Last active
July 7, 2023 06:28
-
-
Save robd003/589b2a0291038d92836efdb56810dba1 to your computer and use it in GitHub Desktop.
Emissary 3.7 housekeeping.py
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/python | |
| """'Finalize' the distroless image of an emissary build.""" | |
| # Standard Library Imports | |
| import os | |
| import stat | |
| import subprocess | |
| import sys | |
| import tarfile | |
| from itertools import chain | |
| from pathlib import Path | |
| from shutil import rmtree | |
| from urllib import request | |
| # Ensure we're at the proper "starting point" before | |
| # we begin unpacking the packages tarball | |
| os.chdir("/") | |
| # Use Python's `tarfile` module to unpack the "installed" | |
| # packages, mirroring the way they were packed up to begin | |
| # with just in reverse. | |
| artifact_tar = Path("/tmp/artifacts.tar.gz") | |
| artifacts = tarfile.open(artifact_tar, mode="r:gz") | |
| artifacts.extractall(".") | |
| artifacts.close() | |
| # Naturally, we'll also call `.unlink()` on the archive itself | |
| # once we're done extracting it. After all, c̶l̶e̶a̶n̶l̶i̶n̶e̶s̶s̶ ̶i̶s̶ ̶n̶e̶x̶t̶ | |
| # t̶o̶ ̶g̶o̶d̶l̶i̶n̶e̶s̶s̶ only monsters publish bloated Docker images. | |
| artifact_tar.unlink() | |
| # Create some necessary symlinks | |
| for exe in Path("/opt/ambassador/bin").iterdir(): | |
| if not Path(f"/usr/bin/{exe.name}").exists(): | |
| Path(f"/usr/bin/{exe.name}").symlink_to(exe) | |
| for cmd in ( | |
| Path(f"/usr/bin/{exe}") | |
| for exe in ( | |
| "ambex", | |
| "entrypoint", | |
| "kubestatus", | |
| "watt", | |
| "agent", | |
| "apiext", | |
| ) | |
| ): | |
| if not cmd.exists(): | |
| cmd.symlink_to(Path("/opt/ambassador/bin/busyambassador")) | |
| # Make sure `ambassador.version` exists, as this build process | |
| # now skips it, technically | |
| Path("/opt/ambassador/python/ambassador.version").write_text("0.0.0\n\n") | |
| #pyyaml = Path("/tmp/install_pyyaml.py") | |
| reqs = Path("/opt/ambassador/python/requirements.txt") | |
| dev_reqs = Path("/opt/ambassador/python/requirements-dev.txt") | |
| #reqs.write_text(reqs.read_text().replace("pyyaml==5.4.1", "pyyaml>=6.0")) | |
| # While the base distroless image *does* provide | |
| # Python itself, it does *not* provide `pip` or | |
| # even `ensurepip`. Not to worry though, we'll | |
| # just snag the latest version of `get-pip` from | |
| # the Python Packaging Authority and use that | |
| get_pip = Path("/tmp/get-pip.py") | |
| get_pip.write_bytes( | |
| request.urlopen("https://bootstrap.pypa.io/get-pip.py").read() | |
| ) | |
| subprocess.check_call([sys.executable, str(get_pip)]) | |
