Skip to content

Commit

Permalink
Support rootless busybox in toolset (#1042)
Browse files Browse the repository at this point in the history 
* Make busybox rootless

* Add option installBusybox
  • Loading branch information
@ciiiii
ciiiii authored Jun 20, 2023
1 parent 839aa96 commit 3935361
Show file tree
Hide file tree
Showing 2 changed files with 16 additions and 3 deletions.
18 changes: 15 additions & 3 deletions charts/sn-platform/templates/toolset/toolset-statefulset.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -72,6 +72,7 @@ spec:
{{ toYaml .Values.toolset.tolerations | indent 8 }}
{{- end }}
terminationGracePeriodSeconds: {{ .Values.toolset.gracePeriod }}
{{- if .Values.toolset.installBusybox }}
initContainers:
- name: busybox
image: "{{ .Values.images.toolset.busybox.repository }}:{{ .Values.images.toolset.busybox.tag }}"
Expand All @@ -83,13 +84,20 @@ spec:
command: ["sh", "-c"]
args:
- |
set -ex
cd /home
mkdir binaries;
busybox --install -s binaries;
cp binaries/* /tmp/binaries;
cp /bin/busybox /tmp/binaries;
cp binaries/* tmp/binaries;
cp /bin/busybox tmp/binaries;
securityContext:
runAsUser: 65534
runAsGroup: 65534
runAsNonRoot: true
volumeMounts:
- name: binaries
mountPath: /tmp/binaries
mountPath: /home/tmp/binaries
{{- end }}
containers:
- name: "pulsar"
{{- include "pulsar.toolset.image" . | nindent 8 }}
Expand All @@ -116,12 +124,14 @@ spec:
{{ toYaml . | indent 8 }}
{{- end }}
volumeMounts:
{{- if .Values.toolset.installBusybox }}
- name: binaries
mountPath: /bin/busybox
subPath: busybox
- name: binaries
mountPath: /bin/vi
subPath: vi
{{- end }}
{{- include "pulsar.toolset.certs.volumeMounts" . | nindent 8 }}
{{- include "pulsar.toolset.token.volumeMounts" . | nindent 8 }}
{{- include "pulsar.toolset.log.volumeMounts" . | nindent 8 }}
Expand Down Expand Up @@ -160,8 +170,10 @@ spec:
{{- end }}
{{- end }}
volumes:
{{- if .Values.toolset.installBusybox }}
- name: binaries
emptyDir: {}
{{- end }}
{{- include "pulsar.toolset.certs.volumes" . | nindent 6 }}
{{- include "pulsar.toolset.token.volumes" . | nindent 6 }}
{{- include "pulsar.toolset.log.volumes" . | nindent 6 }}
Expand Down
1 change: 1 addition & 0 deletions charts/sn-platform/values.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1560,6 +1560,7 @@ proxy:
toolset:
component: toolset
useProxy: false
installBusybox: true
replicaCount: 1
# nodeSelector:
# cloud.google.com/gke-nodepool: default-pool
Expand Down

0 comments on commit 3935361

Please sign in to comment.