aylei / kubectl-debug

This repository is no longer maintained, please checkout https://github.com/JamesTGrant/kubectl-debug.
Apache License 2.0
2.31k stars 303 forks source link

Error: ephemeral containers are disabled for this cluster #125

Open y0zg opened 4 years ago

y0zg commented 4 years ago

Hello,

I haven't found this error in issues, so wonder if this is something cluster specific or I missed any parameter. Thank you

kubectl-debug pod
Error: ephemeral containers are disabled for this cluster ("the server could not find the requested resource"). See --help for additional information
kubectl version
Client Version: version.Info{Major:"1", Minor:"17", GitVersion:"v1.17.7", GitCommit:"b4455102ef392bf7d594ef96b97a4caa79d729d9", GitTreeState:"clean", BuildDate:"2020-06-17T11:39:47Z", GoVersion:"go1.13.9", Compiler:"gc", Platform:"linux/amd64"}
Server Version: version.Info{Major:"1", Minor:"16", GitVersion:"v1.16.15+IKS", GitCommit:"a7ace239946d71c9305593eacf74b9a9efa25e3b", GitTreeState:"clean", BuildDate:"2020-09-09T00:11:53Z", GoVersion:"go1.13.15", Compiler:"gc", Platform:"linux/amd64"}
spkane commented 3 years ago

You have to enable the k8s EphemeralContainers feature gate in your cluster. At the moment this is still alpha and therefore not enabled by default.

https://kubernetes.io/docs/reference/command-line-tools-reference/feature-gates/

You probably also want to enable Process Namespace Sharing in your pod.

https://kubernetes.io/docs/tasks/configure-pod-container/share-process-namespace/

Note however, that all of this has repercussions in your cluster, to things like security, so make sure you understand those tradeoffs.