#!/usr/bin/env bash
#
# pod debugging tool for kubernetes clusters with docker runtimes

# Copyright © 2019 Hua Zhihao <ihuazhihao@gmail.com>
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

[[ -n $DEBUG ]] && set -x

set -eou pipefail
IFS=$'\n\t'

usage() {
  local SELF
  SELF="kubespy"
  if [[ "$(basename "$0")" == kubectl-* ]]; then
    SELF="kubectl spy"
  fi

  cat <<EOF
kubespy is a pod debugging tool for kubernetes clusters with docker runtimes

Usage:

  $SELF [-c CONTAINER] [-n NAMESPACE] [--spy-image IMAGE] POD

Examples:

  # debug the primary (first) container in pod mypod
  $SELF spy mypod

  # specify pod namespace
  $SELF spy mypod -n default

  # specify debugee container
  $SELF spy mypod -c mycontainer

  # specify spy-image
  $SELF spy mypod --spy-image busybox

  # specify entrypoint for interaction
  $SELF spy mypod --entrypoint /bin/sh

EOF
}

exit_err() {
   echo >&2 "${1}"
   exit 1
}

main() {
  [ $# -eq 0 ] && exit_err "You must specify a pod for spying"

  while [ $# -gt 0 ]; do
      case "$1" in
          -h | --help)
              usage
              exit
              ;;
          -c | --container)
              co="$2"
              shift
              shift
              ;;
          -n | --namespace)
              ns="$2"
              shift
              shift
              ;;
          --spy-image)
              ep="$2"
              shift
              shift
              ;;
          --entrypoint)
              entrypnt="$2"
              shift
              shift
              ;;
          *)
              po="$1"
              shift
              ;;
      esac
  done

  co=${co:-""}
  ns=${ns:-"$(kubectl config view --minify -o 'jsonpath={..namespace}')"}
  ep=${ep:-"docker.io/busybox:latest"}
  entrypnt=${entrypnt:-"/bin/sh"}

  no=$(kubectl -n "${ns}" get pod "${po}" -o "jsonpath={.spec.nodeName}") || exit_err "cannot found Pod ${po}'s nodeName"
  if [[ "${co}" == "" ]]; then
    cid=$(kubectl -n "${ns}" get pod "${po}" -o='jsonpath={.status.containerStatuses[0].containerID}' | sed 's/docker:\/\///')
  else
    cid=$(kubectl -n "${ns}" get pod "${po}" -o='jsonpath={.status.containerStatuses[?(@.name=="'"${co}"'")].containerID}' | sed 's/docker:\/\///')
  fi

  spyid="spy-${cid:0:12}"
  kubectl -n "${ns}" delete po/"${spyid}" &>/dev/null || true

  overrides="$(
  cat <<EOT
{
  "spec": {
    "hostNetwork": true,
    "hostPID": true,
    "hostIPC": true,
    "nodeName": "${no}",
    "containers": [
      {
        "name": "spy",
        "image": "docker.io/busybox:latest",
        "command": [ "/bin/chroot", "/host"],
        "args": [
          "docker",
          "run",
          "-it",
          "--network=container:${cid}",
          "--pid=container:${cid}",
          "--ipc=container:${cid}",
          "--entrypoint=${entrypnt}",
          "--volumes-from=${cid}",
          "${ep}"
        ],
        "stdin": true,
        "stdinOnce": true,
        "tty": true,
        "volumeMounts": [
          {
            "mountPath": "/host",
            "name": "node"
          }
        ]
      }
    ],
    "volumes": [
      {
        "name": "node",
        "hostPath": {
          "path": "/"
        }
      }
    ]
  }
}
EOT
)"

  echo "loading spy pod ${spyid} ..."
  kubectl -n "${ns}" run --rm -i --tty --image="docker.io/busybox:latest" --overrides="${overrides}" --restart=Never "${spyid}" -- "${entrypnt}"
}

main "$@"