| # Now that we have `pip`, we can us it to install | |
| # emissary's dependencies... | |
| subprocess.check_call([sys.executable, "-m", "pip", "install", "-r", str(reqs)]) | |
| subprocess.check_call( | |
| [ | |
| sys.executable, | |
| "-m", | |
| "pip", | |
| "install", | |
| "-r", | |
| str(dev_reqs), | |
| ] | |
| ) | |
| subprocess.run( | |
| [ | |
| sys.executable, | |
| "/opt/ambassador/python/setup.py", | |
| "install", | |
| ], | |
| cwd="/opt/ambassador/python/", | |
| check=False, | |
| ) | |
| # ... and run the "installer" we created earlier in the | |
| # `package-factory` image to install PyYAML... | |
| #subprocess.check_call([sys.executable, str(pyyaml)]) | |
| # Ensure the `ambassador` Python packages are importable | |
| Path("/usr/local/lib/python3.11/site-packages/ambassador.pth").write_text( | |
| "/opt/ambassador/python/\n" | |
| ) | |
| # ̶N̶o̶t̶ ̶c̶l̶e̶a̶n̶i̶n̶g̶ ̶u̶p̶ ̶t̶e̶m̶p̶o̶r̶a̶r̶y̶ ̶f̶i̶l̶e̶s̶ ̶g̶o̶e̶s̶ ̶a̶g̶a̶i̶n̶s̶t̶ ̶e̶v̶e̶r̶y̶t̶h̶i̶n̶g̶ ̶I̶ ̶k̶n̶o̶w̶ | |
| # ̶ ̶t̶o̶ ̶b̶e̶ ̶r̶i̶g̶h̶t̶ ̶a̶n̶d̶ ̶t̶r̶u̶e̶,̶ ̶a̶n̶d̶ ̶I̶ ̶w̶i̶l̶l̶ ̶s̶o̶o̶n̶e̶r̶ ̶l̶a̶y̶ ̶y̶o̶u̶ ̶i̶n̶t̶o̶ ̶t̶h̶i̶s̶ ̶b̶a̶r̶r̶e̶n̶ | |
| # ̶ ̶e̶a̶r̶t̶h̶ ̶t̶h̶a̶n̶ ̶e̶n̶t̶e̶r̶t̶a̶i̶n̶ ̶t̶h̶e̶ ̶f̶o̶l̶l̶y̶ ̶o̶f̶ ̶a̶l̶l̶o̶w̶i̶n̶g̶ ̶t̶h̶e̶m̶ ̶t̶o̶ ̶r̶e̶m̶a̶i̶n̶ ̶i̶n̶ ̶t̶h̶e̶ | |
| # ̶ ̶f̶i̶n̶a̶l̶ ̶p̶u̶b̶l̶i̶s̶h̶e̶d̶ ̶i̶m̶a̶g̶e̶ ̶f̶o̶r̶ ̶a̶ ̶m̶o̶m̶e̶n̶t̶ ̶l̶o̶n̶g̶e̶r̶ Keep it clean folks | |
| rmtree("/tmp") | |
| Path("/tmp").mkdir(mode=0o777, exist_ok=False) | |
| # Ensure everything else that Emissary expects exists where it's expected to | |
| Path("/ambassador/sidecars").mkdir(mode=0o777, parents=True, exist_ok=True) | |
| Path("/ambassador/snapshots").mkdir(mode=0o777, parents=True, exist_ok=True) | |
| Path("/ambassador/envoy").mkdir(mode=0o777, parents=True, exist_ok=True) | |
| Path("/tmp/ambassador").mkdir(mode=0o777, parents=True, exist_ok=True) | |
| Path("/tmp/admin_access_log").touch(mode=0o777, exist_ok=True) | |
| for script in Path("/opt/ambassador/python/").glob("*.py"): | |
| Path(f"/ambassador/{script.name}").symlink_to(script) | |
| st = os.stat("/opt/ambassador/python/entrypoint.sh") | |
| os.chmod("/opt/ambassador/python/entrypoint.sh", st.st_mode | stat.S_IEXEC) | |
| for item in chain( | |
| Path("/ambassador").rglob("**/*"), | |
| Path("/tmp").rglob("**/*"), | |
| ): | |
| os.chmod(item.resolve(), 0o777) | |
| os.symlink('/opt/ambassador/bin/envoy-static-stripped', '/usr/bin/envoy') | |
| os.chmod("/tmp", 0o777) | |
| os.chmod("/ambassador", 0o777) | |
| os.chmod("/tmp/ambassador", 0o777) | |
| Path("/ambassador/housekeeping.py").unlink(missing_ok=True) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment