chore: fix eks inject shell (#1153)

(cherry picked from commit f6fd684)
apecloud · Nov 7, 2024 · 745bc70 · 745bc70
1 parent b10af9f
commit 745bc70
Show file tree

Hide file tree

Showing 10 changed files with 35 additions and 121 deletions.
diff --git a/addons/etcd/bash-busybox/Dockerfile b/addons/etcd/bash-busybox/Dockerfile
@@ -0,0 +1,7 @@
+FROM debian:bullseye-20241016-slim AS builder
+RUN apt-get update && apt-get install -y bash-static
+
+FROM busybox:1.37.0-musl
+COPY --from=builder /bin/bash-static /bin/bash
+
+CMD ["/bin/bash"]
diff --git a/addons/etcd/scripts-ut-spec/common_spec.sh b/addons/etcd/scripts-ut-spec/common_spec.sh
@@ -4,16 +4,6 @@
 Describe "Common Functions Tests"
   Include ../scripts/common.sh
 
-  setup_mock_commands() {
-    gsed() { echo "gsed called $1"; }
-    sed() { echo "sed called $1"; }
-  }
-
-  restore_mock_commands() {
-    unset -f gsed
-    unset -f sed
-  }
-
   setup_temp_file() {
     config_file=$(mktemp)
   }
@@ -22,46 +12,6 @@ Describe "Common Functions Tests"
     rm "$config_file"
   }
 
-  Describe "check_requirements()"
-    It "returns success when gsed is available on Darwin/BSD"
-      uname() { echo "Darwin"; }
-      which() { return 0; }
-      When call check_requirements
-      The status should be success
-    End
-
-    It "returns failure when gsed is not available on Darwin/BSD"
-      uname() { echo "Darwin"; }
-      which() { return 1; }
-      When call check_requirements
-      The status should be failure
-      The stderr should include "cannot find gsed (required on BSD/Darwin systems)"
-    End
-
-    It "returns success on non-Darwin/BSD systems"
-      uname() { echo "Linux"; }
-      When call check_requirements
-      The status should be success
-    End
-  End
-
-  Describe "universal_sed()"
-    BeforeEach "setup_mock_commands"
-    AfterEach "restore_mock_commands"
-
-    It "uses gsed when available"
-      uname() { echo "Darwin"; }
-      When call universal_sed "foo"
-      The output should include "gsed called foo"
-    End
-
-    It "uses sed when gsed is not available"
-      uname() { echo "Linux"; }
-      When call universal_sed "bar"
-      The output should include "sed called bar"
-    End
-  End
-
   Describe "check_backup_file()"
     It "returns success when backup file is valid"
       etcdutl() { echo "d1ed6c2f, 0, 6, 25 kB"; return 0; }

diff --git a/addons/etcd/scripts-ut-spec/start_spec.sh b/addons/etcd/scripts-ut-spec/start_spec.sh
@@ -22,22 +22,6 @@ Describe "Etcd Start Bash Script Tests"
     ut_mode="true"
   }
 
-  check_requirements() {
-    if [[ $(uname) == "Darwin" || $(uname) == *"BSD"* ]] && ! which gsed > /dev/null 2>&1; then
-      echo "cannot find gsed (required on BSD/Darwin systems)" >&2
-      return 1
-    fi
-    return 0
-  }
-
-  universal_sed() {
-    if [[ $(uname) == "Darwin" || $(uname) == *"BSD"* ]]; then
-      gsed "$@"
-    else
-      sed "$@"
-    fi
-  }
-
   cleanup() {
     rm -f "$real_conf";
     rm -f $common_library_file;
@@ -94,8 +78,6 @@ Describe "Etcd Start Bash Script Tests"
   End
 
   Describe "update_etcd_conf()"
-    BeforeAll "check_requirements"
-
     It "updates the etcd configuration file correctly without tls"
       current_pod_name="etcd-0"
       my_endpoint="etcd-0.etcd-headless.default.svc.cluster.local"
@@ -130,8 +112,6 @@ Describe "Etcd Start Bash Script Tests"
   End
 
