From a9facb2fdfb66da80f5a60b90d2dc4c94e6b9671 Mon Sep 17 00:00:00 2001 From: Ben Swartzlander Date: Tue, 1 Sep 2020 12:56:29 -0400 Subject: [PATCH] Use distroless base image Alpine provides relatively little value, but carries with it a large amount of security risks. Despite the team's belief that most of the security risks don't put users in any actual danger, it is a burden to evalualte them all. Switching to a base image with a smaller attack surfaces greatly reduces this burden and gives users more assurance of security. As part of this change, CGO is disabled. We didn't need it, and it was adding needless dependencies. Also, because this change removes the shell from the container, it replaces the chroot-wrapper script with a binary that does the same thing. Co-authored-by: Andrew Kerr --- Dockerfile | 54 ++----------- Makefile | 26 ++---- chwrap/chwrap.go | 80 +++++++++++++++++++ chwrap/make-tarball.sh | 12 +++ cli/cmd/pause.go | 27 +++++++ cli/k8s_client/yaml_factory.go | 22 ++--- .../docker/plugin/chroot-host-wrapper.sh | 0 contrib/trident.service.example | 2 +- deploy/bundle.yaml | 2 +- deploy/operator.yaml | 2 +- docker-compose.yml | 2 +- docs/docker/install/host_config.rst | 2 +- operator/Dockerfile | 22 ++--- operator/Makefile | 13 +-- operator/container-launch.sh | 16 ---- .../provisioner/installer/installer.go | 4 +- 16 files changed, 160 insertions(+), 126 deletions(-) create mode 100644 chwrap/chwrap.go create mode 100755 chwrap/make-tarball.sh create mode 100644 cli/cmd/pause.go rename chroot-host-wrapper.sh => contrib/docker/plugin/chroot-host-wrapper.sh (100%) delete mode 100755 operator/container-launch.sh diff --git a/Dockerfile b/Dockerfile index b60617612..b27c1f610 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,25 +1,9 @@ -FROM alpine:3.12 +FROM gcr.io/distroless/static:eddfb5cd7a24d656f77afae595ffe6c232eab847 -LABEL maintainer="Ardalan.Kangarlou@netapp.com" \ +LABEL maintainers="The NetApp Trident Team" \ app="trident.netapp.io" \ description="Trident Storage Orchestrator" -# Use APK mirrors for fault tolerance -RUN printf "http://dl-2.alpinelinux.org/alpine/v3.12/main\nhttp://dl-3.alpinelinux.org/alpine/v3.12/main\nhttp://dl-4.alpinelinux.org/alpine/v3.12/main\nhttp://dl-5.alpinelinux.org/alpine/v3.12/main\n\nhttp://dl-1.alpinelinux.org/alpine/v3.12/community\nhttp://dl-2.alpinelinux.org/alpine/v3.12/community\nhttp://dl-3.alpinelinux.org/alpine/v3.12/community\nhttp://dl-4.alpinelinux.org/alpine/v3.12/community\nhttp://dl-5.alpinelinux.org/alpine/v3.12/community" > /etc/apk/repositories - -RUN apk update || true && \ - apk add coreutils util-linux blkid \ - lsscsi \ - e2fsprogs \ - bash \ - kmod \ - curl \ - jq \ - ca-certificates - -# for go binaries to work inside an alpine container -RUN mkdir /lib64 && ln -s /lib/libc.musl-x86_64.so.1 /lib64/ld-linux-x86-64.so.2 - ARG PORT=8000 ENV PORT $PORT EXPOSE $PORT @@ -32,33 +16,9 @@ ENV K8S $K8S ENV TRIDENT_IP localhost ENV TRIDENT_SERVER 127.0.0.1:$PORT -COPY ./scripts/* $BIN $CLI_BIN /usr/local/bin/ - -RUN mkdir /netapp -ADD chroot-host-wrapper.sh /netapp -RUN ln -s /netapp/chroot-host-wrapper.sh /netapp/blkid \ - && ln -s /netapp/chroot-host-wrapper.sh /netapp/blockdev \ - && ln -s /netapp/chroot-host-wrapper.sh /netapp/cat \ - && ln -s /netapp/chroot-host-wrapper.sh /netapp/dd \ - && ln -s /netapp/chroot-host-wrapper.sh /netapp/df \ - && ln -s /netapp/chroot-host-wrapper.sh /netapp/free \ - && ln -s /netapp/chroot-host-wrapper.sh /netapp/iscsiadm \ - && ln -s /netapp/chroot-host-wrapper.sh /netapp/ls \ - && ln -s /netapp/chroot-host-wrapper.sh /netapp/lsblk \ - && ln -s /netapp/chroot-host-wrapper.sh /netapp/lsscsi \ - && ln -s /netapp/chroot-host-wrapper.sh /netapp/mkdir \ - && ln -s /netapp/chroot-host-wrapper.sh /netapp/mkfs.ext3 \ - && ln -s /netapp/chroot-host-wrapper.sh /netapp/mkfs.ext4 \ - && ln -s /netapp/chroot-host-wrapper.sh /netapp/mkfs.xfs \ - && ln -s /netapp/chroot-host-wrapper.sh /netapp/mount \ - && ln -s /netapp/chroot-host-wrapper.sh /netapp/multipath \ - && ln -s /netapp/chroot-host-wrapper.sh /netapp/multipathd \ - && ln -s /netapp/chroot-host-wrapper.sh /netapp/pgrep \ - && ln -s /netapp/chroot-host-wrapper.sh /netapp/resize2fs \ - && ln -s /netapp/chroot-host-wrapper.sh /netapp/rmdir \ - && ln -s /netapp/chroot-host-wrapper.sh /netapp/stat \ - && ln -s /netapp/chroot-host-wrapper.sh /netapp/umount \ - && ln -s /netapp/chroot-host-wrapper.sh /netapp/xfs_growfs - +COPY $BIN / +COPY $CLI_BIN /bin/ +ADD chwrap.tar / -CMD ["/usr/bin/env -i PATH='/netapp:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin' /usr/local/bin/$BIN -port $PORT -crd_persistence -k8s_api_server $K8S"] +ENTRYPOINT ["/bin/$CLI_BIN"] +CMD ["version"] diff --git a/Makefile b/Makefile index 46d0335f4..4b7efa0fe 100644 --- a/Makefile +++ b/Makefile @@ -34,6 +34,7 @@ VERSION ?= $(shell cat ${ROOT}/hack/VERSION) DR_LINUX = docker run --rm \ --net=host \ + -e CGO_ENABLED=0 \ -e GOOS=linux \ -e GOARCH=$(GOARCH) \ -e GOGC=$(GOGC) \ @@ -60,7 +61,7 @@ GO_LINUX = ${DR_LINUX} ${GO_CMD} GO_MACOS = ${DR_MACOS} ${GO_CMD} -.PHONY = default build trident_build trident_build_all trident_retag tridentctl_build dist dist_tar dist_tag test test_core test_other test_coverage_report clean fmt install vet +.PHONY = default build trident_build trident_build_all tridentctl_build dist dist_tar dist_tag test test_core test_other test_coverage_report clean fmt install vet default: dist @@ -75,10 +76,8 @@ endif ## tag variables TRIDENT_TAG := ${TRIDENT_IMAGE}:${TRIDENT_VERSION} -TRIDENT_TAG_OLD := ${TRIDENT_IMAGE}:${TRIDENT_VERSION}_old ifdef REGISTRY_ADDR TRIDENT_TAG := ${REGISTRY_ADDR}/${TRIDENT_TAG} -TRIDENT_TAG_OLD := ${REGISTRY_ADDR}/${TRIDENT_TAG_OLD} endif DIST_REGISTRY ?