-
Notifications
You must be signed in to change notification settings - Fork 149
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add init container to inject remote binary. #233
Add init container to inject remote binary. #233
Conversation
Signed-off-by: Oleksandr Andriienko <oandriie@redhat.com>
hello, I think it's missing a lot of content in the description of the PR as well in referenced PR |
What is the impact on docs for this change? #definitionOfDone |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
What is the timeline on moving the remote runtime injector to an eclipse-owned image repo?
I'm sorry, I hurry up yesterday and wrote bad description. I updated description. |
Signed-off-by: Oleksandr Andriienko <oandriie@redhat.com>
Signed-off-by: Oleksandr Andriienko <oandriie@redhat.com>
acae3cc
to
a2fe53e
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
How will this affect compatibility between versions of Che pre-remote injection and post-remote injection?
Is it possible to break existing workspaces by updating to a new release of the plugin registry?
command: | ||
- sh | ||
- -c | ||
- /before-start.sh && ${PLUGIN_REMOTE_ENDPOINT_EXECUTABLE} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I don't really like the idea of updating all our old versions of plugins, especially since it requires understanding how remote plugin runner starts up; I think the entrypoint update should either be done in the plugin runner image or by the plugin broker when it provisions a remote runtime injector.
Also, does overriding this remove the UID fixes in the generic remote runtime entrypoint?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Preferably the plugin runner images could be updated to automatically look for and execute the injected runtime executable.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think the entrypoint update should either be done in the plugin runner image or by the plugin broker when it provisions a remote runtime injector
+1
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Preferably the plugin runner images could be updated to automatically look for and execute the injected runtime executable.
@amisevsk @davidfestal one of our goal for remote binary is ability to reuse existed rhel, ubi images without patching and rebuilding this images for CodeReady workspaces. And there a lot of VsCode extension which could work without UID fixes. But to improve this flow we really can use alternative solution. In the image with remote binary we can provide one more file - some script entrypoint.sh. Instead of running remote-binary in a straight way we will start it using this script. And this script could do some additional work: on start take a look if in the root '/' located entrypoint.sh - than start it and detach, if we don't have this file script could try to do uid fix and the end execute remote binary.
Proposed draft content:
entrypoint.sh for remote binary
#!/bin/sh
fixUID() {
# Ensure $HOME exists when starting
if [ ! -d "${HOME}" ]; then
mkdir -p "${HOME}"
fi
# Setup $PS1 for a consistent and reasonable prompt
if [ -w "${HOME}" ] && [ ! -f "${HOME}"/.bashrc ]; then
echo "PS1='\s-\v \w \$ '" > "${HOME}"/.bashrc
fi
# Add current (arbitrary) user to /etc/passwd
if ! whoami 2>&1 /dev/null; then
if [ -w /etc/passwd ]; then
echo "${USER_NAME:-user}:x:$(id -u):0:${USER_NAME:-user} user:${HOME}:/bin/bash" >> /etc/passwd
fi
fi
}
if [ -f "/entrypoint.sh" ]; then
/entrypoint.sh &
else
fixUID
fi
${PLUGIN_REMOTE_ENDPOINT_EXECUTABLE}
@amisevsk @davidfestal This solution is OK for you?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@AndrienkoAleksandr +1 to that suggestion; I'd prefer to not have to override entrypoint on plugin runner -- ideally we could add this functionality without changing meta.yamls in the plugin registry.
Signed-off-by: Yevhen Vydolob <yvydolob@redhat.com>
Signed-off-by: Oleksandr Andriienko <oandriie@redhat.com>
…lipse/che-plugin-registry into addInitContainerToInjectRemoteBinary1
…addInitContainerToInjectRemoteBinary1
Signed-off-by: Oleksandr Andriienko <oandriie@redhat.com>
Should you do |
Also you're creating |
The way to do this would be to |
It was merged.
For older theia runtime injection doesn't work, because in the old che-theia meta.yaml we don't have information about init container with runime injection, so they will work in the same way like earlier. |
Hmm... I really meant process detach with &. Because I think about case when user hardcoded in the entrypoint.sh launching some endless process. |
…addInitContainerToInjectRemoteBinary1
@amisevsk @benoitf @nickboldt I created pr to apply entrypoint.sh for remote binary, but seems we don't have common opinion how it should be. Could we consider eclipse-che/che-theia#499 what should we do? Because it would be nice to merge remote binary feature earlier to save time for testing and we need it for code-ready. |
Signed-off-by: Oleksandr Andriienko <oandriie@redhat.com>
Signed-off-by: Oleksandr Andriienko <oandriie@redhat.com>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hey @AndrienkoAleksandr, sorry I forgot to update on this issue.
