Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Implement etcd_bootstrap_script.sh in Golang #16

Closed
33 tasks done
timuthy opened this issue May 20, 2022 · 0 comments · Fixed by gardener/etcd-wrapper#3
Closed
33 tasks done

Implement etcd_bootstrap_script.sh in Golang #16

timuthy opened this issue May 20, 2022 · 0 comments · Fixed by gardener/etcd-wrapper#3
Assignees
@unmarshall @aaronfern
Labels
area/dev-productivity Developer productivity related (how to improve development) area/security Security related kind/enhancement Enhancement, improvement, extension priority/1 Priority (lower number equals higher priority) status/closed Issue is closed (either delivered or triaged)
Milestone
2023-Q2

Comments

@timuthy
Copy link
Member

timuthy commented May 20, 2022
edited by aaronfern
Loading

What would you like to be added:
The current bootstrap script etcd_bootstrap_script.sh should be replaced by a Golang based implementation.

Why is this needed:
The etcd_bootstrap_script.sh has several dependencies to OS utilities like bash, curl, etc. This makes it very hard to change to Distroless container base image in the future. The etcd project moved to Distroless for 3.6.x (etcd-io/etcd#13556 reduce the attack surface and we should do the same. This will also eliminate some tedious maintenance tasks like updating base images and utilities because of reported vulnerabilities.

Tasks

Project Structure

  • Create project structure
  • Implement bootstrap script logic
  • Add signal handler
  • Add command and flags
  • Add readiness endpoint
  • Add TLS support
  • Add Makefile
  • Add Dockerfile
  • Add vendor directory
  • Add unit tests
    • app
    • bootstrap
    • brclient
    • util
    • types
      - [x] Use 3.5.6 version of etcd for etcd-wrapper.
  • Use 3.4.26 of etcd in etcd-wrapper (See Upgrade to etcd v3.4.26 to fix vulnerabilities from go runtime #33). Move to the latest version of etcd in another increment (another PR). Backup-Restore continues to use the current client version.
  • Add hack/local-dev scripts to help ease local KIND + skaffold based tests.
  • CI/CD
    • Pipeline definition
    • Scripts
  • Documentation
    • Ops guide
    • Operator docs
    • Developer docs
  • Security requirements:
    • Change base image to distroless for both etcd-wrapper and etcd-backup-restore
    • Add an init container to change the ownership of /var/etcd/data from root to nonroot user (required for existing clusters)
    • Add pod security context to run all containers by default as nonroot.
  • Add Dockerfile for ephemeral container which will be used for all diagnostics, this container will also be run as nonroot.
  • Adapt etcd-druid and run druid integration and e2e
  • Run g/g e2e tests
    • Run additional test where one of the pods is using etcd-wrapper and other two continue to use etcd-custom-image. This is possible during a stuck software update or a partially successful software update of the statefulset. Ensure that both can co-exists together.
    • Run additional test where one tries to roll-back from pods using etcd-wrapper to pods using etcd-custom-image.
@timuthy timuthy added area/dev-productivity Developer productivity related (how to improve development) area/security Security related kind/enhancement Enhancement, improvement, extension labels May 20, 2022
@timuthy timuthy mentioned this issue May 20, 2022
Closed
@ishan16696 ishan16696 mentioned this issue Oct 7, 2022
Open
3 tasks
@gardener-robot gardener-robot added the lifecycle/stale Nobody worked on this for 6 months (will further age) label Nov 18, 2022
@unmarshall unmarshall mentioned this issue Nov 28, 2022
Open
5 tasks
@unmarshall unmarshall self-assigned this Nov 29, 2022
@unmarshall unmarshall mentioned this issue Dec 5, 2022
Open
@abdasgupta abdasgupta added priority/2 Priority (lower number equals higher priority) priority/1 Priority (lower number equals higher priority) and removed priority/2 Priority (lower number equals higher priority) labels Jan 5, 2023
@shreyas-s-rao shreyas-s-rao mentioned this issue Jan 6, 2023
Closed
@ishan16696 ishan16696 mentioned this issue Jan 12, 2023
Open
6 tasks
@abdasgupta abdasgupta modified the milestones: 2023-Q1, 2023-Q2 Jan 23, 2023
@aaronfern aaronfern removed the lifecycle/stale Nobody worked on this for 6 months (will further age) label Mar 1, 2023
@ishan16696 ishan16696 mentioned this issue Mar 15, 2023
Closed
8 tasks
@unmarshall unmarshall mentioned this issue Apr 20, 2023
Merged
@lizzzcai lizzzcai mentioned this issue May 24, 2023
Closed
This was referenced Jun 5, 2023
Closed
Closed
@gardener-robot gardener-robot added the status/closed Issue is closed (either delivered or triaged) label Jul 11, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@unmarshall unmarshall

@aaronfern aaronfern

Labels
area/dev-productivity Developer productivity related (how to improve development) area/security Security related kind/enhancement Enhancement, improvement, extension priority/1 Priority (lower number equals higher priority) status/closed Issue is closed (either delivered or triaged)
Projects
None yet
Milestone
2023-Q2
Development

Successfully merging a pull request may close this issue.

First version of etcd-wrapper gardener/etcd-wrapper
5 participants
@unmarshall @abdasgupta @timuthy @gardener-robot @aaronfern