From 462fe32ef2814d473a848359c8a49163c65951bc Mon Sep 17 00:00:00 2001
From: Mitch Hulscher <mitch.hulscher@lib.io>
Date: Thu, 7 Jan 2021 16:24:24 +0100
Subject: [PATCH] fix(linkerd2-cni): execute container preStop command `kill`
 command as shell builtin (#5453)

The container-image `ghcr.io/linkerd/cni-plugin:stable-2.9.1` does not contain the `kill` command as an executable. Instead, it is available as a shell built-in. In its current state, Kubernetes emits error events whenever linkerd2-cni pods are terminated because the `kill` command can not be found.

Signed-off-by: Mitch Hulscher <mitch.hulscher@lib.io>
---
 charts/linkerd2-cni/templates/cni-plugin.yaml              | 7 ++++++-
 cli/cmd/testdata/install-cni-plugin_default.golden         | 7 ++++++-
 .../testdata/install-cni-plugin_fully_configured.golden    | 7 ++++++-
 .../install-cni-plugin_fully_configured_equal_dsts.golden  | 7 ++++++-
 ...install-cni-plugin_fully_configured_no_namespace.golden | 7 ++++++-
 cli/cmd/testdata/install-cni-plugin_skip_ports.golden      | 7 ++++++-
 cli/cmd/testdata/install_cni_helm_default_output.golden    | 7 ++++++-
 cli/cmd/testdata/install_cni_helm_override_output.golden   | 7 ++++++-
 8 files changed, 48 insertions(+), 8 deletions(-)

