ssup2 / kpexec Goto Github PK

I'm unable to use kpexec on my cluster and wanted to know what features I need to check to know whether things should be compatible. The full error message is:

Failed to run kpexec err : failed to create cnsetner pod (cnsenter-1234) : admission webhook "validating-webhook.openpolicyagent.org" denied the request: Sharing the namespace is not allowed: cnsenter-1234. The vol type hostPath is not allowed, pod: cnsenter-1234

In my K8s cluster, the socket file for accessing the container runtime is at /run/k3s/containerd/containerd.sock.
Calling kpexec fails like this:

$ kubectl kpexec -it mypod-0 -- id
Defaulting container name to mypod.
Create cnsenter pod (cnsenter-fmh41m2qi4)
Wait to run cnsenter pod (cnsenter-fmh41m2qi4)
Failed to wait running cnsenter pod (cnsenter-fmh41m2qi4)
Print cnsenter pod (cnsenter-fmh41m2qi4) events
---
MountVolume.SetUp failed for volume "containerd-socket" : hostPath type check failed: /run/containerd/containerd.sock is not a socket file
---
Delete cnsenter pod (cnsenter-fmh41m2qi4)

I can see the location in https://github.com/ssup2/kpexec/blob/master/pkg/cmd/kpexec/kpexec.go#L54 (with contRootContdPath being another relevant constant two lines below).
Are these values hardcoded or can I change them from the command line or in a configuration file?

Hello!

Thanks for a great project, it's very useful!

When trying to connect to my cluster I had some difficulties though. Mainly in dealing with cluster settings. It would be really nice if kpexec could manage kubernetes config in the same way as kubectl to reduce friction. Kubernetes reads the env variable KUBECONFIG to let you load a set of config files, like export KUBECONFIG=~/kube/config:~/.kube/cluster.d/us.us-east-1.eksctl.io.conf. But in kpexec this is expected to always be called ~/kube/config unless otherwise specified by argument:

cmd.Flags().StringVar(&options.kubeconfig, "kubeconfig", filepath.Join(homedir.HomeDir(), ".kube", "config"), "Absolute path to the kubeconfig file")

It would be really great if kpexec could load in whatever is in the KUBECONFIG env var, or just drop any config management code and let kubectl do it in whatever way it wants by loading conf with kubectl config view.

TL;DR
Actual:

➜  export KUBECONFIG=~/.kube/config:~/.kube/cluster.d/us.us-east-1.eksctl.io.conf
➜  kubectl get pod -n kafka
NAME                                               READY   STATUS    RESTARTS   AGE
production-kafka-exporter-86856fd478-cm67l         1/1     Running   141        17h
➜  kpexec -it -T -n kafka production-kafka-exporter-86856fd478-cm67l -- bash
Failed to run kpexec err : failed to set kubeconfig : invalid configuration: [context was not found for specified context: [email protected], cluster has no server defined]

Expected: should work

Thanks

Working directory of the injected process into a container is not set properly.

The example snippets say to run kpexec, however when this plugin is installed via krew, then it should be run as kubectl kpexec. Could we please update the README to reflect this?

Thank you for maintaining this very helpful tool! I would love to see this capability promoted into the main kubectl client, so that this feature will be available out of the box for all Kubernetes setups.

Good day,

In attempting to use your tools on an Arm64 based AWS cluster (AWS R6G machine), I discovered that your Dockerfile specifies the linux-amd64 crictl package, and not the appropriate Arm64 variant.

I hope you can look in to this.

Thank you!

Is there a way to get the current version? I tried:

kpexec --version
kpexec -v
kpexec version

Hey, I don't know if this is a problem with kpexec specifically, or more likely the kubectl plugin system. But it's annoying to not be able to use --namespace / -n before the pexec subcommand.

When operating on a lot of different namespaces, it is practical to declare the namespace early rather than late in kubectl commands.

Do you intend to add support for cri-o container runtime ?

Hello,

I am trying to get a root shell into a pod using your tool. However I am getting the following error:

pexec -it mittimus-celery-worker-544dd77958-5xnl8 -c bash-container -- bash
Failed to run kpexec err : failed to get target container's info : no container runtime, ID info