aphorise
commented
2 years ago I would not expect this any time soon especially given the parallel transition in K8S as well as the fact that there were some initiatives of going distroless which I believe the Consul team are working toward too.
What's more on the related issue you've linked one of the contributors has rightly stated:
I think the best option is to have CRI support this, CRI could e.g. use a trusted host
tarimplementation and make various improvements. With dockershim deprecated it will be feasible to only focus on doing this in CRI.
Hey @boldandbusted for my understanding can you kindly confirm why you'd need remote tar on the process run-time and you can not simply do:
# // copy from pod to local host.
kubectl cp k8s_namespace/vault-1:/raft/data/vault.db .
Is your feature request related to a problem? Please describe. While I can copy out files from a pod launched with the official Vault (and Consul) images via
kubectl exec -it vault-0 -- cat <file> >> <file>, I cannot easily do the reverse without a copy oftarincluded within the container image. This is very useful if one needs to make raft storage backups (in either Consul or Vault) 'on-the-fly', perhaps as part of upgrade automation.Describe the solution you'd like Add 'tar' to the container images.
Describe alternatives you've considered I've tried to consider ways to work around the broken
kubectl cpfunctionality, and all are a lot more involved than fixingkubectl cp. They include:kubectl exec... but that is limited by shell argument length restrictions... (We want to copy raft snaphots, which can be large)Explain any additional use-cases I can think of several troubleshooting and emergency backup scenarios that this could help make easier.
Additional context Note this issue in the Kubernetes repo shows that they know about it, but have yet to remove a dependency on tar: https://github.com/kubernetes/kubernetes/issues/58512 . Happy to provide more info! Thanks! :)