= netapp TRIDENT_DIST_TAG := ${DIST_REGISTRY}/${TRIDENT_IMAGE}:${TRIDENT_VERSION} @@ -91,32 +90,23 @@ DEFAULT_TRIDENT_OPERATOR_IMAGE := ${DEFAULT_TRIDENT_OPERATOR_REPO}:${DEFAULT_TRI OPERATOR_DIST_TAG := ${DIST_REGISTRY}/${OPERATOR_IMAGE}:${TRIDENT_VERSION} # Go compiler flags need to be properly encapsulated with double quotes to handle spaces in values -BUILD_FLAGS = "-X \"${TRIDENT_CONFIG_PKG}.BuildHash=$(GITHASH)\" -X \"${TRIDENT_CONFIG_PKG}.BuildType=$(BUILD_TYPE)\" -X \"${TRIDENT_CONFIG_PKG}.BuildTypeRev=$(BUILD_TYPE_REV)\" -X \"${TRIDENT_CONFIG_PKG}.BuildTime=$(BUILD_TIME)\" -X \"${TRIDENT_CONFIG_PKG}.BuildImage=$(TRIDENT_DIST_TAG)\"" +BUILD_FLAGS = "-s -w -X \"${TRIDENT_CONFIG_PKG}.BuildHash=$(GITHASH)\" -X \"${TRIDENT_CONFIG_PKG}.BuildType=$(BUILD_TYPE)\" -X \"${TRIDENT_CONFIG_PKG}.BuildTypeRev=$(BUILD_TYPE_REV)\" -X \"${TRIDENT_CONFIG_PKG}.BuildTime=$(BUILD_TIME)\" -X \"${TRIDENT_CONFIG_PKG}.BuildImage=$(TRIDENT_DIST_TAG)\"" ## Trident build targets -trident_retag: - -docker volume rm $(TRIDENT_VOLUME) || true - -docker tag ${TRIDENT_TAG} ${TRIDENT_TAG_OLD} - -docker rmi ${TRIDENT_TAG} - -operator_retag: - cd operator && $(MAKE) retag - -trident_build: trident_retag +trident_build: @mkdir -p ${BIN_DIR} @chmod 777 ${BIN_DIR} @${GO_LINUX} ${BUILD} -ldflags $(BUILD_FLAGS) -o ${TRIDENT_VOLUME_PATH}/bin/${BIN} @${GO_LINUX} ${BUILD} -ldflags $(BUILD_FLAGS) -o ${TRIDENT_VOLUME_PATH}/bin/${CLI_BIN} ${CLI_PKG} - cp ${BIN_DIR}/${BIN} . - cp ${BIN_DIR}/${CLI_BIN} . + @${GO_LINUX} ${BUILD} -ldflags $(BUILD_FLAGS) -o ${TRIDENT_VOLUME_PATH}/bin/chwrap chwrap/chwrap.go + cp ${BIN_DIR}/${BIN} ${BIN_DIR}/${CLI_BIN} . + chwrap/make-tarball.sh ${BIN_DIR}/chwrap chwrap.tar docker build --build-arg PORT=${PORT} --build-arg BIN=${BIN} --build-arg CLI_BIN=${CLI_BIN} --build-arg K8S=${K8S} -t ${TRIDENT_TAG} --rm . ifdef REGISTRY_ADDR docker push ${TRIDENT_TAG} endif - rm ${BIN} - rm ${CLI_BIN} - -docker rmi ${TRIDENT_TAG_OLD} + rm ${BIN} ${CLI_BIN} chwrap.tar tridentctl_build: @mkdir -p ${BIN_DIR} diff --git a/chwrap/chwrap.go b/chwrap/chwrap.go new file mode 100644 index 000000000..79fcc133e --- /dev/null +++ b/chwrap/chwrap.go @@ -0,0 +1,80 @@ +/* + * Copyright (c) 2020 NetApp + * All rights reserved + */ + +package main + +import ( + "os" + "strings" + + "golang.org/x/sys/unix" +) + +func validBinary(path string) bool { + var stat unix.Stat_t + if err := unix.Stat(path, &stat); nil != err { + // Can't stat file + return false + } + if (stat.Mode&unix.S_IFMT) != unix.S_IFREG && (stat.Mode&unix.S_IFMT) != unix.S_IFLNK { + // Not a regular file or symlink + return false + } + if 0 == stat.Mode&unix.S_IRUSR || 0 == stat.Mode&unix.S_IXUSR { + // Not readable or not executable + return false + } + return true +} + +func findBinary(prefix, binary string) string { + for _, part1 := range []string{"usr/local/", "usr/", ""} { + for _, part2 := range []string{"sbin", "bin"} { + path := "/" + part1 + part2 + "/" + binary + if validBinary(prefix + path) { + return path + } + } + } + return "" +} + +func modifyEnv(oldEnv []string) []string { + var newEnv []string + for _, e := range oldEnv { + if !strings.HasPrefix(e, "PATH=") { + newEnv = append(newEnv, e) + } + } + newEnv = append(newEnv, "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin") + return newEnv +} + +func main() { + // First modify argv0 to strip off any absolute or relative paths + argv := os.Args + binary := argv[0] + idx := strings.LastIndexByte(binary, '/') + if 0 <= idx { + binary = binary[idx+1:] + } + // Now implement the path search logic, but in the host's filesystem + argv0 := findBinary("/host", binary) + if "" == argv0 { + panic(binary + " not found") + } + // Chroot in the the host's FS + if err := unix.Chroot("/host"); nil != err { + panic(err) + } + // Change cwd to the root + if err := unix.Chdir("/"); nil != err { + panic(err) + } + // Exec the intended binary + if err := unix.Exec(argv0, argv, modifyEnv(os.Environ())); nil != err { + panic(err) + } +} diff --git a/chwrap/make-tarball.sh b/chwrap/make-tarball.sh new file mode 100755 index 000000000..b2d7938f1 --- /dev/null +++ b/chwrap/make-tarball.sh @@ -0,0 +1,12 @@ +#!/bin/sh -e + +[ -n "$1" ] && [ -n "$2" ] || exit 1 + +PREFIX=/tmp/$(uuidgen) +mkdir -p $PREFIX/netapp +cp "$1" $PREFIX/netapp/chwrap +for BIN in blkid blockdev cat dd df free iscsiadm ls lsblk lsscsi mkdir mkfs.ext3 mkfs.ext4 mkfs.xfs mount multipath multipathd pgrep resize2fs rmdir stat umount xfs_growfs ; do + ln -s chwrap $PREFIX/netapp/$BIN +done +tar --owner=0 --group=0 -C $PREFIX -cf "$2" netapp +rm -rf $PREFIX diff --git a/cli/cmd/pause.go b/cli/cmd/pause.go new file mode 100644 index 000000000..31be1ab10 --- /dev/null +++ b/cli/cmd/pause.go @@ -0,0 +1,27 @@ +/* + * Copyright (c) 2020 NetApp + * All rights reserved + */ + +package cmd + +import ( + "time" + + "github.com/spf13/cobra" +) + +func init() { + RootCmd.AddCommand(pauseCmd) +} + +var pauseCmd = &cobra.Command{ + Use: "pause", + Short: "Sleep forever", + Hidden: true, + RunE: func(cmd *cobra.Command, args []string) error { + for { + time.Sleep(time.Second) + } + }, +} diff --git a/cli/k8s_client/yaml_factory.go b/cli/k8s_client/yaml_factory.go index 9ebf4366b..b6debdd50 100644 --- a/cli/k8s_client/yaml_factory.go +++ b/cli/k8s_client/yaml_factory.go @@ -287,7 +287,7 @@ spec: - name: trident-main image: {TRIDENT_IMAGE} command: - - /usr/local/bin/trident_orchestrator + - /trident_orchestrator args: - "--crd_persistence" - "--k8s_pod" @@ -443,7 +443,7 @@ spec: - containerPort: 8443 - containerPort: 8001 command: - - /usr/local/bin/trident_orchestrator + - /trident_orchestrator args: - "--crd_persistence" - "--k8s_pod" @@ -577,7 +577,7 @@ spec: - containerPort: 8443 - containerPort: 8001 command: - - /usr/local/bin/trident_orchestrator + - /trident_orchestrator args: - "--crd_persistence" - "--k8s_pod" @@ -699,7 +699,7 @@ spec: - containerPort: 8443 - containerPort: 8001 command: - - /usr/local/bin/trident_orchestrator + - /trident_orchestrator args: - "--crd_persistence" - "--k8s_pod" @@ -833,7 +833,7 @@ spec: - containerPort: 8443 - containerPort: 8001 command: - - /usr/local/bin/trident_orchestrator + - /trident_orchestrator args: - "--crd_persistence" - "--k8s_pod" @@ -1017,7 +1017,7 @@ spec: allowPrivilegeEscalation: true image: {TRIDENT_IMAGE} command: - - /usr/local/bin/trident_orchestrator + - /trident_orchestrator args: - "--no_persistence" - "--rest=false" @@ -1035,7 +1035,7 @@ spec: - name: CSI_ENDPOINT value: unix://plugin/csi.sock - name: PATH - value: /netapp:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin + value: /netapp:/bin volumeMounts: - name: plugin-dir mountPath: /plugin @@ -1154,7 +1154,7 @@ spec: allowPrivilegeEscalation: true image: {TRIDENT_IMAGE} command: - - /usr/local/bin/trident_orchestrator + - /trident_orchestrator args: - "--no_persistence" - "--rest=false" @@ -1172,7 +1172,7 @@ spec: - name: CSI_ENDPOINT value: unix://plugin/csi.sock - name: PATH - value: /netapp:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin + value: /netapp:/bin volumeMounts: - name: plugin-dir mountPath: /plugin @@ -1499,8 +1499,8 @@ spec: - name: trident-main imagePullPolicy: IfNotPresent image: {TRIDENT_IMAGE} - command: ["sleep"] - args: ["60"] + command: ["tridentctl"] + args: ["pause"] {IMAGE_PULL_SECRETS} nodeSelector: beta.kubernetes.io/os: linux diff --git a/chroot-host-wrapper.sh b/contrib/docker/plugin/chroot-host-wrapper.sh similarity index 100% rename from chroot-host-wrapper.sh rename to contrib/docker/plugin/chroot-host-wrapper.sh diff --git a/contrib/trident.service.example b/contrib/trident.service.example index 9e14c611a..2758c8369 100644 --- a/contrib/trident.service.example +++ b/contrib/trident.service.example @@ -6,7 +6,7 @@ After=docker.service [Service] Type=Simple Restart=always -ExecStart=/usr/local/bin/trident --config=/etc/netappdvp/configuration.json +ExecStart=/trident --config=/etc/netappdvp/configuration.json [Install] WantedBy=multi-user.target diff --git a/deploy/bundle.yaml b/deploy/bundle.yaml index ae59916c7..0664757c2 100644 --- a/deploy/bundle.yaml +++ b/deploy/bundle.yaml @@ -354,7 +354,7 @@ spec: spec: containers: - command: - - /usr/local/bin/trident-operator + - /trident-operator - --debug env: - name: POD_NAME diff --git a/deploy/operator.yaml b/deploy/operator.yaml index 2087c8823..ad8d38a34 100644 --- a/deploy/operator.yaml +++ b/deploy/operator.yaml @@ -22,7 +22,7 @@ spec: - name: trident-operator image: netapp/trident-operator:20.10.0 command: - - "/usr/local/bin/trident-operator" + - "/trident-operator" - "--debug" imagePullPolicy: IfNotPresent env: diff --git a/docker-compose.yml