Ephemeral Containers #277
Description
Feature Description
- One-line feature description (can be used as a release note): Support advanced troubleshooting of running pods by running a new container image in shared pod namespaces.
- Kubernetes Enhancement Proposal: https://git.k8s.io/enhancements/keps/sig-node/277-ephemeral-containers
- Primary contact (assignee): @verb
- Responsible SIGs: sig-node
- Feature target (which target equals to which milestone):
- Alpha release target (1.16)
- Beta release target (1.23)
- Stable release target (1.25)
Documentation
Milestones
These are the user-visible milestones on the way towards a Kubernetes release that will support kubectl debug functionality. Those interested can follow this issue for updates. I've included estimated release targets, but these are highly dependent on reviewer availability and should not be relied upon.
- Ephemeral containers added to core API (landed 1.16)
- kubelet support for creating basic ephemeral containers (landed 1.16)
- kubectl command to launch ephemeral containers (landed 1.17)
- kubelet support for namespace targeting (landed 1.18)
- kubectl support for adding ephemeral containers (landed 1.18)
- Switch API to use
Podkind (target 1.22) - allow setting securityContext (target 1.22)
- Beta graduation (target 1.23)
Related Enhancements and Proposals
- Configurable Pod Process Namespace Sharing #495: Process Namespace Sharing
- KEP 1441 - kubectl debug #1441:
kubectl debugcommand
Issues & Feature Requests
Completed features
- FR: New kubectl command
kubectl debugkubernetes#45922:kubectl debugcommand - Ephemeral Containers: Enable container namespace targeting kubernetes#84359: Container namespace targetting
- Add integration test for disabled ephemeral containers kubernetes#98067: Integration test for disabled feature behavior
- Create kubelet metrics for ephemeral containers creation and usage kubernetes#97974: Add kubelet metrics for Ephemeral Containers
- Ephemeral Containers: Allow setting security context kubernetes#53188: Allow setting security context of Ephemeral Containers
- kubectl debug compatibility with pre-1.22 ephemeral containers API kubernetes#102008: kubectl debug compatibility with pre-1.22 ephemeral containers API
Scheduled for work in 1.23
- Create e2e tests for Ephemeral Containers kubernetes#85545: Add e2e testing of Ephemeral Containers
- Promote Ephemeral Containers to beta and enable by default kubernetes#98808: Promote Ephemeral Containers to beta and enable by default
- Update via /ephemeralcontainers validates entire PodSpec kubernetes#105241: Improve safety in ephemeral containers update validation
Scheduled for work in 1.25
- Improve tests and fix bugs in container validation kubernetes#111401
- Fix incorrect message when attaching to ephemeral containers kubernetes#111185
- Add Ephemeral Containers to node conformance tests kubernetes#111404
- Investigate exercising Ephemeral Container creation in upgrade tests kubernetes#98807
- Promote EphemeralContainers feature to GA kubernetes#111402
- Mark EphemeralContainers as GA in 1.25 website#35545
Future work, out of scope for this KEP
- Ephemeral Containers: Automatically taint pods with ephemeral containers kubernetes#84353: Automatically taint pods with ephemeral containers
- Support removing ephemeral container from pod kubernetes#84764: Allow removing ephemeral containers
Contribute to these features or help prioritize by voting for these issues.
Metadata
Metadata
Assignees
Labels
Categorizes issue or PR as related to adding, removing, or otherwise changing an APICategorizes issue or PR as related to a new feature.Categorizes an issue or PR as relevant to SIG CLI.Categorizes an issue or PR as relevant to SIG Node.Denotes an issue tracking an enhancement targeted for Stable/GA statusDenotes an enhancement issue is NOT actively being tracked by the Release Team