I think the way to finish this task would be to
- Remove entrypoint overrides from plugin meta.yamls
- Update plugin runner images to be structured
ENTRYPOINT <whatever entrypoint script we need, e.g. UID fix> CMD <path to remote binary executable>
Basically, going forward (release 7.4.0 or whenever we enable runtime injection), plugin runner images should expect to have a ${PLUGIN_REMOTE_EXECUTABLE}
and be written so that their entrypoint and command do not need to be updated at runtime.
What do you think about this solution? Is there a reason it wouldn't work?
Hello, I think it should work. But than we have two options: 1) remove override Dockerfile#Entrypoint => eclipse-che/che-plugin-broker#79 at all 2) Change code and instead of override Dockerfile#Entrypoint we can override Dockerfile#CMD . What is the best way 1) or 2) ? P.S. yes, for both cases we also should change images and remove entrypoints from plugin-registry. |
@AndrienkoAleksandr I would favor option 1, but both make sense to me so whichever is easier to test/implement works. The downside to option 2 (plugin broker overrides dockerfile CMD (k8s |
Signed-off-by: Oleksandr Andriienko <oandriie@redhat.com>
…addInitContainerToInjectRemoteBinary1
@amisevsk @benoitf @sleshchenko pr updated. |
* Add init container to inject remote binary. Signed-off-by: Oleksandr Andriienko <oandriie@redhat.com> * Fix up Signed-off-by: Oleksandr Andriienko <oandriie@redhat.com> * Fix image organization. Signed-off-by: Oleksandr Andriienko <oandriie@redhat.com> * Use settings.xml patching for java images. Signed-off-by: Oleksandr Andriienko <oandriie@redhat.com> * Fix up. Signed-off-by: Oleksandr Andriienko <oandriie@redhat.com> * Use 'entrypoint.sh' script to start remote plugin binary Signed-off-by: Yevhen Vydolob <yvydolob@redhat.com> * Apply all oc 0.21 dependencies. Signed-off-by: Oleksandr Andriienko <oandriie@redhat.com> * Apply all needed dependencies for oc-connector. Signed-off-by: Oleksandr Andriienko <oandriie@redhat.com> * Don't change command for all versions Signed-off-by: Oleksandr Andriienko <oandriie@redhat.com> * Start befo-start.sh for java 0.50.0 Signed-off-by: Oleksandr Andriienko <oandriie@redhat.com> * Don't override entrypoint. Signed-off-by: Oleksandr Andriienko <oandriie@redhat.com>
* Add init container to inject remote binary. Signed-off-by: Oleksandr Andriienko <oandriie@redhat.com> * Fix up Signed-off-by: Oleksandr Andriienko <oandriie@redhat.com> * Fix image organization. Signed-off-by: Oleksandr Andriienko <oandriie@redhat.com> * Use settings.xml patching for java images. Signed-off-by: Oleksandr Andriienko <oandriie@redhat.com> * Fix up. Signed-off-by: Oleksandr Andriienko <oandriie@redhat.com> * Use 'entrypoint.sh' script to start remote plugin binary Signed-off-by: Yevhen Vydolob <yvydolob@redhat.com> * Apply all oc 0.21 dependencies. Signed-off-by: Oleksandr Andriienko <oandriie@redhat.com> * Apply all needed dependencies for oc-connector. Signed-off-by: Oleksandr Andriienko <oandriie@redhat.com> * Don't change command for all versions Signed-off-by: Oleksandr Andriienko <oandriie@redhat.com> * Start befo-start.sh for java 0.50.0 Signed-off-by: Oleksandr Andriienko <oandriie@redhat.com> * Don't override entrypoint. Signed-off-by: Oleksandr Andriienko <oandriie@redhat.com>
Referenced issue
eclipse-che/che#13387
What does this PR do?
Add init container to inject remote binary.
Earlier I had pr #210 where is I changed model to implement remote runtime injection, but some developers were against changing model. Current pr don't change model.
In this pr I propose to apply init container for che-theia editor plugin. Plugin broker should find this init container by name
remote-runtime-injector
and only for che-theia editor plugin. Then plugin-broker should analize env variables and volume from init container.REMOTE_ENDPOINT_VOLUME_NAME
env we are using to mark which one volume should be shared with other sidecar containers. In this volume init container on start should copy remote binary.PLUGIN_REMOTE_ENDPOINT_EXECUTABLE
env will be shared with all sidecar containers.Depends on:
eclipse-che/che-theia#410
eclipse-che/che-plugin-broker#76
Signed-off-by: Oleksandr Andriienko oandriie@redhat.com