search

kiwigrid / k8s-sidecar

This is a docker container intended to run inside a kubernetes cluster to collect config maps with a specified label and store the included files in a local folder.
MIT License
612 stars 183 forks source link

Add envsubst to container image #300

Closed sando38 closed 1 year ago

sando38 commented 1 year ago

I would like to use the SCRIPT variable to run a script, which would make use of envsubst (alpine package).

Would it be possible to add this package to your container image?

Thanks for consideration!

jekkel commented 1 year ago

I'd rather not add any additional packages. Can your use cases realized using python maybe?

sando38 commented 1 year ago

I'd rather not add any additional packages. Can your use cases realized using python maybe?

I understand your point, it could open Pandora's box. ;) Well, yes, it certainly can be realized with python. I don't know python, however, that's why I have asked for this tiny package (~100 kB) to be included.

My script would be very simple in the end:

#!/bin/sh
envsubst < $FOLDER/$FOLDER_ANNOTATION/file > /target/directory/shared/with/main/container/file
jekkel commented 1 year ago

We're already dealing with quite some vulnerabilities each month (from dependencies) so if not necessary for the core function of the container we won't increase the attack surface. I can see 2 options for you:

  1. code the same in python (will be pretty short, too)
  2. extend from our image, install any required package and use your image

Sorry for not being more helpful, I certainly understand your use-case but for the project this seems to be the best way forward.

@ChristianGeie @tomrk-esteam8 Please leave a comment with your opinion, too.

sando38 commented 1 year ago

We're already dealing with quite some vulnerabilities each month (from dependencies) so if not necessary for the core function of the container we won't increase the attack surface. I can see 2 options for you:

  1. code the same in python (will be pretty short, too)
  2. extend from our image, install any required package and use your image

Sorry for not being more helpful, I certainly understand your use-case but for the project this seems to be the best way forward.

@ChristianGeie @tomrk-esteam8 Please leave a comment with your opinion, too.

No worries, thank you. Regarding vulnerabilities. I looked into the alpine package history, and there was only one back in 2018 (CVE-2018-18751). libintl is already included in the python base image, so it is in theory only the gettext-envsubst package shipping the envsubst binary.

ChristianGeie commented 1 year ago

I totally agree with @jekkel here.

I fully understand @sando38 's requirement. Our project is used in a very large number of installations, so we also have a great deal of responsibility. Accordingly, we do not want to integrate any further modules or packages.

sando38 commented 1 year ago

I totally agree with @jekkel here.

I fully understand @sando38 's requirement. Our project is used in a very large number of installations, so we also have a great deal of responsibility. Accordingly, we do not want to integrate any further modules or packages.

Thanks nonetheless for the consideration.

jekkel commented 1 year ago

@sando38 It would be great if you shared the solution you end up with here.