From 745bc70c3fe1280770a2b1c6b1e75df8a3044a7a Mon Sep 17 00:00:00 2001 From: loomt <loomt_@outlook.com> Date: Thu, 7 Nov 2024 15:09:02 +0800 Subject: [PATCH] chore: fix eks inject shell (#1153) (cherry picked from commit f6fd684df79a4e3b5b4bc6166201aee0dcc6282c) --- addons/etcd/bash-busybox/Dockerfile | 7 +++ addons/etcd/scripts-ut-spec/common_spec.sh | 50 ---------------------- addons/etcd/scripts-ut-spec/start_spec.sh | 20 --------- addons/etcd/scripts/common.sh | 18 +------- addons/etcd/scripts/inject-bash.sh | 6 +-- addons/etcd/scripts/start.sh | 8 ++-- addons/etcd/templates/_helpers.tpl | 12 +++--- addons/etcd/templates/cmpd.yaml | 19 ++++---- addons/etcd/templates/cmpv.yaml | 4 +- addons/etcd/values.yaml | 12 +++--- 10 files changed, 35 insertions(+), 121 deletions(-) create mode 100644 addons/etcd/bash-busybox/Dockerfile diff --git a/addons/etcd/bash-busybox/Dockerfile b/addons/etcd/bash-busybox/Dockerfile new file mode 100644 index 000000000..7c6a03d6b --- /dev/null +++ b/addons/etcd/bash-busybox/Dockerfile @@ -0,0 +1,7 @@ +FROM debian:bullseye-20241016-slim AS builder +RUN apt-get update && apt-get install -y bash-static + +FROM busybox:1.37.0-musl +COPY --from=builder /bin/bash-static /bin/bash + +CMD ["/bin/bash"] \ No newline at end of file diff --git a/addons/etcd/scripts-ut-spec/common_spec.sh b/addons/etcd/scripts-ut-spec/common_spec.sh index 284046aba..11de186ed 100644 --- a/addons/etcd/scripts-ut-spec/common_spec.sh +++ b/addons/etcd/scripts-ut-spec/common_spec.sh @@ -4,16 +4,6 @@ Describe "Common Functions Tests" Include ../scripts/common.sh - setup_mock_commands() { - gsed() { echo "gsed called $1"; } - sed() { echo "sed called $1"; } - } - - restore_mock_commands() { - unset -f gsed - unset -f sed - } - setup_temp_file() { config_file=$(mktemp) } @@ -22,46 +12,6 @@ Describe "Common Functions Tests" rm "$config_file" } - Describe "check_requirements()" - It "returns success when gsed is available on Darwin/BSD" - uname() { echo "Darwin"; } - which() { return 0; } - When call check_requirements - The status should be success - End - - It "returns failure when gsed is not available on Darwin/BSD" - uname() { echo "Darwin"; } - which() { return 1; } - When call check_requirements - The status should be failure - The stderr should include "cannot find gsed (required on BSD/Darwin systems)" - End - - It "returns success on non-Darwin/BSD systems" - uname() { echo "Linux"; } - When call check_requirements - The status should be success - End - End - - Describe "universal_sed()" - BeforeEach "setup_mock_commands" - AfterEach "restore_mock_commands" - - It "uses gsed when available" - uname() { echo "Darwin"; } - When call universal_sed "foo" - The output should include "gsed called foo" - End - - It "uses sed when gsed is not available" - uname() { echo "Linux"; } - When call universal_sed "bar" - The output should include "sed called bar" - End - End - Describe "check_backup_file()" It "returns success when backup file is valid" etcdutl() { echo "d1ed6c2f, 0, 6, 25 kB"; return 0; } diff --git a/addons/etcd/scripts-ut-spec/start_spec.sh b/addons/etcd/scripts-ut-spec/start_spec.sh index 0722c9cac..8a4b779b0 100644 --- a/addons/etcd/scripts-ut-spec/start_spec.sh +++ b/addons/etcd/scripts-ut-spec/start_spec.sh @@ -22,22 +22,6 @@ Describe "Etcd Start Bash Script Tests" ut_mode="true" } - check_requirements() { - if [[ $(uname) == "Darwin" || $(uname) == *"BSD"* ]] && ! which gsed > /dev/null 2>&1; then - echo "cannot find gsed (required on BSD/Darwin systems)" >&2 - return 1 - fi - return 0 - } - - universal_sed() { - if [[ $(uname) == "Darwin" || $(uname) == *"BSD"* ]]; then - gsed "$@" - else - sed "$@" - fi - } - cleanup() { rm -f "$real_conf"; rm -f $common_library_file; @@ -94,8 +78,6 @@ Describe "Etcd Start Bash Script Tests" End Describe "update_etcd_conf()" - BeforeAll "check_requirements" - It "updates the etcd configuration file correctly without tls" current_pod_name="etcd-0" my_endpoint="etcd-0.etcd-headless.default.svc.cluster.local" @@ -130,8 +112,6 @@ Describe "Etcd Start Bash Script Tests" End Describe "rebuild_etcd_conf()" - BeforeAll "check_requirements" - It "rebuilds the etcd configuration successfully" export CURRENT_POD_NAME="etcd-0" export PEER_FQDNS="etcd-0.etcd-headless.default.svc.cluster.local,etcd-1.etcd-headless.default.svc.cluster.local" diff --git a/addons/etcd/scripts/common.sh b/addons/etcd/scripts/common.sh index 2a785f6fb..b0cccf409 100644 --- a/addons/etcd/scripts/common.sh +++ b/addons/etcd/scripts/common.sh @@ -5,22 +5,6 @@ # config file used to bootstrap the etcd cluster config_file=$TMP_CONFIG_PATH -check_requirements() { - if [[ $(uname) == "Darwin" || $(uname) == *"BSD"* ]] && ! which gsed > /dev/null 2>&1; then - echo "cannot find gsed (required on BSD/Darwin systems)" >&2 - return 1 - fi - return 0 -} - -universal_sed() { - if [[ $(uname) == "Darwin" || $(uname) == *"BSD"* ]]; then - gsed "$@" - else - sed "$@" - fi -} - check_backup_file() { local backup_file=$1 output=$(etcdutl snapshot status "${backup_file}") @@ -88,7 +72,7 @@ exec_etcdctl() { get_current_leader() { local leader_endpoint=$1 - peer_endpoints=$(exec_etcdctl "$leader_endpoint" member list | awk -F', ' '{print $5}' | tr '\n' ',' | universal_sed 's#,$##') + peer_endpoints=$(exec_etcdctl "$leader_endpoint" member list | awk -F', ' '{print $5}' | tr '\n' ',' | sed 's#,$##') leader_endpoint=$(exec_etcdctl "$peer_endpoints" endpoint status | awk -F', ' '$5=="true" {print $1}') if [ -z "$leader_endpoint" ]; then echo "leader is not ready" >&2 diff --git a/addons/etcd/scripts/inject-bash.sh b/addons/etcd/scripts/inject-bash.sh index f1aad7ab3..3599e9218 100644 --- a/addons/etcd/scripts/inject-bash.sh +++ b/addons/etcd/scripts/inject-bash.sh @@ -17,11 +17,7 @@ inject_bash() { echo "No need to inject bash for etcd-$version image" else echo "etcd-$version image build with distroless, injecting brinaries to run scripts" - mkdir -p /shell/bin - cp /bin/* /shell/bin - cp /usr/bin/* /shell/bin - cp -r /lib/* /shell - cp -r /usr/lib/* /shell + cp /bin/* /share/bin fi return 0 } diff --git a/addons/etcd/scripts/start.sh b/addons/etcd/scripts/start.sh index 5be444056..21f706168 100644 --- a/addons/etcd/scripts/start.sh +++ b/addons/etcd/scripts/start.sh @@ -12,7 +12,6 @@ load_common_library() { . "${kblib_common_library_file}" # shellcheck source=/scripts/common.sh . "${etcd_common_library_file}" - check_requirements } log() { @@ -64,9 +63,10 @@ update_etcd_conf() { cp "$default_template_conf" "$tpl_conf" - universal_sed -i "s/^name:.*/name: $current_pod_name/g" "$tpl_conf" - universal_sed -i "s#\(initial-advertise-peer-urls: https\?\).*#\\1://$my_endpoint:2380#g" "$tpl_conf" - universal_sed -i "s#\(advertise-client-urls: https\?\).*#\\1://$my_endpoint:2379#g" "$tpl_conf" + sed -i.bak "s/^name:.*/name: $current_pod_name/g" "$tpl_conf" + sed -i.bak "s#\(initial-advertise-peer-urls: http\(s\{0,1\}\)://\).*#\1$my_endpoint:2380#g" "$tpl_conf" + sed -i.bak "s#\(advertise-client-urls: http\(s\{0,1\}\)://\).