generateNodeDebugPod generates a debugging pod that schedules on the specified node. The generated pod will run in the host PID, Network & IPC namespaces, and it will have the node's filesystem mounted at /host.
(node *corev1.Node)
| 708 | // generateNodeDebugPod generates a debugging pod that schedules on the specified node. |
| 709 | // The generated pod will run in the host PID, Network & IPC namespaces, and it will have the node's filesystem mounted at /host. |
| 710 | func (o *DebugOptions) generateNodeDebugPod(node *corev1.Node) (*corev1.Pod, error) { |
| 711 | cn := "debugger" |
| 712 | // Setting a user-specified container name doesn't make much difference when there's only one container, |
| 713 | // but the argument exists for pod debugging so it might be confusing if it didn't work here. |
| 714 | if len(o.Container) > 0 { |
| 715 | cn = o.Container |
| 716 | } |
| 717 | |
| 718 | // The name of the debugging pod is based on the target node, and it's not configurable to |
| 719 | // limit the number of command line flags. There may be a collision on the name, but this |
| 720 | // should be rare enough that it's not worth the API round trip to check. |
| 721 | pn := fmt.Sprintf("node-debugger-%s-%s", node.Name, nameSuffixFunc(5)) |
| 722 | if !o.Quiet { |
| 723 | fmt.Fprintf(o.Out, "Creating debugging pod %s with container %s on node %s.\n", pn, cn, node.Name) |
| 724 | } |
| 725 | |
| 726 | p := &corev1.Pod{ |
| 727 | ObjectMeta: metav1.ObjectMeta{ |
| 728 | Name: pn, |
| 729 | Labels: map[string]string{ |
| 730 | "app.kubernetes.io/managed-by": "kubectl-debug", |
| 731 | }, |
| 732 | }, |
| 733 | Spec: corev1.PodSpec{ |
| 734 | Containers: []corev1.Container{ |
| 735 | { |
| 736 | Name: cn, |
| 737 | Env: o.Env, |
| 738 | Image: o.Image, |
| 739 | ImagePullPolicy: o.PullPolicy, |
| 740 | Stdin: o.Interactive, |
| 741 | TerminationMessagePolicy: corev1.TerminationMessageReadFile, |
| 742 | TTY: o.TTY, |
| 743 | }, |
| 744 | }, |
| 745 | NodeName: node.Name, |
| 746 | RestartPolicy: corev1.RestartPolicyNever, |
| 747 | Tolerations: []corev1.Toleration{ |
| 748 | { |
| 749 | Operator: corev1.TolerationOpExists, |
| 750 | }, |
| 751 | }, |
| 752 | }, |
| 753 | } |
| 754 | |
| 755 | if o.ArgsOnly { |
| 756 | p.Spec.Containers[0].Args = o.Args |
| 757 | } else { |
| 758 | p.Spec.Containers[0].Command = o.Args |
| 759 | } |
| 760 | |
| 761 | if err := o.Applier.Apply(p, cn, node); err != nil { |
| 762 | return nil, err |
| 763 | } |
| 764 | |
| 765 | if o.CustomProfile != nil { |
| 766 | err := o.applyCustomProfile(p, cn) |
| 767 | if err != nil { |