feat: tini as ENTRYPOINT and related cosmetics (#12707)

* Use tini as the ENTRYPOINT implicitly Signed-off-by: Gergely Czuczy <gergely.czuczy@sap.com> * Explicitly call /bin/cp instead of relying on PATH Signed-off-by: Gergely Czuczy <gergely.czuczy@sap.com> * POSIX sh is sufficient for entrypoint.sh Signed-off-by: Gergely Czuczy <gergely.czuczy@sap.com> * Add 2.6-2.7 to docs indexes Signed-off-by: Gergely Czuczy <gergely.czuczy@sap.com> * Add note on tini on entry to 2.6-2.7 upgrade notes Signed-off-by: Gergely Czuczy <gergely.czuczy@sap.com> * Added note to 2.7-2.8 notes on tini as entry Signed-off-by: Gergely Czuczy <gergely.czuczy@sap.com> --------- Signed-off-by: Gergely Czuczy <gergely.czuczy@sap.com>
2026-04-21 17:07:16 +00:00 · 2023-03-10 18:31:20 +01:00 · 2023-03-10 18:31:20 +01:00 · c2e0026de1
commit c2e0026de1
parent c41dc605b2
20 changed files with 96 additions and 87 deletions
--- a/1
+++ b/1
@ -132,3 +132,4 @@ RUN ln -s /usr/local/bin/argocd /usr/local/bin/argocd-server && \
    ln -s /usr/local/bin/argocd /usr/local/bin/argocd-k8s-auth

 USER $ARGOCD_USER_ID
+ENTRYPOINT ["/usr/bin/tini", "--"]
--- a/docs/2.7-2.8.md
+++ b/docs/2.7-2.8.md
@ -0,0 +1,5 @@
+# 2.7 to 2.8
+
+## Tini as entrypoint
+
+With the 2.8 release `entrypoint.sh` will be removed from the containers, because starting with 2.7, the implicit entrypoint is set to `tini` in the `Dockerfile` explicitly, and the kubernetes manifests has been updated to use it. Simply updating the containers without updating the deployment manifests will result in pod startup failures, as the old manifests are relying on `entrypoint.sh` instead of `tini`. Please make sure the manifests are updated properly before moving to 2.8.
--- a/docs/operator-manual/upgrading/2.6-2.7.md
+++ b/docs/operator-manual/upgrading/2.6-2.7.md
@ -45,3 +45,9 @@ Note that bundled Helm version has been upgraded from 3.10.3 to 3.11.1.
 Argo CD 2.7 upgrades Sprig templating specifically within Argo CD notifications to v3. That upgrade includes an upgrade of [Masterminds/semver](https://github.com/Masterminds/semver/releases) to v3.

 Masterminds/semver v3 changed the behavior of the `^` prefix in semantic version constraints. If you are using sprig template functions in your notifications templates which include references to [Sprig's semver functions](https://masterminds.github.io/sprig/semver.html) and use the `^` prefix, read the [Masterminds/semver changelog](https://github.com/Masterminds/semver/releases/tag/v3.0.0) to understand how your notifications' behavior may change.
+
+## Tini as entrypoint
+
+The manifests are now using [`tini` as entrypoint][1], instead of `entrypoint.sh`. Until 2.8, `entrypoint.sh` is retained for upgrade compatibility. This means that the deployment manifests have to be updated after upgrading to 2.7, and before upgrading to 2.8 later. In case the manifests are updated before moving to 2.8, the containers will not be able to start.
+
+[1]: https://github.com/argoproj/argo-cd/pull/12707
--- a/docs/operator-manual/upgrading/overview.md
+++ b/docs/operator-manual/upgrading/overview.md
@ -37,6 +37,7 @@ kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/<v

 <hr/>

+* [v2.6 to v2.7](./2.6-2.7.md)
 * [v2.5 to v2.6](./2.5-2.6.md)
 * [v2.4 to v2.5](./2.4-2.5.md)
 * [v2.3 to v2.4](./2.3-2.4.md)
--- a/entrypoint.sh
+++ b/entrypoint.sh
@ -1,4 +1,4 @@
-#!/bin/bash
+#!/bin/sh

