The ‘kubectl cp‘ command is a convenient way to get files into and out of remote containers, however it requires that the ‘tar’ utility be installed inside the container.
There are many images that have removed this utility because of the identified security vulnerability, while others have removed it due to the adoption of the distroless philosophy to minimize overhead and reduce attack surfaces as a principle.
Luckily ‘kubectl exec’ is still an option for moving both text and binary files into and out of containers. For example, here is how you would take the local binary file named “local.png” and copy it to a pod, and then copy it back to the local file system.
ns=default pod_name=mypod-xxx # copy local file to pod cat local.png | kubectl exec -i $pod_name -n $ns -- tee /tmp/pod.png >/dev/null # copy file back from pod to local filesystem kubectl exec -i $pod_name -n $ns -- cat /tmp/pod.png > frompod.png # should be no differences cmp -l local.png frompod.png
Along the same lines, here is how you would take a local binary file named “local.png” and copy it to a deployment container, and then copy it back to the local file system.
deployment_name=mydeployment container_name=mycontainer # copy local file to deployment container cat local.png | kubectl exec -i deployment/$deployment_name -n $ns -c $container_name -- tee /tmp/deployment.png >/dev/null # copy file back from deployment container to local filesystem kubectl exec -i deployment/$deployment_name -n $ns -c $container_name -- cat /tmp/deployment.png > fromdeployment.png # should be no differences cmp -l local.png fromdeployment.png
REFERENCES
kubectl cp – command reference
CVE-2019-1002101 Symlink attack in kubectl cp
Kubernetes issue asking for kubectl cp functionality without tar
NOTES
Example of error from ‘kubectl cp’ when pod does not have tar utility
error: Internal error occurred: error executing command in container: failed to exec in container: failed to start exec "1fd899ca136ded633904f2bd8238e4a73ff6891c81b55bb2a451a1fc3b8934d3": OCI runtime exec failed: exec failed: unable to start container process: exec: "tar": executable file not found in $PATH: unknown