 	defaultRegistrySecretNamespace = "default"
+
+	defaultPodLabelsConfigMapName      = "kubectl-debug-pod-labels-configmap"
+	defaultPodLabelsConfigMapNamespace = "default"
 )
 
 // DebugOptions specify how to run debug container in a running pod
@@ -87,15 +90,17 @@ type DebugOptions struct {
 	PodName   string
 
 	// Debug options
-	Image                   string
-	RegistrySecretName      string
-	RegistrySecretNamespace string
-	ContainerName           string
-	Command                 []string
-	AgentPort               int
-	AppName                 string
-	ConfigLocation          string
-	Fork                    bool
+	Image                       string
+	RegistrySecretName          string
+	RegistrySecretNamespace     string
+	PodLabelsConfigMapName      string
+	PodLabelsConfigMapNamespace string
+	ContainerName               string
+	Command                     []string
+	AgentPort                   int
+	AppName                     string
+	ConfigLocation              string
+	Fork                        bool
 
 	//used for agentless mode
 	AgentLess  bool
@@ -164,6 +169,10 @@ func NewDebugCmd(streams genericclioptions.IOStreams) *cobra.Command {
 		"private registry secret name, default is kubectl-debug-registry-secret")
 	cmd.Flags().StringVar(&opts.RegistrySecretNamespace, "registry-secret-namespace", "",
 		"private registry secret namespace, default is default")
+	cmd.Flags().StringVar(&opts.PodLabelsConfigMapName, "pod-labels-configmap-name", "",
+		"in fork mode the pod labels configmap name, default is kubectl-debug-pod-labels-configmap")
+	cmd.Flags().StringVar(&opts.PodLabelsConfigMapNamespace, "pod-labels-configmap-namespace", "",
+		"in fork mode the pod labels configmap namespaces, default is default")
 	cmd.Flags().StringVarP(&opts.ContainerName, "container", "c", "",
 		"Target container to debug, default to the first container in pod")
 	cmd.Flags().IntVarP(&opts.AgentPort, "port", "p", 0,
@@ -261,6 +270,20 @@ func (o *DebugOptions) Complete(cmd *cobra.Command, args []string, argsLenAtDash
 			o.RegistrySecretNamespace = defaultRegistrySecretNamespace
 		}
 	}
+	if len(o.PodLabelsConfigMapName) < 1 {
+		if len(config.PodLabelsConfigMapName) > 0 {
+			o.PodLabelsConfigMapName = config.PodLabelsConfigMapName
+		} else {
+			o.PodLabelsConfigMapName = defaultPodLabelsConfigMapName
+		}
+	}
+	if len(o.PodLabelsConfigMapNamespace) < 1 {
+		if len(config.PodLabelsConfigMapNamespace) > 0 {
+			o.PodLabelsConfigMapNamespace = config.PodLabelsConfigMapNamespace
+		} else {
+			o.PodLabelsConfigMapNamespace = defaultPodLabelsConfigMapNamespace
+		}
+	}
 	if o.AgentPort < 1 {
 		if config.AgentPort > 0 {
 			o.AgentPort = config.AgentPort
@@ -378,7 +401,14 @@ func (o *DebugOptions) Run() error {
 	// and hack the entry point of the target container with sleep command
 	// which keeps the container running.
 	if o.Fork {
-		pod = copyAndStripPod(pod, containerName)
+		// build the fork pod labels
+		podLabels, err := o.buildForkPodLabels()
+		if err != nil {
+			o.deleteAgent(agentPod)
+			return err
+		}
+		// copy pod and run
+		pod = copyAndStripPod(pod, containerName, podLabels)
 		pod, err = o.launchPod(pod)
 		if err != nil {
 			fmt.Fprintf(o.Out, "the ForkedPod is not running, you should check the reason and delete the failed ForkedPod and retry\n")
@@ -591,15 +621,28 @@ func (o *DebugOptions) setupTTY() term.TTY {
 	return t
 }
 
