zero-to-jupyterhub-k8s icon indicating copy to clipboard operation
zero-to-jupyterhub-k8s copied to clipboard

Published 20 hours ago verified publisher icon jupyterhub

image-puller assumes that /bin/sh is present

Open mattijsjonker opened this issue 2 years ago • 2 comments
trafficstars

https://github.com/jupyterhub/zero-to-jupyterhub-k8s/blob/1c9a12cd94eed6842eee985d97126b8ed99e68ce/jupyterhub/templates/image-puller/_helpers-daemonset.tpl#L118-L123

It appears that the image puller assumes that /bin/sh is always available. In my setup this is causing an issue because one of the configured singleuser.extraContainers images is scratch-based, resulting in CrashLookBackoffs on the continuous-image-puller pods:

  image-pull-singleuser-init-and-extra-containers-0:
    Container ID:  containerd://<id>
    Image:         minio/sidekick:v3.0.4
    Image ID:      docker.io/minio/sidekick@sha256:<hash>
    Port:          <none>
    Host Port:     <none>
    Command:
      /bin/sh
      -c
      echo "Pulling complete"
    State:          Waiting
      Reason:       CrashLoopBackOff
    Last State:     Terminated
      Reason:       StartError
      Message:      failed to create containerd task: failed to create shim task: OCI runtime create failed: runc create failed: unable to start container process: exec: "/bin/sh": stat /bin/sh: no such file or directory: unknown
      Exit Code:    128
      Started:      Thu, 01 Jan 1970 00:00:00 +0000
      Finished:     Thu, 17 Aug 2023 10:33:10 +0000
    Ready:          False
    Restart Count:  1
    Environment:  <none>
    Mounts:       <none>

The image in question (https://github.com/minio/sidekick/blob/master/Dockerfile).

I remedied this by creating a custom image that does include /bin/sh, but I wonder if a more elegant solution is possible (e.g., a configurable check).

mattijsjonker avatar Aug 17 '23 14:08 mattijsjonker

Thank you for opening your first issue in this project! Engagement like this is essential for open source projects! :hugs:
If you haven't done so already, check out Jupyter's Code of Conduct. Also, please try to follow the issue template as it helps other other community members to contribute more effectively. welcome You can meet the other Jovyans by joining our Discourse forum. There is also an intro thread there where you can stop by and say Hi! :wave:
Welcome to the Jupyter community! :tada:

welcome[bot] avatar Aug 17 '23 14:08 welcome[bot]

Good question. We must have a command here, and one that essentially does nothing (rather than start the default cmd for the image). /bin/sh was chosen as the most common thing to exist here. I'm not sure we can do something else - scratch based containers by definition are unique and usually don't have anything else in them.

Perhaps what we need is to document this requirement?

yuvipanda avatar Nov 06 '23 09:11 yuvipanda