 # If we're started as PID 1, we should wrap command execution through tini to
 # prevent leakage of orphaned processes ("zombies").
--- a/manifests/base/application-controller/argocd-application-controller-statefulset.yaml
+++ b/manifests/base/application-controller/argocd-application-controller-statefulset.yaml
@ -18,8 +18,8 @@ spec:
        app.kubernetes.io/name: argocd-application-controller
    spec:
      containers:
-      - command:
-        - argocd-application-controller
+      - args:
+        - /usr/local/bin/argocd-application-controller
        env:
        - name: ARGOCD_CONTROLLER_REPLICAS
          value: "1"
--- a/manifests/base/applicationset-controller/argocd-applicationset-controller-deployment.yaml
+++ b/manifests/base/applicationset-controller/argocd-applicationset-controller-deployment.yaml
@ -16,9 +16,8 @@ spec:
        app.kubernetes.io/name: argocd-applicationset-controller
    spec:
      containers:
-        - command:
-            - entrypoint.sh
-            - argocd-applicationset-controller
+        - args:
+            - /usr/local/bin/argocd-applicationset-controller
          image: quay.io/argoproj/argocd:latest
          imagePullPolicy: Always
          name: argocd-applicationset-controller
--- a/manifests/base/dex/argocd-dex-server-deployment.yaml
+++ b/manifests/base/dex/argocd-dex-server-deployment.yaml
@ -20,7 +20,7 @@ spec:
      - name: copyutil
        image: quay.io/argoproj/argocd:latest
        imagePullPolicy: Always
-        command: [cp, -n, /usr/local/bin/argocd, /shared/argocd-dex]
+        command: [/bin/cp, -n, /usr/local/bin/argocd, /shared/argocd-dex]
        volumeMounts:
        - mountPath: /shared
          name: static-files
--- a/manifests/base/notification/argocd-notifications-controller-deployment.yaml
+++ b/manifests/base/notification/argocd-notifications-controller-deployment.yaml
@ -29,8 +29,8 @@ spec:
            - key: ca.crt
              path: ca.crt
      containers:
-        - command:
-            - argocd-notifications
+        - args:
+            - /usr/local/bin/argocd-notifications
          workingDir: /app
          livenessProbe:
            tcpSocket:
--- a/manifests/base/repo-server/argocd-repo-server-deployment.yaml
+++ b/manifests/base/repo-server/argocd-repo-server-deployment.yaml
@ -21,7 +21,10 @@ spec:
      - name: argocd-repo-server
        image: quay.io/argoproj/argocd:latest
        imagePullPolicy: Always
-        command: [ "sh", "-c", "entrypoint.sh argocd-repo-server --redis $(ARGOCD_REDIS_SERVICE):6379"]
+        args:
+          - /usr/local/bin/argocd-repo-server
+          - "--redis"
+          - "$(ARGOCD_REDIS_SERVICE):6379"
        env:
          - name: ARGOCD_RECONCILIATION_TIMEOUT
            valueFrom:
@ -194,7 +197,7 @@ spec:
          name: plugins
      initContainers:
      - command:
-        - cp
+        - /bin/cp
        - -n
        - /usr/local/bin/argocd
        - /var/run/argocd/argocd-cmp-server
--- a/manifests/base/server/argocd-server-deployment.yaml
+++ b/manifests/base/server/argocd-server-deployment.yaml
@ -20,7 +20,8 @@ spec:
      - name: argocd-server
        image: quay.io/argoproj/argocd:latest
        imagePullPolicy: Always
-        command: [argocd-server]
+        args:
+          - /usr/local/bin/argocd-server
        env:
        - name: ARGOCD_SERVER_INSECURE
          valueFrom:
--- a/manifests/core-install.yaml
+++ b/manifests/core-install.yaml
@ -15628,9 +15628,8 @@ spec:
        app.kubernetes.io/name: argocd-applicationset-controller
    spec:
      containers:
-      - command:
-        - entrypoint.sh
-        - argocd-applicationset-controller
+      - args:
+        - /usr/local/bin/argocd-applicationset-controller
        env:
        - name: NAMESPACE
