Open danmx opened 1 year ago
this would be great, as currently can't exec into distroless images
I came here looking for the same thing. As mentioned this is particularly important for images which don't have a shell to exec into.
When developers only have access to Argo UI, and not kubectl
, this feature would be very useful for debugging, profiling etc.!
Feel free to create a proposal + PR for kubectl debug
, it would be very welcome.
Summary
I would like to do a
kubectl debug
a container of a Pod in ArgoCD UI similar to currently availablekubectl exec
option.Motivation
As a security engineer I think
kubectl debug
(attaching ephemeral container) is more secure thankubectl exec
when debugging a container. You can:Proposal
How do you think this should be implemented?
start.exec
option.exec
) tab that is in Web UI.debug
or pick one from a list.debug
session should leave an entry in an audit log (preferably start and end).