BUILD/MAJOR: replace s6 with pebble

s6 is giving us some issues, so decision was made to move to pebble init system

Author: oktalz

build/Dockerfile

@@ -20,6 +20,8 @@ COPY /go.mod /src/go.mod
 COPY /go.sum /src/go.sum
 RUN cd /src && go mod download
 
+RUN go install github.com/canonical/pebble/cmd/pebble@v1.25.0
+
 COPY / /src
 
 RUN mkdir -p /var/run/vars && \
@@ -48,40 +50,26 @@ ENV S6_USER=haproxy
 ENV S6_GROUP=haproxy
 
 COPY /fs /
+COPY --from=builder /go/bin/pebble /usr/local/bin
 COPY --from=builder-c /src/libblock_secrets.so /usr/local/lib/libblock_secrets.so
 COPY --from=builder-c /src/haproxy_wrapper /usr/local/sbin/haproxy_wrapper
 
 RUN apk --no-cache add socat openssl util-linux htop tzdata curl libcap && \
     rm -f /usr/local/bin/dataplaneapi /usr/bin/dataplaneapi /etc/haproxy/dataplaneapi.yml && \
     rm -f /usr/local/bin/dataplaneapi-v2 /usr/bin/dataplaneapi-v2 && \
     rm -f /etc/haproxy/haproxy.cfg && \
+    rm usr/local/hug/defaults.go && \
     mkdir -p /usr/local/hug/aux && \
+    mkdir -p /var/run/haproxy && \
     chgrp -R haproxy /usr/local/hug && \
     chmod -R ug+rwx /usr/local/hug && \
-    chown -R "${S6_USER}:${S6_GROUP}" /usr/local/etc/haproxy /run /var && \
+    chown -R "haproxy:haproxy" /usr/local/etc/haproxy /run /var && \
     chmod -R ug+rwx /usr/local/etc/haproxy /run /var && \
     chmod u+rx /usr/local/sbin/haproxy_wrapper && \
-    setcap 'cap_net_bind_service=+ep' /usr/local/sbin/haproxy_wrapper && \
-    case "${TARGETPLATFORM}" in \
-        "linux/arm64")      S6_ARCH=aarch64      ;; \
-        "linux/amd64")      S6_ARCH=x86_64       ;; \
-        "linux/arm/v6")     S6_ARCH=arm          ;; \
-        "linux/arm/v7")     S6_ARCH=armhf        ;; \
-        "linux/ppc64")      S6_ARCH=powerpc64    ;; \
-        "linux/ppc64le")    S6_ARCH=powerpc64le  ;; \
-        "linux/486")        S6_ARCH=i486         ;; \
-        "linux/686")        S6_ARCH=i686         ;; \
-        *) echo "ARG TARGETPLATFORM undeclared" >&2 && exit 1 ;; \
-    esac && \
-    curl -sS -L -o /tmp/s6-overlay-scripts.tar.xz "https://github.com/just-containers/s6-overlay/releases/download/v${S6_OVERLAY_VERSION}/s6-overlay-noarch.tar.xz" && \
-    tar -C / -Jxpf /tmp/s6-overlay-scripts.tar.xz && \
-    curl -sS -L -o /tmp/s6-overlay-binaries.tar.xz "https://github.com/just-containers/s6-overlay/releases/download/v${S6_OVERLAY_VERSION}/s6-overlay-${S6_ARCH}.tar.xz" && \
-    tar -C / -Jxpf /tmp/s6-overlay-binaries.tar.xz && \
-    rm -f /tmp/s6-overlay-scripts.tar.xz /tmp/s6-overlay-binaries.tar.xz && \
-    chown -R "${S6_USER}:${S6_GROUP}" /init /etc/s6-overlay && \
-    chmod u+x /init /etc/s6-overlay/scripts/* && \
-    rm -rf /var/lib/pebble
-
-COPY --from=builder /src/fs/kubernetes-controller .
+    setcap 'cap_net_bind_service=+ep' /usr/local/sbin/haproxy_wrapper
+
+COPY --from=builder /src/fs/kubernetes-controller /usr/local/sbin/hug
+
+STOPSIGNAL SIGTERM
 
 ENTRYPOINT ["/start.sh"]

build/Dockerfile.dev

@@ -11,6 +11,10 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+FROM golang:1.25-alpine AS builder
+
+RUN apk --no-cache add git openssh
+RUN go install github.com/canonical/pebble/cmd/pebble@v1.25.0
 
 FROM haproxytech/haproxy-alpine:3.2 AS builder-c
 RUN apk add --no-cache build-base gcc musl-dev
@@ -25,13 +29,8 @@ FROM haproxytech/haproxy-alpine:3.2
 