          valueFrom:
@ -15829,10 +15828,10 @@ spec:
            weight: 5
      automountServiceAccountToken: false
      containers:
-      - command:
-        - sh
-        - -c
-        - entrypoint.sh argocd-repo-server --redis argocd-redis:6379
+      - args:
+        - /usr/local/bin/argocd-repo-server
+        - --redis
+        - argocd-redis:6379
        env:
        - name: ARGOCD_RECONCILIATION_TIMEOUT
          valueFrom:
@ -16008,7 +16007,7 @@ spec:
          name: plugins
      initContainers:
      - command:
-        - cp
+        - /bin/cp
        - -n
        - /usr/local/bin/argocd
        - /var/run/argocd/argocd-cmp-server
@ -16094,8 +16093,8 @@ spec:
              topologyKey: kubernetes.io/hostname
            weight: 5
      containers:
-      - command:
-        - argocd-application-controller
+      - args:
+        - /usr/local/bin/argocd-application-controller
        env:
        - name: ARGOCD_CONTROLLER_REPLICAS
          value: "1"
--- a/manifests/ha/base/overlays/argocd-application-controller-statefulset.yaml
+++ b/manifests/ha/base/overlays/argocd-application-controller-statefulset.yaml
@ -7,7 +7,7 @@ spec:
    spec:
      containers:
      - name: argocd-application-controller
-        command:
-        - argocd-application-controller
+        args:
+        - /usr/local/bin/argocd-application-controller
        - --redis
        - "argocd-redis-ha-haproxy:6379"
--- a/manifests/ha/base/overlays/argocd-repo-server-deployment.yaml
+++ b/manifests/ha/base/overlays/argocd-repo-server-deployment.yaml
@ -22,8 +22,7 @@ spec:
              topologyKey: topology.kubernetes.io/zone
      containers:
      - name: argocd-repo-server
-        command:
-        - entrypoint.sh
-        - argocd-repo-server
+        args:
+        - /usr/local/bin/argocd-repo-server
        - --redis
        - "argocd-redis-ha-haproxy:6379"
--- a/manifests/ha/base/overlays/argocd-server-deployment.yaml
+++ b/manifests/ha/base/overlays/argocd-server-deployment.yaml
@ -25,7 +25,7 @@ spec:
        env:
        - name: ARGOCD_API_SERVER_REPLICAS
          value: '2'
-        command:
-        - argocd-server
+        args:
+        - /usr/local/bin/argocd-server
        - --redis
        - "argocd-redis-ha-haproxy:6379"
--- a/manifests/ha/install.yaml
+++ b/manifests/ha/install.yaml
@ -16829,9 +16829,8 @@ spec:
        app.kubernetes.io/name: argocd-applicationset-controller
    spec:
      containers:
-      - command:
-        - entrypoint.sh
-        - argocd-applicationset-controller
+      - args:
+        - /usr/local/bin/argocd-applicationset-controller
        env:
        - name: NAMESPACE
          valueFrom:
@ -17003,7 +17002,7 @@ spec:
          name: argocd-dex-server-tls
      initContainers:
      - command:
-        - cp
+        - /bin/cp
        - -n
        - /usr/local/bin/argocd
        - /shared/argocd-dex
@ -17058,8 +17057,8 @@ spec:
        app.kubernetes.io/name: argocd-notifications-controller
    spec:
      containers:
-      - command:
-        - argocd-notifications
+      - args:
+        - /usr/local/bin/argocd-notifications
        image: quay.io/argoproj/argocd:latest
        imagePullPolicy: Always
        livenessProbe:
@ -17231,9 +17230,8 @@ spec:
            topologyKey: kubernetes.io/hostname
      automountServiceAccountToken: false
      containers:
-      - command:
-        - entrypoint.sh
-        - argocd-repo-server
+      - args:
+        - /usr/local/bin/argocd-repo-server
        - --redis
        - argocd-redis-ha-haproxy:6379
        env:
@ -17411,7 +17409,7 @@ spec:
          name: plugins
      initContainers:
      - command:
-        - cp
+        - /bin/cp
        - -n
        - /usr/local/bin/argocd
        - /var/run/argocd/argocd-cmp-server
