Adding this to KoolKits?

[TomGranot]

Hiya!

I've caught this repo from Observability News by Michael Hasuenblas - great stuff:)

I wonder, since this requires 0 code changes, whether it will be a good fit to bundle into our OSS project KoolKits.

We have docker debug images specifically geared towards debugging applications written in a specific language - you can check out the project here.

This might fit into our Go KoolKit.

Your comments much appreciated @edeNFed :)

[edeNFed]

Hi @TomGranot, KoolKit looks like a really cool project! Adding auto instrumentation to the Go image should be pretty easy, probably just copying the binary from this Dockerfile: https://github.com/keyval-dev/opentelemetry-go-instrumentation/blob/master/Dockerfile

Will be happy to open a PR if you think it's a good idea.

[TomGranot]

@edeNFed Please do! That would be awesome.

If you can also add it to the README for the Go KoolKit with a quick explainer I'll appreciate that too:)

We usually also ask maintainers to add a reference to the tool in their own READMEs - i.e. "To run this in k8s you can use a KoolKit" - would that be OK with you? I can open a PR here.

[edeNFed]

Sure no problem, I'll let you know once I finished adding to KoolKit so we can update the README file.

[TomGranot]

@edeNFed Dope. Talk soon!

[edeNFed]

Hi @TomGranot, I tried to include the project in the KoolKit container but I had a few issues. The main problem is that in order for this instrumentation to run we need to add privileges to the pod, for example:

          securityContext:
            runAsUser: 0
            capabilities:
              add:
                - SYS_PTRACE
            privileged: true
          volumeMounts:
            - mountPath: /sys/kernel/debug
              name: kernel-debug

I could not find a flag in kubectl debug which allows adding securtityContext or volume mounts. I do see that kubectl debug has a "node mode" which allows the creation of pods that runs with enhanced privileges. What do you think? Should I try to use this mode or do you have other suggestions?

[TomGranot]

@edeNFed Interesting.

To add what I know off the top of my head, kubectl debug has two modes - container-in-existing-pod and container-in-new-pod.

If I understand correctly, you were attempting to target the latter - copying a pod and debugging it. I'm pretty sure that if you use that you indeed can't change the securityContext, so using 'node mode" seems like the right path to go.

Let me know if I can help out with something!

[TomGranot]

@edeNFed Any luck testing this out?

[edeNFed]

@TomGranot sorry for the delay, I had a couple of busy days. Hope to get it done by the end of this week.

[TomGranot]

@edeNFed NP! Just let me know if i can help.