*#\1$my_endpoint:2379#g" "$tpl_conf" + rm "$tpl_conf.bak" } rebuild_etcd_conf() { diff --git a/addons/etcd/templates/_helpers.tpl b/addons/etcd/templates/_helpers.tpl index c067186e2..882821ec0 100644 --- a/addons/etcd/templates/_helpers.tpl +++ b/addons/etcd/templates/_helpers.tpl @@ -135,15 +135,15 @@ Define latest etcd image build with busybox brinaries {{- end }} {{/* -Define debian image repository +Define bash-busybox image repository */}} -{{- define "debian.repository" -}} -{{ .Values.debianImage.registry | default "docker.io" }}/{{ .Values.debianImage.repository }} +{{- define "bashBusyboxImage.repository" -}} +{{ .Values.bashBusyboxImage.registry | default "docker.io" }}/{{ .Values.bashBusyboxImage.repository }} {{- end }} {{/* -Define debian image +Define bash-busybox image */}} -{{- define "debian.image" -}} -{{ include "debian.repository" . }}:{{ .Values.debianImage.tag }} +{{- define "bashBusyboxImage.image" -}} +{{ include "bashBusyboxImage.repository" . }}:{{ .Values.bashBusyboxImage.tag }} {{- end }} \ No newline at end of file diff --git a/addons/etcd/templates/cmpd.yaml b/addons/etcd/templates/cmpd.yaml index 245c2d2c8..96575b8d4 100644 --- a/addons/etcd/templates/cmpd.yaml +++ b/addons/etcd/templates/cmpd.yaml @@ -14,12 +14,12 @@ spec: runtime: initContainers: - name: inject-bash - imagePullPolicy: {{default .Values.debianImage.pullPolicy "IfNotPresent"}} + imagePullPolicy: {{default .Values.bashBusyboxImage.pullPolicy "IfNotPresent"}} volumeMounts: - name: scripts mountPath: /scripts - - name: shell - mountPath: /shell + - name: bin + mountPath: /share/bin command: - /bin/bash - -c @@ -39,16 +39,13 @@ spec: mountPath: /etc/etcd - name: scripts mountPath: /scripts - - name: shell - mountPath: /lib + - name: bin + mountPath: /bin command: - - /lib/bin/bash + - /bin/bash - -c - | - export PATH=$PATH:/lib/bin - if [ ! -e /bin/bash ]; then - cp /lib/bin/* /bin - fi + export PATH=$PATH:/bin /scripts/start.sh env: - name: CURRENT_POD_NAME @@ -57,7 +54,7 @@ spec: apiVersion: v1 fieldPath: metadata.name volumes: - - name: shell + - name: bin emptyDir: {} vars: - name: ETCD_VERSION diff --git a/addons/etcd/templates/cmpv.yaml b/addons/etcd/templates/cmpv.yaml index 479b6fc9e..d6c5482d7 100644 --- a/addons/etcd/templates/cmpv.yaml +++ b/addons/etcd/templates/cmpv.yaml @@ -15,10 +15,10 @@ spec: - name: 3.5.6 serviceVersion: 3.5.6 images: - inject-bash: {{ include "debian.repository" . }}:bullseye-20241016 + inject-bash: {{ include "bashBusyboxImage.repository" . }}:1.37.0-musl etcd: {{ include "etcd.repository" . }}:v3.5.6 - name: 3.5.15 serviceVersion: 3.5.15 images: - inject-bash: {{ include "debian.repository" . }}:bullseye-20241016 + inject-bash: {{ include "bashBusyboxImage.repository" . }}:1.37.0-musl etcd: {{ include "etcd.repository" . }}:v3.5.15 \ No newline at end of file diff --git a/addons/etcd/values.yaml b/addons/etcd/values.yaml index edaed6c9f..7295b845f 100644 --- a/addons/etcd/values.yaml +++ b/addons/etcd/values.yaml @@ -41,12 +41,12 @@ image: # latest version build with distroless(default) minor515: v3.5.15 -# remain the same lib dir with the original etcd image -# used to inject bash to distroless etcd image -debianImage: - # if the value of bashImage.registry is not specified using `--set`, it will be set to the value of 'image.registry' by default +# used to inject static bash and other brinaries to distroless etcd image +# Dockerfile place in ./bash-busybox +bashBusyboxImage: + # if the value of bashBusyboxImage.registry is not specified using `--set`, it will be set to the value of 'image.registry' by default registry: docker.io - repository: debian + repository: apecloud/bash-busybox pullPolicy: IfNotPresent # use static compile version - tag: bullseye-20241016 \ No newline at end of file + tag: 1.37.0-musl \ No newline at end of file