@ -17495,8 +17493,8 @@ spec:
                app.kubernetes.io/name: argocd-server
            topologyKey: kubernetes.io/hostname
      containers:
-      - command:
-        - argocd-server
+      - args:
+        - /usr/local/bin/argocd-server
        - --redis
        - argocd-redis-ha-haproxy:6379
        env:
@ -17803,8 +17801,8 @@ spec:
              topologyKey: kubernetes.io/hostname
            weight: 5
      containers:
-      - command:
-        - argocd-application-controller
+      - args:
+        - /usr/local/bin/argocd-application-controller
        - --redis
        - argocd-redis-ha-haproxy:6379
        env:
--- a/manifests/ha/namespace-install.yaml
+++ b/manifests/ha/namespace-install.yaml
@ -1494,9 +1494,8 @@ spec:
        app.kubernetes.io/name: argocd-applicationset-controller
    spec:
      containers:
-      - command:
-        - entrypoint.sh
-        - argocd-applicationset-controller
+      - args:
+        - /usr/local/bin/argocd-applicationset-controller
        env:
        - name: NAMESPACE
          valueFrom:
@ -1668,7 +1667,7 @@ spec:
          name: argocd-dex-server-tls
      initContainers:
      - command:
-        - cp
+        - /bin/cp
        - -n
        - /usr/local/bin/argocd
        - /shared/argocd-dex
@ -1723,8 +1722,8 @@ spec:
        app.kubernetes.io/name: argocd-notifications-controller
    spec:
      containers:
-      - command:
-        - argocd-notifications
+      - args:
+        - /usr/local/bin/argocd-notifications
        image: quay.io/argoproj/argocd:latest
        imagePullPolicy: Always
        livenessProbe:
@ -1896,9 +1895,8 @@ spec:
            topologyKey: kubernetes.io/hostname
      automountServiceAccountToken: false
      containers:
-      - command:
-        - entrypoint.sh
-        - argocd-repo-server
+      - args:
+        - /usr/local/bin/argocd-repo-server
        - --redis
        - argocd-redis-ha-haproxy:6379
        env:
@ -2076,7 +2074,7 @@ spec:
          name: plugins
      initContainers:
      - command:
-        - cp
+        - /bin/cp
        - -n
        - /usr/local/bin/argocd
        - /var/run/argocd/argocd-cmp-server
@ -2160,8 +2158,8 @@ spec:
                app.kubernetes.io/name: argocd-server
            topologyKey: kubernetes.io/hostname
      containers:
-      - command:
-        - argocd-server
+      - args:
+        - /usr/local/bin/argocd-server
        - --redis
        - argocd-redis-ha-haproxy:6379
        env:
@ -2468,8 +2466,8 @@ spec:
              topologyKey: kubernetes.io/hostname
            weight: 5
      containers:
-      - command:
-        - argocd-application-controller
+      - args:
+        - /usr/local/bin/argocd-application-controller
        - --redis
        - argocd-redis-ha-haproxy:6379
        env:
--- a/manifests/install.yaml
+++ b/manifests/install.yaml
@ -15948,9 +15948,8 @@ spec:
        app.kubernetes.io/name: argocd-applicationset-controller
    spec:
      containers:
-      - command:
-        - entrypoint.sh
-        - argocd-applicationset-controller
+      - args:
+        - /usr/local/bin/argocd-applicationset-controller
        env:
        - name: NAMESPACE
          valueFrom:
@ -16122,7 +16121,7 @@ spec:
          name: argocd-dex-server-tls
      initContainers:
      - command:
-        - cp
+        - /bin/cp
        - -n
        - /usr/local/bin/argocd
        - /shared/argocd-dex
@ -16177,8 +16176,8 @@ spec:
        app.kubernetes.io/name: argocd-notifications-controller
    spec:
      containers:
-      - command:
-        - argocd-notifications
+      - args:
+        - /usr/local/bin/argocd-notifications
        image: quay.io/argoproj/argocd:latest
        imagePullPolicy: Always
        livenessProbe:
@ -16307,10 +16306,10 @@ spec:
