Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Use debian-base instead of busybox as base image for server images #70245

Merged
merged 1 commit into from
Oct 29, 2018
Merged

Use debian-base instead of busybox as base image for server images #70245

merged 1 commit into from
Oct 29, 2018

Conversation

ixdy
Copy link
Member

@ixdy ixdy commented Oct 25, 2018

What type of PR is this?
/kind cleanup

What this PR does / why we need it: standardizes on debian-base for the server images instead of busybox, per #40248 (comment).

Using debian-base also ensures we use a consistent libc (glibc instead of musl libc), allows better security scanning on gcr.io, avoids weird compatibility bugs like #69195, and may even use marginally less space on nodes, since debian-iptables is based on it and is already included on all nodes for kube-proxy.

Does this PR introduce a user-facing change?:

Use debian-base instead of busybox as base image for server images

/assign @BenTheElder @cblecker @dims
cc @tallclair @AishSundar @simony-gke @listx
/sig release

@k8s-ci-robot k8s-ci-robot added the release-note Denotes a PR that will be considered when it comes time to generate release notes. label Oct 25, 2018
@k8s-ci-robot k8s-ci-robot added kind/cleanup Categorizes issue or PR as related to cleaning up code, process, or technical debt. size/M Denotes a PR that changes 30-99 lines, ignoring generated files. sig/release Categorizes an issue or PR as relevant to SIG Release. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. labels Oct 25, 2018
@k8s-ci-robot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: ixdy

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@k8s-ci-robot k8s-ci-robot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Oct 25, 2018
@tallclair
Copy link
Member

xref: #70102 or #69333

I'm hoping that once we resolve either of those, we can just rebase these on scratch (doesn't address #69195 though)

@ixdy
Copy link
Member Author

ixdy commented Oct 25, 2018
edited
Loading

doesn't address #69195 though

We could probably use scratch-with-/etc/nsswitch.conf like we do for busybox now, though it might need an /etc/hosts too...

@ixdy
Copy link
Member Author

ixdy commented Oct 25, 2018

bazel flake bazelbuild/bazel#6136
/retest

cblecker
cblecker approved these changes Oct 25, 2018
View reviewed changes
Copy link
Member

@cblecker cblecker left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/lgtm
/hold

Holding for any further review, but I'm supportive of standardizing on debian-base as opposed to busybox.

BenTheElder
BenTheElder reviewed Oct 25, 2018
View reviewed changes
build/common.sh
kube-controller-manager,"k8s.gcr.io/debian-base-${arch}:${debian_base_version}"
kube-scheduler,"k8s.gcr.io/debian-base-${arch}:${debian_base_version}"
kube-proxy,"k8s.gcr.io/debian-iptables-${arch}:${debian_iptables_version}"
)
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this alone is wonderful, thanks :-)

BenTheElder
BenTheElder reviewed Oct 25, 2018
View reviewed changes
build/BUILD
# ensure /etc/nsswitch.conf exists so go's resolver respects /etc/hosts
container_image(
name = "busybox-with-nsswitch",
base = "@official_busybox//image",
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

are we using this image elsewhere? otherwise we can also remove from WORKSPACE

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

cluster/images/kubemark/BUILD uses it. I was planning to switch it to debian-base and then remove it here in a follow-up PR; I wanted to keep this one focused on the server images.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

SGTM 👍

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I kinda forgot about this, but now updating the kubemark image in #73539.

BenTheElder
BenTheElder approved these changes Oct 25, 2018
View reviewed changes
Copy link
Member

@BenTheElder BenTheElder left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/lgtm

@k8s-ci-robot k8s-ci-robot added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Oct 25, 2018
@BenTheElder
Copy link
Member

We could probably use scratch-with-/etc/nsswitch.conf like we do for busybox now, though it might need an /etc/hosts too...

/etc/hosts is populated by Kubernetes. Adding /etc/nsswitch.conf should be fine

@BenTheElder
Copy link
Member

re-iterating from @cblecker since it seemed to not stick...
/hold

@k8s-ci-robot k8s-ci-robot added the do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. label Oct 25, 2018
@tallclair
Copy link
Member

xref: #70249

@ixdy
Copy link
Member Author

ixdy commented Oct 29, 2018

any objections from anyone?

@dims
Copy link
Member

dims commented Oct 29, 2018

No objections. 🚢 it !

@BenTheElder
Copy link
Member

:shipit:
/hold cancel

@k8s-ci-robot k8s-ci-robot removed the do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. label Oct 29, 2018
@k8s-ci-robot k8s-ci-robot merged commit f698f0f into kubernetes:master Oct 29, 2018
@shashidharatd shashidharatd mentioned this pull request Nov 14, 2018
Merged
@dims dims mentioned this pull request Nov 14, 2018
Closed
10 tasks
@ixdy ixdy mentioned this pull request Jan 30, 2019
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@BenTheElder BenTheElder BenTheElder approved these changes

@cblecker cblecker cblecker approved these changes

@spiffxp spiffxp Awaiting requested review from spiffxp

Assignees

@dims dims

@BenTheElder BenTheElder

@cblecker cblecker

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. kind/cleanup Categorizes issue or PR as related to cleaning up code, process, or technical debt. lgtm "Looks good to me", indicates that a PR is ready to be merged. release-note Denotes a PR that will be considered when it comes time to generate release notes. sig/release Categorizes an issue or PR as relevant to SIG Release. size/M Denotes a PR that changes 30-99 lines, ignoring generated files.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
6 participants
@ixdy @k8s-ci-robot @tallclair @BenTheElder @dims @cblecker