   Describe "rebuild_etcd_conf()"
-    BeforeAll "check_requirements"
-
     It "rebuilds the etcd configuration successfully"
       export CURRENT_POD_NAME="etcd-0"
       export PEER_FQDNS="etcd-0.etcd-headless.default.svc.cluster.local,etcd-1.etcd-headless.default.svc.cluster.local"

diff --git a/addons/etcd/scripts/common.sh b/addons/etcd/scripts/common.sh
@@ -5,22 +5,6 @@
 # config file used to bootstrap the etcd cluster
 config_file=$TMP_CONFIG_PATH
 
-check_requirements() {
-  if [[ $(uname) == "Darwin" || $(uname) == *"BSD"* ]] && ! which gsed > /dev/null 2>&1; then
-    echo "cannot find gsed (required on BSD/Darwin systems)" >&2
-    return 1
-  fi
-  return 0
-}
-
-universal_sed() {
-  if [[ $(uname) == "Darwin" || $(uname) == *"BSD"* ]]; then
-    gsed "$@"
-  else
-    sed "$@"
-  fi
-}
-
 check_backup_file() {
   local backup_file=$1
   output=$(etcdutl snapshot status "${backup_file}")
@@ -88,7 +72,7 @@ exec_etcdctl() {
 
 get_current_leader() {
   local leader_endpoint=$1
-  peer_endpoints=$(exec_etcdctl "$leader_endpoint" member list | awk -F', ' '{print $5}' | tr '\n' ',' | universal_sed 's#,$##')
+  peer_endpoints=$(exec_etcdctl "$leader_endpoint" member list | awk -F', ' '{print $5}' | tr '\n' ',' | sed 's#,$##')
   leader_endpoint=$(exec_etcdctl "$peer_endpoints" endpoint status | awk -F', ' '$5=="true" {print $1}')
   if [ -z "$leader_endpoint" ]; then
     echo "leader is not ready" >&2

diff --git a/addons/etcd/scripts/inject-bash.sh b/addons/etcd/scripts/inject-bash.sh
@@ -17,11 +17,7 @@ inject_bash() {
     echo "No need to inject bash for etcd-$version image"
   else
     echo "etcd-$version image build with distroless, injecting brinaries to run scripts"
-    mkdir -p /shell/bin
-    cp /bin/* /shell/bin
-    cp /usr/bin/* /shell/bin
-    cp -r /lib/* /shell
-    cp -r /usr/lib/* /shell
+    cp /bin/* /share/bin
   fi
   return 0
 }

diff --git a/addons/etcd/scripts/start.sh b/addons/etcd/scripts/start.sh
@@ -12,7 +12,6 @@ load_common_library() {
   . "${kblib_common_library_file}"
   # shellcheck source=/scripts/common.sh
   . "${etcd_common_library_file}"
-  check_requirements
 }
 
 log() {
@@ -64,9 +63,10 @@ update_etcd_conf() {
 
   cp "$default_template_conf" "$tpl_conf"
 
-  universal_sed -i "s/^name:.*/name: $current_pod_name/g" "$tpl_conf"
-  universal_sed -i "s#\(initial-advertise-peer-urls: https\?\).*#\\1://$my_endpoint:2380#g" "$tpl_conf"
-  universal_sed -i "s#\(advertise-client-urls: https\?\).*#\\1://$my_endpoint:2379#g" "$tpl_conf"
+  sed -i.bak "s/^name:.*/name: $current_pod_name/g" "$tpl_conf"
+  sed -i.bak "s#\(initial-advertise-peer-urls: http\(s\{0,1\}\)://\).*#\1$my_endpoint:2380#g" "$tpl_conf"
+  sed -i.bak "s#\(advertise-client-urls: http\(s\{0,1\}\)://\).*#\1$my_endpoint:2379#g" "$tpl_conf"
+  rm "$tpl_conf.bak"
 }
 
 rebuild_etcd_conf() {

diff --git a/addons/etcd/templates/_helpers.tpl b/addons/etcd/templates/_helpers.tpl
@@ -135,15 +135,15 @@ Define latest etcd image build with busybox brinaries
 {{- end }}
 
