feat: add cap for supporting dlv debug

build/dlv.Dockerfile

@@ -0,0 +1,7 @@
+FROM golang:1.19 as delve
+RUN curl --location --output delve-1.20.1.tar.gz https://github.com/go-delve/delve/archive/v1.20.1.tar.gz \
+  && tar xzf delve-1.20.1.tar.gz
+RUN cd delve-1.20.1 && CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -o /go/dlv -ldflags '-extldflags "-static"' ./cmd/dlv/
+FROM busybox
+WORKDIR /duct-tape
+COPY --from=delve /go/dlv go/bin/

pkg/dev/convert.go

@@ -96,6 +96,7 @@ func ConvertKubeResourceToContainer(namespace string, temp v1.PodTemplateSpec, e
 			VolumeDriver:    "",
 			VolumesFrom:     nil,
 			ConsoleSize:     [2]uint{},
+			CapAdd:          strslice.StrSlice{"SYS_PTRACE", "SYS_ADMIN"}, // for dlv
 			CgroupnsMode:    "",
 			DNS:             dnsConfig.Servers,
 			DNSOptions:      []string{fmt.Sprintf("ndots=%d", dnsConfig.Ndots)},
@@ -107,10 +108,10 @@ func ConvertKubeResourceToContainer(namespace string, temp v1.PodTemplateSpec, e
 			Links:           nil,
 			OomScoreAdj:     0,
 			PidMode:         "",
-			Privileged:      false,
+			Privileged:      true,
 			PublishAllPorts: false,
 			ReadonlyRootfs:  false,
-			SecurityOpt:     nil,
+			SecurityOpt:     []string{"apparmor=unconfined", "seccomp=unconfined"},
 			StorageOpt:      nil,
 			Tmpfs:           nil,
 			UTSMode:         "",
@@ -138,7 +139,7 @@ func ConvertKubeResourceToContainer(namespace string, temp v1.PodTemplateSpec, e
 		hostConfig.PortBindings = portmap
 		config.ExposedPorts = portset
 		if c.SecurityContext != nil && c.SecurityContext.Capabilities != nil {
-			hostConfig.CapAdd = *(*strslice.StrSlice)(unsafe.Pointer(&c.SecurityContext.Capabilities.Add))
+			hostConfig.CapAdd = append(hostConfig.CapAdd, *(*strslice.StrSlice)(unsafe.Pointer(&c.SecurityContext.Capabilities.Add))...)
 			hostConfig.CapDrop = *(*strslice.StrSlice)(unsafe.Pointer(&c.SecurityContext.Capabilities.Drop))
 		}
 		var suffix string
@@ -222,7 +223,8 @@ func GetVolume(ctx context.Context, f util.Factory, ns, pod string) (map[string]
 			}
 			err = copyOptions.Run()
 			if err != nil {
-				return nil, err
+				_, _ = fmt.Fprintf(os.Stderr, "Can not download volume %s path %s, ignore...", volumeMount.Name, volumeMount.MountPath)
+				continue
 			}
 			m = append(m, mount.Mount{
 				Type:   mount.TypeBind,

pkg/dev/option.go

@@ -44,6 +44,7 @@ func fillOptions(r Run, copts Options) error {
 		} else {
 			config.config.Entrypoint = strslice.StrSlice{copts.Entrypoint}
 		}
+		config.config.Cmd = []string{}
 	}
 	if copts.Platform != "" {
 		split := strings.Split(copts.Platform, "/")

pkg/dev/run.go

@@ -45,7 +45,7 @@ func run(ctx context.Context, runConfig *RunConfig, cli *client.Client) (err err
 	if needPull {
 		var readCloser io.ReadCloser
 		var plat string
-		if runConfig.platform.Architecture != "" && runConfig.platform.OS != "" {
+		if runConfig.platform != nil && runConfig.platform.Architecture != "" && runConfig.platform.OS != "" {
 			plat = fmt.Sprintf("%s/%s", runConfig.platform.OS, runConfig.platform.Architecture)
 		}
 		readCloser, err = cli.ImagePull(ctx, config.Image, types.ImagePullOptions{Platform: plat})

pkg/util/cp/cp.go

@@ -209,7 +209,7 @@ func (t *TarPipe) initReadFrom(n uint64) {
 
 	go func() {
 		defer t.outStream.Close()
-		cmdutil.CheckErr(t.o.execute(options))
+		t.o.execute(options)
 	}()
 }