+func (o *DebugOptions) buildForkPodLabels() (map[string]string, error) {
+	podLabelConfigMap, err := o.CoreClient.ConfigMaps(o.PodLabelsConfigMapNamespace).Get(o.PodLabelsConfigMapName, v1.GetOptions{})
+	if err != nil {
+		if errors.IsNotFound(err) {
+			return nil, nil
+		} else {
+			return nil, err
+		}
+	} else {
+		return podLabelConfigMap.Data, nil
+	}
+}
+
 // copyAndStripPod copy the given pod template, strip the probes and labels,
 // and replace the entry point
-func copyAndStripPod(pod *corev1.Pod, targetContainer string) *corev1.Pod {
+func copyAndStripPod(pod *corev1.Pod, targetContainer string, podLabels map[string]string) *corev1.Pod {
 	copied := &corev1.Pod{
 		ObjectMeta: *pod.ObjectMeta.DeepCopy(),
 		Spec:       *pod.Spec.DeepCopy(),
 	}
 	copied.Name = fmt.Sprintf("%s-%s-debug", pod.Name, uuid.NewUUID())
-	copied.Labels = nil
+	copied.Labels = podLabels
 	copied.Spec.RestartPolicy = corev1.RestartPolicyNever
 	for i, c := range copied.Spec.Containers {
 		copied.Spec.Containers[i].LivenessProbe = nil

pkg/plugin/config.go

@@ -11,18 +11,20 @@ type RegistryAuthConfig struct {
 	Password string `yaml:"password,omitempty"`
 }
 type Config struct {
-	AgentPort               int      `yaml:"agentPort,omitempty"`
-	Image                   string   `yaml:"image,omitempty"`
-	RegistrySecretName      string   `yaml:"registrySecretName,omitempty"`
-	RegistrySecretNamespace string   `yaml:"registrySecretNamespace,omitempty"`
-	DebugAgentDaemonSet     string   `yaml:"debugAgentDaemonset,omitempty"`
-	DebugAgentNamespace     string   `yaml:"debugAgentNamespace,omitempty"`
-	Command                 []string `yaml:"command,omitempty"`
-	PortForward             bool     `yaml:"portForward,omitempty"`
-	Agentless               bool     `yaml:"agentless,omitempty"`
-	AgentPodNamePrefix      string   `yaml:"agentPodNamePrefix,omitempty"`
-	AgentPodNamespace       string   `yaml:"agentPodNamespace,omitempty"`
-	AgentImage              string   `yaml:"agentImage,omitempty"`
+	AgentPort                   int      `yaml:"agentPort,omitempty"`
+	Image                       string   `yaml:"image,omitempty"`
+	RegistrySecretName          string   `yaml:"registrySecretName,omitempty"`
+	RegistrySecretNamespace     string   `yaml:"registrySecretNamespace,omitempty"`
+	PodLabelsConfigMapName      string   `yaml:"podLabelsConfigmapName,omitempty"`
+	PodLabelsConfigMapNamespace string   `yaml:"podLabelsConfigmapNamespace,omitempty"`
+	DebugAgentDaemonSet         string   `yaml:"debugAgentDaemonset,omitempty"`
+	DebugAgentNamespace         string   `yaml:"debugAgentNamespace,omitempty"`
+	Command                     []string `yaml:"command,omitempty"`
+	PortForward                 bool     `yaml:"portForward,omitempty"`
+	Agentless                   bool     `yaml:"agentless,omitempty"`
+	AgentPodNamePrefix          string   `yaml:"agentPodNamePrefix,omitempty"`
+	AgentPodNamespace           string   `yaml:"agentPodNamespace,omitempty"`
+	AgentImage                  string   `yaml:"agentImage,omitempty"`
 
 	// deprecated
 	AgentPortOld int `yaml:"agent_port,omitempty"`