 {{/*
-Define debian image repository
+Define bash-busybox image repository
 */}}
-{{- define "debian.repository" -}}
-{{ .Values.debianImage.registry | default "docker.io" }}/{{ .Values.debianImage.repository }}
+{{- define "bashBusyboxImage.repository" -}}
+{{ .Values.bashBusyboxImage.registry | default "docker.io" }}/{{ .Values.bashBusyboxImage.repository }}
 {{- end }}
 
 {{/*
-Define debian image
+Define bash-busybox image
 */}}
-{{- define "debian.image" -}}
-{{ include "debian.repository" . }}:{{ .Values.debianImage.tag }}
+{{- define "bashBusyboxImage.image" -}}
+{{ include "bashBusyboxImage.repository" . }}:{{ .Values.bashBusyboxImage.tag }}
 {{- end }}
diff --git a/addons/etcd/templates/cmpd.yaml b/addons/etcd/templates/cmpd.yaml
@@ -14,12 +14,12 @@ spec:
   runtime:
     initContainers:
       - name: inject-bash
-        imagePullPolicy: {{default .Values.debianImage.pullPolicy "IfNotPresent"}}
+        imagePullPolicy: {{default .Values.bashBusyboxImage.pullPolicy "IfNotPresent"}}
         volumeMounts:
           - name: scripts
             mountPath: /scripts
-          - name: shell
-            mountPath: /shell
+          - name: bin
+            mountPath: /share/bin
         command:
           - /bin/bash
           - -c
@@ -39,16 +39,13 @@ spec:
             mountPath: /etc/etcd
           - name: scripts
             mountPath: /scripts
-          - name: shell
-            mountPath: /lib
+          - name: bin
+            mountPath: /bin
         command:
-          - /lib/bin/bash
+          - /bin/bash
           - -c
           - |
-            export PATH=$PATH:/lib/bin
-            if [ ! -e /bin/bash ]; then
-              cp /lib/bin/* /bin
-            fi
+            export PATH=$PATH:/bin
             /scripts/start.sh
         env:
           - name: CURRENT_POD_NAME
@@ -57,7 +54,7 @@ spec:
                 apiVersion: v1
                 fieldPath: metadata.name
     volumes:
-      - name: shell
+      - name: bin
         emptyDir: {}
   vars:
     - name: ETCD_VERSION

diff --git a/addons/etcd/templates/cmpv.yaml b/addons/etcd/templates/cmpv.yaml
@@ -15,10 +15,10 @@ spec:
     - name: 3.5.6
       serviceVersion: 3.5.6
       images:
-        inject-bash: {{ include "debian.repository" . }}:bullseye-20241016
+        inject-bash: {{ include "bashBusyboxImage.repository" . }}:1.37.0-musl
         etcd: {{ include "etcd.repository" . }}:v3.5.6
     - name: 3.5.15
       serviceVersion: 3.5.15
       images:
-        inject-bash: {{ include "debian.repository" . }}:bullseye-20241016
+        inject-bash: {{ include "bashBusyboxImage.repository" . }}:1.37.0-musl
         etcd: {{ include "etcd.repository" . }}:v3.5.15
diff --git a/addons/etcd/values.yaml b/addons/etcd/values.yaml
@@ -41,12 +41,12 @@ image:
       # latest version build with distroless(default)
       minor515: v3.5.15
 
-# remain the same lib dir with the original etcd image
-# used to inject bash to distroless etcd image
-debianImage:
-  # if the value of bashImage.registry is not specified using `--set`, it will be set to the value of 'image.registry' by default
+# used to inject static bash and other brinaries to distroless etcd image
+# Dockerfile place in ./bash-busybox
+bashBusyboxImage:
+  # if the value of bashBusyboxImage.registry is not specified using `--set`, it will be set to the value of 'image.registry' by default
   registry: docker.io
-  repository: debian
+  repository: apecloud/bash-busybox
   pullPolicy: IfNotPresent
   # use static compile version
-  tag: bullseye-20241016
+  tag: 1.37.0-musl