Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Use COPY instead of ADD in Dockerfiles #8289

Merged
merged 3 commits into from
Dec 7, 2023
Merged

Use COPY instead of ADD in Dockerfiles #8289

merged 3 commits into from
Dec 7, 2023

Conversation

fasaxc
Copy link
Member

@fasaxc fasaxc commented Dec 6, 2023
edited
Loading

Description

  • Recommended by CIS benchmark. Add linter to check it.
  • Remove tini init daemon from Typha. AFAICT, we now handle the signals we need to and Typha doesn't spawn sub-processes so we don't need a reaper.

Related issues/PRs

CORE-10036

Todos

  • Tests
  • Documentation
  • Release note

Release Note

Docker images now use COPY instead of ADD as recommended by CIS. Typha no longer relies on the tini init daemon, it handles the common signals internally (and it does not spawn any subprocesses so there is no need for a reaper).

Reminder for the reviewer

Make sure that this PR has the correct labels and milestone set.

Every PR needs one docs-* label.

  • docs-pr-required: This change requires a change to the documentation that has not been completed yet.
  • docs-completed: This change has all necessary documentation completed.
  • docs-not-required: This change has no user-facing impact and requires no docs.

Every PR needs one release-note-* label.

  • release-note-required: This PR has user-facing changes. Most PRs should have this label.
  • release-note-not-required: This PR has no user-facing changes.

Other optional labels:

  • cherry-pick-candidate: This PR should be cherry-picked to an earlier release. For bug fixes only.
  • needs-operator-pr: This PR is related to install and requires a corresponding change to the operator.

@fasaxc
Use COPY instead of ADD in Dockerfiles
cdc969e 
Recommended by CIS benchmark.
@fasaxc fasaxc requested a review from a team as a code owner December 6, 2023 10:32
@marvin-tigera marvin-tigera added this to the Calico v3.28.0 milestone Dec 6, 2023
@marvin-tigera marvin-tigera added release-note-required Change has user-facing impact (no matter how small) docs-pr-required Change is not yet documented labels Dec 6, 2023
@fasaxc fasaxc removed the docs-pr-required Change is not yet documented label Dec 6, 2023
@marvin-tigera marvin-tigera added the docs-pr-required Change is not yet documented label Dec 6, 2023
@fasaxc fasaxc added docs-not-required Docs not required for this change and removed docs-pr-required Change is not yet documented labels Dec 6, 2023
@fasaxc
Remove tini from Typha
1228a7e 
- Avoid a download in the dockerfile.
- Typha has never spawned processes (and now runs in scratch so there's nothing to spawn).
- As of the graceful shutdown work, typha responds to SIGTERM etc so no need
  for an init daemon to do it.
@fasaxc fasaxc merged commit 02cfa12 into projectcalico:master Dec 7, 2023
2 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@hjiawei hjiawei hjiawei approved these changes

Assignees
No one assigned
Labels
docs-not-required Docs not required for this change release-note-required Change has user-facing impact (no matter how small)
Projects
None yet
Milestone
Calico v3.28.0
Development

Successfully merging this pull request may close these issues.
3 participants
@fasaxc @hjiawei @marvin-tigera