            weight: 5
      automountServiceAccountToken: false
      containers:
-      - command:
-        - sh
-        - -c
-        - entrypoint.sh argocd-repo-server --redis argocd-redis:6379
+      - args:
+        - /usr/local/bin/argocd-repo-server
+        - --redis
+        - argocd-redis:6379
        env:
        - name: ARGOCD_RECONCILIATION_TIMEOUT
          valueFrom:
@ -16486,7 +16485,7 @@ spec:
          name: plugins
      initContainers:
      - command:
-        - cp
+        - /bin/cp
        - -n
        - /usr/local/bin/argocd
        - /var/run/argocd/argocd-cmp-server
@ -16570,8 +16569,8 @@ spec:
              topologyKey: kubernetes.io/hostname
            weight: 5
      containers:
-      - command:
-        - argocd-server
+      - args:
+        - /usr/local/bin/argocd-server
        env:
        - name: ARGOCD_SERVER_INSECURE
          valueFrom:
@ -16874,8 +16873,8 @@ spec:
              topologyKey: kubernetes.io/hostname
            weight: 5
      containers:
-      - command:
-        - argocd-application-controller
+      - args:
+        - /usr/local/bin/argocd-application-controller
        env:
        - name: ARGOCD_CONTROLLER_REPLICAS
          value: "1"
--- a/manifests/namespace-install.yaml
+++ b/manifests/namespace-install.yaml
@ -613,9 +613,8 @@ spec:
        app.kubernetes.io/name: argocd-applicationset-controller
    spec:
      containers:
-      - command:
-        - entrypoint.sh
-        - argocd-applicationset-controller
+      - args:
+        - /usr/local/bin/argocd-applicationset-controller
        env:
        - name: NAMESPACE
          valueFrom:
@ -787,7 +786,7 @@ spec:
          name: argocd-dex-server-tls
      initContainers:
      - command:
-        - cp
+        - /bin/cp
        - -n
        - /usr/local/bin/argocd
        - /shared/argocd-dex
@ -842,8 +841,8 @@ spec:
        app.kubernetes.io/name: argocd-notifications-controller
    spec:
      containers:
-      - command:
-        - argocd-notifications
+      - args:
+        - /usr/local/bin/argocd-notifications
        image: quay.io/argoproj/argocd:latest
        imagePullPolicy: Always
        livenessProbe:
@ -972,10 +971,10 @@ spec:
            weight: 5
      automountServiceAccountToken: false
      containers:
-      - command:
-        - sh
-        - -c
-        - entrypoint.sh argocd-repo-server --redis argocd-redis:6379
+      - args:
+        - /usr/local/bin/argocd-repo-server
+        - --redis
+        - argocd-redis:6379
        env:
        - name: ARGOCD_RECONCILIATION_TIMEOUT
          valueFrom:
@ -1151,7 +1150,7 @@ spec:
          name: plugins
      initContainers:
      - command:
-        - cp
+        - /bin/cp
        - -n
        - /usr/local/bin/argocd
        - /var/run/argocd/argocd-cmp-server
@ -1235,8 +1234,8 @@ spec:
              topologyKey: kubernetes.io/hostname
            weight: 5
      containers:
-      - command:
-        - argocd-server
+      - args:
+        - /usr/local/bin/argocd-server
        env:
        - name: ARGOCD_SERVER_INSECURE
          valueFrom:
@ -1539,8 +1538,8 @@ spec:
              topologyKey: kubernetes.io/hostname
            weight: 5
      containers:
-      - command:
-        - argocd-application-controller
+      - args:
+        - /usr/local/bin/argocd-application-controller
        env:
        - name: ARGOCD_CONTROLLER_REPLICAS
          value: "1"
--- a/mkdocs.yml
+++ b/mkdocs.yml
@ -113,6 +113,7 @@ nav:
    - operator-manual/server-commands/additional-configuration-method.md
  - Upgrading:
    - operator-manual/upgrading/overview.md
+    - operator-manual/upgrading/2.6-2.7.md
    - operator-manual/upgrading/2.5-2.6.md
    - operator-manual/upgrading/2.4-2.5.md
    - operator-manual/upgrading/2.3-2.4.md