b/docker-compose.yml index ba61b6bb5..bfaf4e21d 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -9,7 +9,7 @@ services: - /dev:/dev privileged: true tty: true - command: /usr/local/bin/trident_orchestrator -address "" -port "${PORT}" -etcd_v2 http://etcd:2379 -k8s_api_server "${K8S}" + command: /trident_orchestrator -address "" -port "${PORT}" -etcd_v2 http://etcd:2379 -k8s_api_server "${K8S}" depends_on: - etcd etcd: diff --git a/docs/docker/install/host_config.rst b/docs/docker/install/host_config.rst index 34a71356c..e7d51c378 100644 --- a/docs/docker/install/host_config.rst +++ b/docs/docker/install/host_config.rst @@ -131,7 +131,7 @@ Traditional Install Method (Docker <= 1.12) tar zxf trident-installer-19.10.0.tar.gz # move to a location in the bin path - sudo mv trident-installer/extras/bin/trident /usr/local/bin + sudo mv trident-installer/extras/bin/trident /usr/local/bin/ sudo chown root:root /usr/local/bin/trident sudo chmod 755 /usr/local/bin/trident diff --git a/operator/Dockerfile b/operator/Dockerfile index ee955bfa2..e835364a2 100644 --- a/operator/Dockerfile +++ b/operator/Dockerfile @@ -1,25 +1,13 @@ -FROM alpine:3.12 +FROM gcr.io/distroless/static:eddfb5cd7a24d656f77afae595ffe6c232eab847 -LABEL app="trident-operator.netapp.io" description="Trident Operator" - -# Use APK mirrors for fault tolerance -RUN printf "http://dl-2.alpinelinux.org/alpine/v3.12/main\nhttp://dl-3.alpinelinux.org/alpine/v3.12/main\nhttp://dl-4.alpinelinux.org/alpine/v3.12/main\nhttp://dl-5.alpinelinux.org/alpine/v3.12/main\n\nhttp://dl-1.alpinelinux.org/alpine/v3.12/community\nhttp://dl-2.alpinelinux.org/alpine/v3.12/community\nhttp://dl-3.alpinelinux.org/alpine/v3.12/community\nhttp://dl-4.alpinelinux.org/alpine/v3.12/community\nhttp://dl-5.alpinelinux.org/alpine/v3.12/community" > /etc/apk/repositories - -RUN apk update || true && \ - apk add coreutils util-linux bash curl jq ca-certificates - -# for go binaries to work inside an alpine container -RUN mkdir /lib64 && ln -s /lib/libc.musl-x86_64.so.1 /lib64/ld-linux-x86-64.so.2 +LABEL maintainers="The NetApp Trident Team" \ + app="trident-operator.netapp.io" description="Trident Operator" ARG BIN=trident-operator ENV BIN $BIN ARG K8S="" ENV K8S $K8S -COPY $BIN /usr/local/bin/ - -RUN mkdir /netapp -ADD container-launch.sh /netapp -RUN chmod 777 /netapp/container-launch.sh +COPY $BIN / -CMD ["/netapp/container-launch.sh"] +ENTRYPOINT ["/$BIN"] diff --git a/operator/Makefile b/operator/Makefile index 7900e99d0..7d099bf05 100644 --- a/operator/Makefile +++ b/operator/Makefile @@ -31,6 +31,7 @@ VERSION ?= $(shell cat ${ROOT}/hack/VERSION) DR_LINUX = docker run --rm \ --net=host \ + -e CGO_ENABLED=0 \ -e GOOS=linux \ -e GOARCH=$(GOARCH) \ -e GOGC=$(GOGC) \ @@ -42,7 +43,7 @@ DR_LINUX = docker run --rm \ GO_LINUX = ${DR_LINUX} go -.PHONY = default build retag dist dist_tar dist_tag clean vet +.PHONY = default build dist dist_tar dist_tag clean vet ## version variables OPERATOR_VERSION ?