Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

add command to openldap container #194

Open
wants to merge 7 commits into
base: master
Choose a base branch
from

Conversation

davidfrickert
Copy link
Contributor

@davidfrickert davidfrickert commented Sep 10, 2024

this command ensures non-first openldap containers dont try to init already initialized cluster-wide resources, such as the root DN or ppolicy module.

What this PR does / why we need it:

Pre-submission checklist:

  • Did you explain what problem does this PR solve? Or what new features have been added?
  • Have you updated the readme?
  • Is this PR backward compatible? If it is not backward compatible, please discuss open a ticket first

@davidfrickert
Copy link
Contributor Author

potentially fixes #148

the list of env vars that are removed is non exhaustive, maybe more need to be added, these are just the ones that were causing problems in my setup

@jp-gouin
Copy link
Owner

jp-gouin commented Oct 1, 2024

Hi @davidfrickert ,
The CI has been fixed in main, can you sync your PR ?

@@ -182,6 +182,22 @@ spec:
{{- if .Values.containerSecurityContext.enabled }}
securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 12 }}
{{- end }}
command:
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This one conflicts with recently restored command on L177.
To not overwrite user supplied .Values.command please move above L176 or incorporate condition block.

export LDAP_SKIP_DEFAULT_TREE=yes
fi

/opt/bitnami/scripts/openldap/entrypoint.sh /opt/bitnami/scripts/openldap/run.sh
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is bitnami-specific and fail on custom container.
Either we postulate that only bitnami/openldap is supported, or check that things in place before calls.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Also, the /opt/bitnami/scripts/openldap/run.sh is actually default CMD (args in k8s manifest), so highly recommend change:

  • fom /opt/bitnami/scripts/openldap/entrypoint.sh /opt/bitnami/scripts/openldap/run.sh
  • to exec /opt/bitnami/scripts/openldap/entrypoint.sh

That will avoid overwriting default or user-supplied args.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

hey, just came back from vacation will try to resolve these issues this or next week

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Also, the /opt/bitnami/scripts/openldap/run.sh is actually default CMD (args in k8s manifest), so highly recommend change:

* fom `/opt/bitnami/scripts/openldap/entrypoint.sh /opt/bitnami/scripts/openldap/run.sh`

* to `exec /opt/bitnami/scripts/openldap/entrypoint.sh`

That will avoid overwriting default or user-supplied args.

hmm exec /opt/bitnami/scripts/openldap/entrypoint.sh does not seem to work
--> /opt/bitnami/scripts/openldap/entrypoint.sh: line 14: $1: unbound variable

(from latest commit on this PR)

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The help exec states that ARGUMENTS become the arguments to COMMAND.
Anyway, try to pass args explicitly:

exec "/opt/bitnami/scripts/openldap/entrypoint.sh" "$@"

Also, ensure that args is not set to empty list -- this will overwrite original image cmd (check with helm template -f values.yaml helm-openldap/openldap-stack-ha --show-only templates/statefulset.yaml)

Copy link
Contributor Author

@davidfrickert davidfrickert Nov 7, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

i might be missing something but can't get it to work, i removed the args empty list from values so it isn't getting used but still get the same error (checked with helm template and the args are not overwritten)

an echo "$@" also prints empty

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I guess overriding the container command also resets args?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

yeah okay i was just inspecting the bitnami/openldap container and this is what came up:

            "Cmd": [
                "/opt/bitnami/scripts/openldap/run.sh"
            ],
            "ArgsEscaped": true,
            "Image": "",
            "Volumes": null,
            "WorkingDir": "",
            "Entrypoint": [
                "/opt/bitnami/scripts/openldap/entrypoint.sh"
            ],

And https://stackoverflow.com/questions/44316361/difference-between-docker-entrypoint-and-kubernetes-container-spec-command

If you supply a command for a Container, only the supplied command is used. The default EntryPoint and the default Cmd defined in the Docker image are ignored. Your command is run with the args supplied (or no args if none supplied).

values.yaml Outdated Show resolved Hide resolved
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants