how come you removed this? (I'm not sure I disagree, just curious)

The entire code was introduced in #46762 to deal with copying a file into a dir, which is now much simpler. I've wanted to clean this so with this significant changes it was a good time to do it.

What happens here if the destination file is a directory? Can this get confused if the path ends in a /?

Based on https://golang.org/pkg/path/filepath/#Split it should be solid.

Looking at the implementation, it seems like the destination file would be included in the directory if the path end sin a slash, and the file would be "" I think.

I think it's fine, but might be worth adding a test case?

I've added directory test, but that's actually handled a few lines earlier in

destFileName := path.Join(destDir, header.Name[len(prefix):])

destFileName will get cleaned (path.Join calls Clean internally) even if it ends with /.

I haven't had enough time to go through everything to understand the intention here, but I think the symlink checking is probably more aggressive than it should be. Picking up this change breaks existing scripts that copy files to temp directories on Mac.

Please be aware that Mac's default readlink doesn't support canonicalizing a path, so it's not as easy to portably fix on the user's side as you might think (see: stackoverflow).

$ FILE=path/to/file
$ TMPD=$(mktemp -d)
$ kubectl cp --no-preserve "$NAMESPACE/$POD:$FILE" "$TMPD/$FILE" -c $CONTAINER
warning: link "/var/folders/h7/ydd9wql57gdf6883cj9779sm0zsnn7/T/tmp.3TVUBz8Mqe/path/to/file" is pointing to "" which is outside target destination, skipping

$ echo $TMPD
/var/folders/h7/ydd9wql57gdf6883cj9779sm0zsnn7/T/tmp.3TVUBz8Mqe
$ readlink -f $TMPD  # using GNU readlink
/private/var/folders/h7/ydd9wql57gdf6883cj9779sm0zsnn7/T/tmp.3TVUBz8Mqe