Add `kubectl-node-shell` tooling

[RoseSecurity]

Have a question? Please checkout our Slack Community or visit our Slack Archive.

Describe the Feature

Add kubectl-node-shell to support starting a root shell in the node's host OS running.

Use Case

Creates the ability to interact with Kubernetes nodes using kubectl. Uses an alpine pod with nsenter for Linux nodes and a HostProcess pod with PowerShell for Windows nodes.

Testing

• Created the following entry in ~/.geodesic/preferences.d/init.sh:

# Test Kubectl Node Shell
curl -LO https://github.com/kvaps/kubectl-node-shell/raw/master/kubectl-node_shell
chmod +x ./kubectl-node_shell
sudo mv ./kubectl-node_shell /usr/local/bin/kubectl-node_shell

• Pulled Docker image and the application worked seamlessly

Additional Context

[Nuru]

@RoseSecurity Thank you for your feature request.

Geodesic is already a much larger Docker image than we would like. As a result, we are very reluctant to add new tools to it. For example, all of our current customers use Atmos, but we have not added it to Geodesic.

In order for us to consider adding something new to Geodesic, it has to be both

1. something we expect the vast majority of Geodesic users will find themselves using, and
2. something difficult for users to add via their own custom Dockerfile.

The most recent example of this is the AWS Session Manager Plugin.

While kubectl-node-shell is arguably as useful as the AWS Session Manager Plugin, it is very easily installed by those who want to use it. Furthermore, many people prefer to use a tool like Lens which provides this same feature among its many features. Thus it fails both prongs of the test.

Also, how is kubectl-node-shell different than kubectl debug? Have you tried

kubectl debug node/mlc35 -it --image=alpine

For these reasons, I am closing this a "wontfix".