-
Notifications
You must be signed in to change notification settings - Fork 7.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Merge proxy_init image with proxyv2 image #17615
Changes from 6 commits
8524257
6aaad59
786831a
d3ccb88
3c0a604
efe480e
d4be86f
eb12288
2a3a034
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -7,6 +7,8 @@ FROM docker.io/istio/base:${BASE_VERSION} as default | |
ARG proxy_version | ||
ARG istio_version | ||
|
||
COPY istio-iptables.sh /usr/local/bin/istio-iptables | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Could you use the same file name we had before ? No reason to rename stuff. I believe the pilot startup script for mesh expansion is loading this file as well. I thought we already include it... There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. We need distroless and ubuntu to share the same file name. So I think its either this or make the distroless one |
||
|
||
# Install Envoy. | ||
COPY envoy /usr/local/bin/envoy | ||
|
||
|
This file was deleted.
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -14,10 +14,19 @@ COPY gcp_envoy_bootstrap.json /var/lib/istio/envoy/gcp_envoy_bootstrap_tmpl.json | |
|
||
RUN chown -R istio-proxy /var/lib/istio | ||
|
||
COPY istio-iptables.sh /usr/local/bin/istio-iptables | ||
|
||
# The following section is used as base image if BASE_DISTRIBUTION=distroless | ||
# hadolint ignore=DL3007 | ||
FROM gcr.io/distroless/cc:latest as distroless | ||
|
||
COPY --from=default /sbin/xtables-multi /sbin/iptables* /sbin/ip6tables* /sbin/ip /sbin/ | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. That's the part I don't like about distroless, and I'm pretty worried this will create problems. This will override the 'distroless' lib with the libs from default. Is the default on the same glibc as distroless ? ( we do have this problem for envoy as well, but only in the sense that envoy build may be on an incompatible glibc and not work - we're not replacing/overriding .so files in the distroless base ). There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. I don't like this either, but for what its worth this is not new in this PR, it is copied over from proxy_init. |
||
COPY --from=default /usr/lib/x86_64-linux-gnu/xtables/ /usr/lib/x86_64-linux-gnu/xtables | ||
COPY --from=default /usr/lib/x86_64-linux-gnu/ /usr/lib/x86_64-linux-gnu | ||
COPY --from=default /etc/iproute2 /etc/iproute2 | ||
|
||
COPY istio-iptables /usr/local/bin/istio-iptables | ||
|
||
# Copy Envoy bootstrap templates used by pilot-agent | ||
COPY envoy_bootstrap_v2.json /var/lib/istio/envoy/envoy_bootstrap_tmpl.json | ||
COPY envoy_bootstrap_drain.json /var/lib/istio/envoy/envoy_bootstrap_drain.json | ||
|
@@ -43,7 +52,6 @@ COPY pilot-agent /usr/local/bin/pilot-agent | |
COPY envoy_pilot.yaml.tmpl /etc/istio/proxy/envoy_pilot.yaml.tmpl | ||
COPY envoy_policy.yaml.tmpl /etc/istio/proxy/envoy_policy.yaml.tmpl | ||
COPY envoy_telemetry.yaml.tmpl /etc/istio/proxy/envoy_telemetry.yaml.tmpl | ||
COPY istio-iptables.sh /usr/local/bin/istio-iptables.sh | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Confused - why do you move this line up ? (and again, why rename ) There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. In distroless we use the golang implementation, in ubuntu we use bash. If it is here then its adding the bash one to distroless |
||
|
||
# The pilot-agent will bootstrap Envoy. | ||
ENTRYPOINT ["/usr/local/bin/pilot-agent"] |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I don't remember exactly - but for 'distroless' ( without a shell ) I thought it's a special format, and includes full path ?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Distroless still has
$PATH
I think, this seemed to work fine, and we have distroless tests