diff --git a/charts/linkerd2-cni/templates/cni-plugin.yaml b/charts/linkerd2-cni/templates/cni-plugin.yaml
index f899797c9..1d3619426 100644
--- a/charts/linkerd2-cni/templates/cni-plugin.yaml
+++ b/charts/linkerd2-cni/templates/cni-plugin.yaml
@@ -220,9 +220,14 @@ spec:
         - name: SLEEP
           value: "true"
         lifecycle:
+          # In some edge-cases this helps ensure that cleanup() is called in the container's script
+          # https://github.com/linkerd/linkerd2/issues/2355
           preStop:
             exec:
-              command: ["kill","-15","1"]
+              command:
+              - /bin/sh
+              - -c
+              - kill -15 1
         volumeMounts:
         {{- if ne .Values.destCNIBinDir .Values.destCNINetDir }}
         - mountPath: /host{{.Values.destCNIBinDir}}
diff --git a/cli/cmd/testdata/install-cni-plugin_default.golden b/cli/cmd/testdata/install-cni-plugin_default.golden
index 6de67b927..3a2070e97 100644
--- a/cli/cmd/testdata/install-cni-plugin_default.golden
+++ b/cli/cmd/testdata/install-cni-plugin_default.golden
@@ -185,9 +185,14 @@ spec:
         - name: SLEEP
           value: "true"
         lifecycle:
+          # In some edge-cases this helps ensure that cleanup() is called in the container's script
+          # https://github.com/linkerd/linkerd2/issues/2355
           preStop:
             exec:
-              command: ["kill","-15","1"]
+              command:
+              - /bin/sh
+              - -c
+              - kill -15 1
         volumeMounts:
         - mountPath: /host/opt/cni/bin
           name: cni-bin-dir
diff --git a/cli/cmd/testdata/install-cni-plugin_fully_configured.golden b/cli/cmd/testdata/install-cni-plugin_fully_configured.golden
index 333a1d637..f25136df3 100644
--- a/cli/cmd/testdata/install-cni-plugin_fully_configured.golden
+++ b/cli/cmd/testdata/install-cni-plugin_fully_configured.golden
@@ -186,9 +186,14 @@ spec:
         - name: SLEEP
           value: "true"
         lifecycle:
+          # In some edge-cases this helps ensure that cleanup() is called in the container's script
+          # https://github.com/linkerd/linkerd2/issues/2355
           preStop:
             exec:
-              command: ["kill","-15","1"]
+              command:
+              - /bin/sh
+              - -c
+              - kill -15 1
         volumeMounts:
         - mountPath: /host/opt/my-cni/bin
           name: cni-bin-dir
diff --git a/cli/cmd/testdata/install-cni-plugin_fully_configured_equal_dsts.golden b/cli/cmd/testdata/install-cni-plugin_fully_configured_equal_dsts.golden
index 4d71f7110..f72d7dde3 100644
--- a/cli/cmd/testdata/install-cni-plugin_fully_configured_equal_dsts.golden
+++ b/cli/cmd/testdata/install-cni-plugin_fully_configured_equal_dsts.golden
@@ -186,9 +186,14 @@ spec:
         - name: SLEEP
           value: "true"
         lifecycle:
+          # In some edge-cases this helps ensure that cleanup() is called in the container's script
+          # https://github.com/linkerd/linkerd2/issues/2355
           preStop:
             exec:
-              command: ["kill","-15","1"]
+              command:
+              - /bin/sh
+              - -c
+              - kill -15 1
         volumeMounts:
         - mountPath: /host/etc/kubernetes/cni/net.d
           name: cni-net-dir
diff --git a/cli/cmd/testdata/install-cni-plugin_fully_configured_no_namespace.golden b/cli/cmd/testdata/install-cni-plugin_fully_configured_no_namespace.golden
index 61bab3967..623ef1072 100644
--- a/cli/cmd/testdata/install-cni-plugin_fully_configured_no_namespace.golden
+++ b/cli/cmd/testdata/install-cni-plugin_fully_configured_no_namespace.golden
@@ -176,9 +176,14 @@ spec:
         - name: SLEEP
           value: "true"
         lifecycle:
+          # In some edge-cases this helps ensure that cleanup() is called in the container's script
+          # https://github.com/linkerd/linkerd2/issues/2355
           preStop:
             exec:
-              command: ["kill","-15","1"]
+              command:
+              - /bin/sh
+              - -c
+              - kill -15 1
         volumeMounts:
         - mountPath: /host/opt/my-cni/bin
           name: cni-bin-dir
diff --git a/cli/cmd/testdata/install-cni-plugin_skip_ports.golden b/cli/cmd/testdata/install-cni-plugin_skip_ports.golden
index c2f0e7a11..bca3099ac 100644
--- a/cli/cmd/testdata/install-cni-plugin_skip_ports.golden
+++ b/cli/cmd/testdata/install-cni-plugin_skip_ports.golden
@@ -185,9 +185,14 @@ spec:
         - name: SLEEP
           value: "true"
         lifecycle:
+          # In some edge-cases this helps ensure that cleanup() is called in the container's script
+          # https://github.com/linkerd/linkerd2/issues/2355
           preStop:
             exec:
-              command: ["kill","-15","1"]
+              command:
+              - /bin/sh
+              - -c
+              - kill -15 1
         volumeMounts:
         - mountPath: /host/opt/cni/bin
           name: cni-bin-dir
diff --git a/cli/cmd/testdata/install_cni_helm_default_output.golden b/cli/cmd/testdata/install_cni_helm_default_output.golden
index bf967f1b5..77c9e55db 100644
--- a/cli/cmd/testdata/install_cni_helm_default_output.golden
+++ b/cli/cmd/testdata/install_cni_helm_default_output.golden
@@ -187,9 +187,14 @@ spec:
         - name: SLEEP
           value: "true"
         lifecycle:
+          # In some edge-cases this helps ensure that cleanup() is called in the container's script
+          # https://github.com/linkerd/linkerd2/issues/2355
           preStop:
             exec:
-              command: ["kill","-15","1"]
+              command:
+              - /bin/sh
+              - -c
+              - kill -15 1
         volumeMounts:
         - mountPath: /host/opt/cni/bin
           name: cni-bin-dir
diff --git a/cli/cmd/testdata/install_cni_helm_override_output.golden b/cli/cmd/testdata/install_cni_helm_override_output.golden
index 0f72e1f66..0d2c2070f 100644
--- a/cli/cmd/testdata/install_cni_helm_override_output.golden
+++ b/cli/cmd/testdata/install_cni_helm_override_output.golden
@@ -188,9 +188,14 @@ spec:
         - name: SLEEP
           value: "true"
         lifecycle:
+          # In some edge-cases this helps ensure that cleanup() is called in the container's script
+          # https://github.com/linkerd/linkerd2/issues/2355
           preStop:
             exec:
-              command: ["kill","-15","1"]
+              command:
+              - /bin/sh
+              - -c
+              - kill -15 1
         volumeMounts:
         - mountPath: /host/opt/cni/bin-test
           name: cni-bin-dir