英文:
Run bash script in k8 container at start
问题
Command: []string{"sh", "-c", "scripts/start-script.sh"} 与 Command: []string{"sh", "scripts/start-script.sh"} 之间的区别是什么?它们是否完成相同的任务?哪一个更好?
英文:
When running a bash script in a k8 pod, what's the difference between Command: []string{"sh", "-c", "scripts/start-script.sh"} and Command: []string{"sh", "scripts/start-script.sh"} ? Do they accomplish the same thing? Which one is better?
答案1
得分: 1
Command: []string{"scripts/start-script.sh"},
这听起来可能是启动容器中默认主进程的正常方式。如果您的镜像的Dockerfile已经将其作为CMD或ENTRYPOINT,那么在Pod规范中不需要指定Command:。
sh -c形式启动一个Shell,让该Shell解释字符串scripts/start-script.sh并运行它。这可能会导致额外的进程,并且如果您没有完全控制命令字符串,可能存在重大安全问题(Shell注入攻击)。如果需要将环境变量注入命令行,请使用重定向或管道等功能(在Job规范中可能更常见),或者运行多个命令(按顺序),然后您需要使用sh -c。
sh形式明确指定您需要使用系统的Bourne shell来运行脚本。如果脚本不是POSIX shell脚本 - 它使用GNU bash的功能,实际上是用Python编写的 - 这将无法正常工作。
在正常使用中,脚本应该是可执行的,并且其第一行应该是一个"shebang"行 #!/bin/sh 或类似的。这告诉系统要使用什么解释器来执行它。有了这种标准设置,您就不需要在命令行中包括解释器名称。
<details>
<summary>英文:</summary>
You shouldn't need to mention `sh` at all.
```go
Command: []string{"scripts/start-script.sh"},
This sounds like it might be the normal thing to start the default main process in the container. If your image's Dockerfile already has this as a CMD or ENTRYPOINT then you don't need to specify Command: in a Pod spec.
The sh -c form starts a shell, has that shell interpret the string scripts/start-script.sh, and runs that. This can result in an extra process, and there can be significant security concerns (shell injection attacks) if you don't completely control the command string. If you need to inject environment variables into the command line, use features like redirections or pipelines (maybe a little more likely in a Job spec), or run multiple commands (sequentially) then you would need sh -c.
The sh form explicitly specifies that you need to use the system Bourne shell to run the script. If the script isn't a POSIX shell script – it uses features from GNU bash, it's actually in Python – this won't work.
In normal use, the script should be executable, and its first line should be a "shebang" line #!/bin/sh or similar. This tells the system what interpreter to use to execute it. With that standard setup, you don't need to include the interpreter name in the command line.
答案2
得分: 0
嘿,不,它们不是一样的。使用命令 sh,你表示你想运行 shell,它是一个输入/输出的命令行工具。
"-c" 是 shell 命令的一个选项。它指示后续的参数应该被解释为由 shell 执行的命令或脚本。
如果你不指定 -c,shell 就不知道如何处理你后续的参数,在你的情况下是 "scripts/start-script.sh"。
英文:
Hey no they would do not the same. with the command sh you say that you want to run the shell which is an input/output cli tool.
"-c" It is an option for the shell command. It indicates that the subsequent argument should be interpreted as a command or script to be executed by the shell.
If you dont specify -c the shell dont know what to do with your subsequent argument. in your case "scripts/start-script.sh"
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论