pr comments

Signed-off-by: Adrien <[email protected]>
kube-rs · Mar 21, 2024 · 806585b · 806585b
1 parent 80b1f85
commit 806585b
Show file tree

Hide file tree

Showing 8 changed files with 24 additions and 6 deletions.
diff --git a/kube-client/Cargo.toml b/kube-client/Cargo.toml
@@ -20,6 +20,7 @@ default = ["client"]
 rustls-tls = ["rustls", "rustls-pemfile", "hyper-rustls"]
 openssl-tls = ["openssl", "hyper-openssl"]
 ws = ["client", "tokio-tungstenite", "rand", "kube-core/ws", "tokio/macros"]
+kubelet-debug = ["ws"]
 oauth = ["client", "tame-oauth"]
 oidc = ["client", "form_urlencoded"]
 gzip = ["client", "tower-http/decompression-gzip"]

diff --git a/kube-client/src/client/builder.rs b/kube-client/src/client/builder.rs
@@ -5,7 +5,6 @@ use hyper::{
     client::{connect::Connection, HttpConnector},
 };
 use hyper_timeout::TimeoutConnector;
-pub use kube_core::response::Status;
 use std::time::Duration;
 use tokio::io::{AsyncRead, AsyncWrite};
 use tower::{util::BoxService, BoxError, Layer, Service, ServiceBuilder};

diff --git a/kube-client/src/client/node_proxy.rs → kube-client/src/client/kubelet_debug.rs b/kube-client/src/client/node_proxy.rs → kube-client/src/client/kubelet_debug.rs
@@ -10,15 +10,22 @@ use std::fmt::Debug;
 ///
 /// These are analogous to the `Pod` api methods for [`Execute`], [`Attach`], and [`Portforward`].
 /// Service account must have `nodes/proxy` access, and
-/// the debug handlers must be enabled either via `--enable-debugging-handlers ` or in the kubelet config.
-/// See the [kubelet source]( https://github.com/kubernetes/kubernetes/blob/b3926d137cd2964cd3a04088ded30845910547b1/pkg/kubelet/server/server.go#L454), and [kubelet reference](https://kubernetes.io/docs/reference/command-line-tools-reference/kubelet/) for more info.
+/// the debug handlers must be enabled either via `--enable-debugging-handlers ` or in the [kubelet config](https://kubernetes.io/docs/reference/config-api/kubelet-config.v1beta1/#kubelet-config-k8s-io-v1beta1-KubeletConfiguration).
+/// See the [kubelet source](https://github.com/kubernetes/kubernetes/blob/b3926d137cd2964cd3a04088ded30845910547b1/pkg/kubelet/server/server.go#L454), and [kubelet reference](https://kubernetes.io/docs/reference/command-line-tools-reference/kubelet/) for more info.
+///
+/// ## Warning
+/// These methods require direct and insecure access to `kubelet` and is only available under the `kubelet_debug` feature.
+/// End-to-end usage is explored in the [pod_log_node_proxy](./examples/pod_log_node_proxy.rs) example.
+#[cfg(feature = "kubelet_debug")]
 impl Client {
     /// Attach to pod directly from the node
+    ///
+    /// ## Warning
+    /// This method uses the insecure `kubelet_debug` interface.
     pub async fn node_attach(
         &self,
         node_proxy_params: &NodeProxyParams<'_>,
         container: &str,
-        ap: &AttachParams,
     ) -> Result<AttachedProcess> {
         let mut req = Request::node_attach(node_proxy_params, container, ap).map_err(Error::BuildRequest)?;
         req.extensions_mut().insert("node_attach");
@@ -27,6 +34,9 @@ impl Client {
     }
 
     /// Execute a command in a pod directly from the node
+    ///
+    /// ## Warning
+    /// This method uses the insecure `kubelet_debug` interface.
     pub async fn node_exec<I, T>(
         &self,
         node_proxy_params: &NodeProxyParams<'_>,
@@ -46,6 +56,9 @@ impl Client {
     }
 
     /// Forward ports of a pod directly from the node
+    ///
+    /// ## Warning
+    /// This method uses the insecure `kubelet_debug` interface.
     pub async fn node_portforward(
         &self,
         node_proxy_params: &NodeProxyParams<'_>,
@@ -58,6 +71,9 @@ impl Client {
     }
 
     /// Stream logs directly from node
+    ///
+    /// ## Warning
+    /// This method uses the insecure `kubelet_debug` interface.
     pub async fn node_logs(
         &self,
         node_proxy_params: &NodeProxyParams<'_>,

diff --git a/kube-client/src/client/mod.rs b/kube-client/src/client/mod.rs
@@ -36,7 +36,7 @@ pub use auth::Error as AuthError;
 pub use config_ext::ConfigExt;
 pub mod middleware;
 
-#[cfg(feature = "ws")] mod node_proxy;
+#[cfg(feature = "kubelet_debug")] mod kubelet_debug;
 #[cfg(any(feature = "rustls-tls", feature = "openssl-tls"))] mod tls;
 
 #[cfg(feature = "openssl-tls")]

diff --git a/kube-core/Cargo.toml b/kube-core/Cargo.toml
@@ -23,6 +23,7 @@ ws = []
 admission = ["json-patch"]
 jsonpatch = ["json-patch"]
 schema = ["schemars"]
+kubelet-debug = []
 
 [dependencies]
 serde = { version = "1.0.130", features = ["derive"] }

diff --git a/kube-core/src/node_proxy.rs → kube-core/src/kubelet_debug.rs b/kube-core/src/node_proxy.rs → kube-core/src/kubelet_debug.rs
diff --git a/kube-core/src/lib.rs b/kube-core/src/lib.rs
@@ -33,7 +33,7 @@ pub use gvk::{GroupVersion, GroupVersionKind, GroupVersionResource};
 pub mod metadata;
 pub use metadata::{ListMeta, ObjectMeta, PartialObjectMeta, PartialObjectMetaExt, TypeMeta};
 
-#[cfg(feature = "ws")] pub mod node_proxy;
+#[cfg(feature = "kubelet-debug")] pub mod kubelet_debug;
 
 pub mod object;
 pub use object::{NotUsed, Object, ObjectList};

diff --git a/kube/Cargo.toml b/kube/Cargo.toml
@@ -28,6 +28,7 @@ openssl-tls = ["kube-client/openssl-tls"]
 
 # auxiliary features
 ws = ["kube-client/ws", "kube-core/ws"]
+kubelet-debug = ["kube-client/kubelet-debug", "kube-core/kubelet-debug"]
 oauth = ["kube-client/oauth"]
 oidc = ["kube-client/oidc"]
 gzip = ["kube-client/gzip"]