Remove shell dependency from validator pods#2434
Draft
rajathagasthya wants to merge 1 commit intoNVIDIA:mainfrom
Draft
Remove shell dependency from validator pods#2434rajathagasthya wants to merge 1 commit intoNVIDIA:mainfrom
rajathagasthya wants to merge 1 commit intoNVIDIA:mainfrom
Conversation
rajathagasthya
force-pushed
the
worktree-distroless-dev
branch
5 times, most recently
from
19fd65d to
14f5202
Compare
NVIDIA's distroless-cc `-dev` tag (the gpu-operator image base) will no longer be approved as a STIG parent image. The non-`-dev` variant ships no shell, so the validator daemonsets and workload validation pods — which wrapped binaries in `sh -c` and used shell-based preStop hooks — would break on the new base. Re-adding a shell to the image would only swap one CVE source for another. Replace shell wrappers with direct binary invocation. The operator-validator and sandbox-validator init containers invoke `nvidia-validator` directly. Their pause containers use a new top-level `--sleep` flag that prints the validator-success message and blocks on SIGTERM. Workload pod main containers run `nvidia-validator --version` as a no-op exit-0; the per-workload success message now prints from `(c *CUDA).runWorkload` and `(p *Plugin).runWorkload` after `waitForPod` succeeds — surfacing in the operator-validator init container logs where success is actually established. For preStop cleanup, add a small static helper `rmglob` that takes glob patterns and removes matching paths. Modeled on k8s-cc-manager's vendored static `/bin/rm`, shipped at `/usr/bin/rmglob`. Both validator daemonsets keep their `lifecycle.preStop` blocks; they now call this binary instead of `sh -c rm`. Drop `hack/must-gather.sh` from the image entrypoint at `/usr/bin/gather`. It depended on `bash`, `kubectl`, and `oc` — none of which ship in the distroless base. Customers already run the script from outside the cluster against an existing kubeconfig; removing the in-image copy doesn't change that workflow. Flip the Dockerfile base to `nvcr.io/nvidia/distroless/cc:v4.0.4`. Signed-off-by: Rajath Agasthya <ragasthya@nvidia.com>
rajathagasthya
force-pushed
the
worktree-distroless-dev
branch
from
14f5202 to
20e9691
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description
This is Part 1 of a multi-part effort to move the gpu-operator image off the
nvcr.io/nvidia/distroless/cc:v4.0.0-devbase. NVIDIA's STIG policy is dropping-devdistroless tags as approved parent images. The non--devvariants shipno shell. A primary motivation for the migration is the recurring shell-related
CVE backlog the operator inherits today, so re-adding a shell to side-step the
move would defeat the purpose.
This PR addresses the shell dependencies inside the gpu-operator image
itself — specifically the validator daemonsets and the workload validation
pods packaged into the image.
What's changed in this PR
Replace shell wrappers with direct binary invocation. The
operator-validator and sandbox-validator init containers invoke
nvidia-validatordirectly. Their pause containers use a new top-level--sleepflag that prints the validator-success message and blocks onSIGTERM. Workload pod main containers run
nvidia-validator --versionas a no-op exit-0; the per-workload success message now prints from
(c *CUDA).runWorkloadand(p *Plugin).runWorkloadafterwaitForPodsucceeds — surfacing in the operator-validator init container logs where
success is actually established.
For preStop cleanup, add a small static helper
rmglobthat takes globpatterns and removes matching paths. Modeled on k8s-cc-manager's vendored
static
/bin/rm, shipped at/usr/bin/rmglob. Both validator daemonsetskeep their
lifecycle.preStopblocks; they now call this binary insteadof
sh -c rm.Flip the Dockerfile base to
nvcr.io/nvidia/distroless/cc:v4.0.0.What's remaining (follow-up PRs)
same pattern in its runtime Dockerfile —
FROM ...:vX-devplusSHELL ["/busybox/sh", "-c"]plusRUN ln -s /busybox/sh /bin/sh—and needs the
-devtag dropped along with the busybox symlink.Mechanical, ~5-line Dockerfile diff per repo, independent of each
other:
- [ ]
NVIDIA/mig-parted—deployments/container/Dockerfile- [ ]
NVIDIA/nvidia-container-toolkit—deployments/container/Dockerfile(×2 stages: packaging,application)
- [ ]
NVIDIA/k8s-driver-manager—deployments/container/Dockerfile.distroless- [ ]
NVIDIA/k8s-device-plugin—deployments/container/Dockerfileimages above stop shipping
/bin/sh, the remainingsh -cwrappers in gpu-operator's operand asset DaemonSets will break.
These need to be converted to direct binary invocations or to
rmglob-style static helpers (modeled on the same pattern asthis PR):
- [ ]
assets/state-driver/0500_daemonset.yaml—nvidia-driver probe_nvidia_peermem,lsmod | grep nvidia_fs,lsmod | grep gdrdrv,rm -f /run/.../driver-ctr-readypreStop- [ ]
assets/state-vfio-manager/0500_daemonset.yaml—vfio-manage bind --all && while true; do sleep …- [ ]
assets/state-mig-manager/0600_daemonset.yaml- [ ]
assets/state-vgpu-manager/0500_daemonset.yaml- [ ]
assets/state-vgpu-device-manager/0600_daemonset.yaml- [ ]
assets/state-sandbox-device-plugin/0500_daemonset.yaml- [ ]
assets/state-cc-manager/0500_daemonset.yaml- [ ]
assets/state-dcgm/0400_dcgm.yml,assets/state-dcgm-exporter/0800_daemonset.yaml- [ ]
assets/state-mps-control-daemon/0400_daemonset.yaml- [ ]
assets/state-container-toolkit/0500_daemonset.yaml- [ ]
assets/state-device-plugin/0500_daemonset.yaml- [ ]
assets/gpu-feature-discovery/0500_daemonset.yamlChecklist
make lint)make validate-generated-assets)make validate-modules)Testing
cmd/nvidia-validator/main_test.go:Test_validateFlags_standaloneSleep— validates that an empty--componentis permitted only when--sleepis set.Test_runSleep_returnsOnSignal— sends SIGTERM and confirmsrunSleepreturns nil within 2s.Test_runSleep_contextCancel— confirms ctx cancellation alsounblocks
runSleepcleanly.cmd/rmglob/main_test.go:TestRmglob— builds the binary, createsa-ready,b-ready,keep.txtin a tempdir, runsrmglob "<tempdir>/*-ready",asserts the
-readyfiles are gone andkeep.txtremains.TestRmglobNoArgs— confirms invocation with no args exitsnon-zero.
make cmdsbuilds all five binaries (gpu-operator, gpuop-cfg,manage-crds, nvidia-validator, rmglob) cleanly.
nvidia-validator --versionexits 0 with theexpected version output.
grep -rn "sh -c\|/bin/sh" assets/state-{operator,sandbox}-validation/ validator/manifests/returns zero hits.Part of NVIDIA/cloud-native-team#299
Resolves #2435
Resolves #2436