Skip to content

kubectl debug: add auto profile #120687

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

kubectl debug: add auto profile #120687

wants to merge 1 commit into from

Conversation

mochizuki875
Copy link
Member

@mochizuki875 mochizuki875 commented Sep 15, 2023
edited
Loading

What type of PR is this?

/kind feature

What this PR does / why we need it:

auto profile of kubectl debug is defined in KEP, but it has not been implemented yet.
So this PR implements it.
general, baseline, or restricted profile is automatically selected by --profile auto depending on the pod-security.kubernetes.io/enforce annotation on the namespace.

Which issue(s) this PR fixes:

kubernetes/kubectl#1108

Special notes for your reviewer:

Default Profile and Automation Selection of KEP says that:

This will become the default behavior, but in order to maintain backwards compatibility the "legacy" profile will be the default profile until the 1.25 release. When --profile is not specified kubectl debug will print a warning about the upcoming change in behavior.

But now(at v1.30), legacy profile is stil the default.
Should we plan to change the default profile to auto from legacy at this point?(rf: #123149 (comment))

Does this PR introduce a user-facing change?

`general`, `baseline`, or `restricted` profile of `kubectl debug` is automatically selected by `--profile auto` depending on the `pod-security.kubernetes.io/enforce` annotation on the namespace.

Additional documentation e.g., KEPs (Kubernetes Enhancement Proposals), usage docs, etc.:

https://github.com/kubernetes/enhancements/tree/master/keps/sig-cli/1441-kubectl-debug#default-profile-and-automation-selection

@k8s-ci-robot k8s-ci-robot added release-note Denotes a PR that will be considered when it comes time to generate release notes. size/XXL Denotes a PR that changes 1000+ lines, ignoring generated files. kind/feature Categorizes issue or PR as related to a new feature. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. do-not-merge/needs-sig Indicates an issue or PR lacks a `sig/foo` label and requires one. labels Sep 15, 2023
@k8s-ci-robot
Copy link
Contributor

This issue is currently awaiting triage.

If a SIG or subproject determines this is a relevant issue, they will accept it by applying the triage/accepted label and provide further guidance.

The triage/accepted label can be added by org members by writing /triage accepted in a comment.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@k8s-ci-robot k8s-ci-robot added needs-triage Indicates an issue or PR lacks a `triage/foo` label and requires one. needs-ok-to-test Indicates a PR that requires an org member to verify it is safe to test. labels Sep 15, 2023
@k8s-ci-robot
Copy link
Contributor

Hi @mochizuki875. Thanks for your PR.

I'm waiting for a kubernetes member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@k8s-ci-robot k8s-ci-robot added the needs-priority Indicates a PR lacks a `priority/foo` label and requires one. label Sep 15, 2023
@mochizuki875
Copy link
Member Author

/sig cli
/area kubectl

@k8s-ci-robot k8s-ci-robot added sig/cli Categorizes an issue or PR as relevant to SIG CLI. area/kubectl and removed do-not-merge/needs-sig Indicates an issue or PR lacks a `sig/foo` label and requires one. labels Sep 15, 2023
@k8s-ci-robot k8s-ci-robot added area/test sig/testing Categorizes an issue or PR as relevant to SIG Testing. labels Sep 15, 2023
@mochizuki875 mochizuki875 changed the title kubectl debug: add auto debug profile kubectl debug: add auto profile Sep 15, 2023
@k8s-ci-robot k8s-ci-robot added needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. do-not-merge/contains-merge-commits Indicates a PR which contains merge commits. and removed needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. labels Oct 20, 2023
@mochizuki875
Copy link
Member Author

@verb @ardaguclu
PTAL?

@mochizuki875 mochizuki875 mentioned this pull request Oct 23, 2023
Open
7 tasks
@mochizuki875 mochizuki875 mentioned this pull request Nov 24, 2023
Closed
9 tasks
@mochizuki875
Copy link
Member Author

/ok-to-test

@k8s-ci-robot k8s-ci-robot added ok-to-test Indicates a non-member PR verified by an org member that is safe to test. and removed needs-ok-to-test Indicates a PR that requires an org member to verify it is safe to test. labels Dec 18, 2023
@k8s-ci-robot k8s-ci-robot added the needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. label Jan 27, 2024
@k8s-ci-robot k8s-ci-robot removed the needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. label Feb 5, 2024
@mochizuki875 mochizuki875 force-pushed the add_auto_debug_profile branch from e5cc98f to 4b19287 Compare May 17, 2024 16:25
@k8s-ci-robot k8s-ci-robot removed the needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. label May 17, 2024
@mochizuki875 mochizuki875 force-pushed the add_auto_debug_profile branch from 4b19287 to 4c81102 Compare May 17, 2024 16:50
@mochizuki875 mochizuki875 changed the title WIP: kubectl debug: add auto profile kubectl debug: add auto profile May 17, 2024
@k8s-ci-robot k8s-ci-robot removed the do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. label May 17, 2024
@mochizuki875
Copy link
Member Author

/retest

1 similar comment
@mochizuki875
Copy link
Member Author

/retest

@k8s-ci-robot k8s-ci-robot added the needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. label Jul 12, 2024
@mochizuki875 mochizuki875 force-pushed the add_auto_debug_profile branch from 4c81102 to 865004d Compare September 3, 2024 07:29
@k8s-ci-robot k8s-ci-robot removed the needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. label Sep 3, 2024
@k8s-ci-robot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: mochizuki875
Once this PR has been reviewed and has the lgtm label, please assign seans3 for approval. For more information see the Kubernetes Code Review Process.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@mochizuki875
Copy link
Member Author

/retest

@mochizuki875 mochizuki875 mentioned this pull request Sep 9, 2024
Merged
@k8s-ci-robot k8s-ci-robot added the needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. label Oct 24, 2024
@mochizuki875 mochizuki875 force-pushed the add_auto_debug_profile branch from 865004d to 073fdb3 Compare November 20, 2024 06:23
@k8s-ci-robot k8s-ci-robot removed the needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. label Nov 20, 2024
@mochizuki875
Copy link
Member Author

/retest

@mochizuki875
Copy link
Member Author

@ardaguclu @verb
Could you please take a look?
Auto Profile is a key point in replacing the default profile from deprecated legacy to auto.

related #127230

@k8s-triage-robot
Copy link

The Kubernetes project currently lacks enough contributors to adequately respond to all PRs.

This bot triages PRs according to the following rules:

  • After 90d of inactivity, lifecycle/stale is applied
  • After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
  • After 30d of inactivity since lifecycle/rotten was applied, the PR is closed

You can:

  • Mark this PR as fresh with /remove-lifecycle stale
  • Close this PR with /close
  • Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle stale

@k8s-ci-robot k8s-ci-robot added the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label Feb 18, 2025
@mochizuki875
Copy link
Member Author

/remove-lifecycle stale

@k8s-ci-robot k8s-ci-robot removed the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label Feb 18, 2025
@mochizuki875 mochizuki875 mentioned this pull request Mar 10, 2025
Open
@k8s-ci-robot
Copy link
Contributor

PR needs rebase.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

@k8s-ci-robot k8s-ci-robot added the needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. label Mar 22, 2025
@k8s-triage-robot
Copy link

The Kubernetes project currently lacks enough contributors to adequately respond to all PRs.

This bot triages PRs according to the following rules:

  • After 90d of inactivity, lifecycle/stale is applied
  • After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
  • After 30d of inactivity since lifecycle/rotten was applied, the PR is closed

You can:

  • Mark this PR as fresh with /remove-lifecycle stale
  • Close this PR with /close
  • Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle stale

@k8s-ci-robot k8s-ci-robot added the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label Jun 24, 2025
@mochizuki875
Copy link
Member Author

/remove-lifecycle stale

@k8s-ci-robot k8s-ci-robot removed the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label Jun 24, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ardaguclu ardaguclu Awaiting requested review from ardaguclu

@seans3 seans3 Awaiting requested review from seans3

@verb verb Awaiting requested review from verb

Assignees
No one assigned
Labels
area/kubectl area/test cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. kind/feature Categorizes issue or PR as related to a new feature. needs-priority Indicates a PR lacks a `priority/foo` label and requires one. needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. needs-triage Indicates an issue or PR lacks a `triage/foo` label and requires one. ok-to-test Indicates a non-member PR verified by an org member that is safe to test. release-note Denotes a PR that will be considered when it comes time to generate release notes. sig/cli Categorizes an issue or PR as relevant to SIG CLI. sig/testing Categorizes an issue or PR as relevant to SIG Testing. size/XXL Denotes a PR that changes 1000+ lines, ignoring generated files.
Projects
SIG CLI
Status: Needs Triage
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@mochizuki875 @k8s-ci-robot @k8s-triage-robot