= ${VERSION} @@ -56,10 +57,8 @@ endif ## tag variables OPERATOR_TAG := ${OPERATOR_IMAGE}:${OPERATOR_VERSION} -OPERATOR_TAG_OLD := ${OPERATOR_IMAGE}:${OPERATOR_VERSION}_old ifdef REGISTRY_ADDR OPERATOR_TAG := ${REGISTRY_ADDR}/${OPERATOR_TAG} -OPERATOR_TAG_OLD := ${REGISTRY_ADDR}/${OPERATOR_TAG_OLD} endif DIST_REGISTRY ?= netapp OPERATOR_DIST_TAG := ${DIST_REGISTRY}/${OPERATOR_IMAGE}:${OPERATOR_VERSION} @@ -80,12 +79,7 @@ BUILD_FLAGS = "-X \"${OPERATOR_CONFIG_PKG}.BuildHash=$(GITHASH)\" -X \"${OPERATO default: dist -retag: - -docker volume rm $(OPERATOR_VOLUME) || true - -docker tag ${OPERATOR_TAG} ${OPERATOR_TAG_OLD} - -docker rmi ${OPERATOR_TAG} - -build: retag +build: #$(info ${GO_LINUX}) @mkdir -p ${BIN_DIR} @chmod 777 ${BIN_DIR} @@ -96,7 +90,6 @@ ifdef REGISTRY_ADDR docker push ${OPERATOR_TAG} endif rm ${BIN} - -docker rmi ${OPERATOR_TAG_OLD} dist_tag: ifneq ($(OPERATOR_DIST_TAG),$(OPERATOR_TAG)) diff --git a/operator/container-launch.sh b/operator/container-launch.sh deleted file mode 100755 index 367626151..000000000 --- a/operator/container-launch.sh +++ /dev/null @@ -1,16 +0,0 @@ -#!/usr/bin/env bash - -# process debug -MY_K8S=${K8S} -case $(echo ${MY_K8S}) in - "") - K8S_SWITCH="" - ;; - *) - K8S_SWITCH="--k8s-api-server ${MY_K8S}" - ;; -esac -export K8S_SWITCH - -echo Running: /usr/local/bin/trident-operator ${K8S_SWITCH} "${@:1}" -/usr/local/bin/trident-operator ${K8S_SWITCH} "${@:1}" diff --git a/operator/controllers/provisioner/installer/installer.go b/operator/controllers/provisioner/installer/installer.go index 4f200b150..f115b4d0e 100644 --- a/operator/controllers/provisioner/installer/installer.go +++ b/operator/controllers/provisioner/installer/installer.go @@ -1758,7 +1758,7 @@ func (i *Installer) getTridentClientVersionInfo(imageName string, controllingCRD // getTridentVersionYAML takes trident image name and identifies the Trident client version YAML, this workflow // resembles the `kubectl run --rm -it --restart=Never transient-trident-verion-pod --image= -- -// /usr/local/bin/tridentctl version --client -o yaml` command +// /bin/tridentctl version --client -o yaml` command func (i *Installer) getTridentVersionYAML(imageName string, controllingCRDetails map[string]string) ([]byte, error) { podName := "transient-trident-version-pod" @@ -1767,7 +1767,7 @@ func (i *Installer) getTridentVersionYAML(imageName string, controllingCRDetails podLabels[TridentVersionPodLabelKey] = TridentVersionPodLabelValue podLabels[K8sVersionLabelKey] = i.client.ServerVersion().ShortStringWithRelease() - tridentctlFilePath := "/usr/local/bin/tridentctl" + tridentctlFilePath := "/bin/tridentctl" tridentVersionCommand := []string{tridentctlFilePath, "version", "--client", "-o", "yaml"} // Create TridentVersion Pod from image