 ARG TARGETPLATFORM
 
-ARG S6_OVERLAY_VERSION=3.1.6.2
-ENV S6_OVERLAY_VERSION=$S6_OVERLAY_VERSION
-ENV S6_READ_ONLY_ROOT=1
-ENV S6_USER=haproxy
-ENV S6_GROUP=haproxy
-
 COPY /fs /
+COPY --from=builder /go/bin/pebble /usr/local/bin
 COPY --from=builder-c /src/libblock_secrets.so /usr/local/lib/libblock_secrets.so
 COPY --from=builder-c /src/haproxy_wrapper /usr/local/sbin/haproxy_wrapper
 
@@ -43,33 +42,18 @@ RUN apk --no-cache add socat openssl util-linux htop tzdata curl libcap && \
     rm -f /usr/local/bin/dataplaneapi /usr/bin/dataplaneapi /etc/haproxy/dataplaneapi.yml && \
     rm -f /usr/local/bin/dataplaneapi-v2 /usr/bin/dataplaneapi-v2 && \
     rm -f /etc/haproxy/haproxy.cfg && \
+    rm usr/local/hug/defaults.go && \
     mkdir -p /usr/local/hug/aux && \
+    mkdir -p /var/run/haproxy && \
     chgrp -R haproxy /usr/local/hug && \
     chmod -R ug+rwx /usr/local/hug && \
-    chown -R "${S6_USER}:${S6_GROUP}" /usr/local/etc/haproxy /run /var && \
+    chown -R "haproxy:haproxy" /usr/local/etc/haproxy /run /var && \
     chmod -R ug+rwx /usr/local/etc/haproxy /run /var && \
     chmod u+rx /usr/local/sbin/haproxy_wrapper && \
-    setcap 'cap_net_bind_service=+ep' /usr/local/sbin/haproxy_wrapper && \
-    case "${TARGETPLATFORM}" in \
-        "linux/arm64")      S6_ARCH=aarch64      ;; \
-        "linux/amd64")      S6_ARCH=x86_64       ;; \
-        "linux/arm/v6")     S6_ARCH=arm          ;; \
-        "linux/arm/v7")     S6_ARCH=armhf        ;; \
-        "linux/ppc64")      S6_ARCH=powerpc64    ;; \
-        "linux/ppc64le")    S6_ARCH=powerpc64le  ;; \
-        "linux/486")        S6_ARCH=i486         ;; \
-        "linux/686")        S6_ARCH=i686         ;; \
-        *) echo "ARG TARGETPLATFORM undeclared" >&2 && exit 1 ;; \
-    esac && \
-    curl -sS -L -o /tmp/s6-overlay-scripts.tar.xz "https://github.com/just-containers/s6-overlay/releases/download/v${S6_OVERLAY_VERSION}/s6-overlay-noarch.tar.xz" && \
-    tar -C / -Jxpf /tmp/s6-overlay-scripts.tar.xz && \
-    curl -sS -L -o /tmp/s6-overlay-binaries.tar.xz "https://github.com/just-containers/s6-overlay/releases/download/v${S6_OVERLAY_VERSION}/s6-overlay-${S6_ARCH}.tar.xz" && \
-    tar -C / -Jxpf /tmp/s6-overlay-binaries.tar.xz && \
-    rm -f /tmp/s6-overlay-scripts.tar.xz /tmp/s6-overlay-binaries.tar.xz && \
-    chown -R "${S6_USER}:${S6_GROUP}" /init /etc/s6-overlay && \
-    chmod u+x /init /etc/s6-overlay/scripts/* && \
-    rm -rf /var/lib/pebble
+    setcap 'cap_net_bind_service=+ep' /usr/local/sbin/haproxy_wrapper
+
+COPY build/kubernetes-controller /usr/local/sbin/hug
 
-COPY build/kubernetes-controller  ./kubernetes-controller
+STOPSIGNAL SIGTERM
 
 ENTRYPOINT ["/start.sh"]

cmd/controller/main.go

@@ -69,6 +69,7 @@ func main() {
 	params := haproxyparams.Params{
 		Test:             hugConfig.Test,
 		UseWiths6Overlay: hugConfig.UseWiths6Overlay,
+		UseWithPebble:    hugConfig.UseWithPebble,
 		HaproxyDirs:      hugConfig.HaproxyDirs,
 	}
 	p := process.New(params, haproxyClient, gateconfig.Logger)
@@ -107,7 +108,7 @@ func main() {
 	cntlr.Configuration.Logger.Info("Context cancelled: shutting down controller")
 	cntlr.Configuration.Logger.Info("Graceful shutdown requested...")
 
-	// Stop your controller logic
+	// Stop controller logic if its still running
 	haproxyAppManager.Stop()
 
 	// Wait for background goroutines to finish

example/deploy/hug/controller.yaml

@@ -30,6 +30,11 @@ spec:
               memory: 2560Mi
             requests:
               memory: 2048Mi
+          lifecycle:
+            preStop:
+              exec:
+                # Send SIGUSR1 directly to the haproxy process
+                command: ["/bin/sh", "-c", "kill -SIGUSR1 $(cat /var/run/haproxy.pid)"]
           args:
             # specify the hugconf CRD location, all other params are in configuration file
             - --hugconf-crd=haproxy-unified-gateway/hugconf