From 73a09a378bd9c2dd1e87739762bb14d308ec6b7d Mon Sep 17 00:00:00 2001
From: Alexander Dejanovski <alex.dejanovski@datastax.com>
Date: Mon, 16 Jun 2025 10:47:40 +0200
Subject: [PATCH 1/3] Switch to alpine based python images

---
 k8s/Dockerfile | 68 +++++++++++++++++++++++++++++---------------------
 1 file changed, 39 insertions(+), 29 deletions(-)

diff --git a/k8s/Dockerfile b/k8s/Dockerfile
index 7bc033df1..2c9039373 100644
--- a/k8s/Dockerfile
+++ b/k8s/Dockerfile
@@ -1,28 +1,29 @@
-FROM --platform=linux/${TARGETARCH} ubuntu:24.04 AS base
+FROM --platform=linux/${TARGETARCH} python:3.12-alpine AS base
 
 ARG TARGETARCH
 
 RUN mkdir /install
 WORKDIR /install
 
-RUN apt-get update && \
-    apt-get install -y software-properties-common curl gnupg
-
-RUN apt-get update \
-    && DEBIAN_FRONTEND="noninteractive" apt-get install -y \
-        debhelper \
-        python3-all \
-        python3-all-dev \
-        python3-dev \
-        python3-pip \
-        python3-setuptools \
-        python3-venv \
-        build-essential \
-        devscripts \
-        equivs \
-        wget \
-        apt-transport-https \
-        ca-certificates
+# Install build dependencies
+RUN apk add --no-cache \
+    curl \
+    gnupg \
+    gcc \
+    musl-dev \
+    python3-dev \
+    py3-pip \
+    py3-setuptools \
+    py3-wheel \
+    build-base \
+    wget \
+    ca-certificates \
+    linux-headers \
+    openssl-dev \
+    libffi-dev \
+    cargo \
+    cmake \
+    zlib-dev
 
 ENV PATH=/root/.local/bin:$PATH
 
@@ -30,24 +31,33 @@ COPY . /build/
 
 # General requirements
 ENV POETRY_VIRTUALENVS_IN_PROJECT=true
-# RUN python3 -m pip install -U pip --break-system-packages && pip3 install --ignore-installed --user poetry==1.8.5 --break-system-packages
-RUN pip3 install --ignore-installed --user poetry==1.8.5 --break-system-packages
+RUN pip3 install --no-cache-dir --upgrade pip && \
+    pip3 install --no-cache-dir poetry==1.8.5
+
+# Install ssh-python separately first
+RUN pip3 install --no-cache-dir ssh-python==1.1.0
 
 # Build medusa itself so we can add the executables in the final image
 RUN cd /build && poetry build && poetry install
 
 # Could be python:slim, but we have a .sh entrypoint
-FROM --platform=linux/${TARGETARCH} ubuntu:24.04
+FROM --platform=linux/${TARGETARCH} python:3.12-alpine
 
 # Reuse the architecture argument
 ARG TARGETARCH
 
 ## add user
-RUN groupadd -r cassandra --gid=999 && useradd -r -g cassandra --uid=999 --create-home cassandra
-
-# wget could happen in the build-phase
-RUN apt-get update && apt-get install -y python3 python3-setuptools wget curl jq \
-    && rm -rf /var/lib/apt/lists/*
+RUN addgroup -S cassandra && adduser -S cassandra -G cassandra
+
+# Install runtime dependencies
+RUN apk add --no-cache \
+    python3 \
+    py3-setuptools \
+    wget \
+    curl \
+    jq \
+    tzdata \
+    && rm -rf /var/cache/apk/*
 
 # Download the the latest grpc_health_probe binary build for the correct architecture
 RUN curl -s https://api.github.com/repos/grpc-ecosystem/grpc-health-probe/releases/latest \
@@ -57,8 +67,8 @@ RUN curl -s https://api.github.com/repos/grpc-ecosystem/grpc-health-probe/releas
 USER cassandra
 WORKDIR /home/cassandra
 
-ENV DEBUG_VERSION 1
-ENV DEBUG_SLEEP 0
+ENV DEBUG_VERSION=1
+ENV DEBUG_SLEEP=0
 ENV PATH=/home/cassandra/.local/bin:/home/cassandra/google-cloud-sdk/bin:/home/cassandra/bin:$PATH
 ENV PYTHONPATH=/home/cassandra
 

From e83f5d02381eef202969ce418658e95e93923473 Mon Sep 17 00:00:00 2001
From: Radovan Zvoncek <rzvoncek@gmail.com>
Date: Fri, 20 Jun 2025 10:59:38 +0300
Subject: [PATCH 2/3] Switch base Docker image to python:3.12-alpine

---
 k8s/Dockerfile | 26 +++++++-------------------
 1 file changed, 7 insertions(+), 19 deletions(-)

diff --git a/k8s/Dockerfile b/k8s/Dockerfile
index 2c9039373..1e15db52b 100644
--- a/k8s/Dockerfile
+++ b/k8s/Dockerfile
@@ -7,23 +7,14 @@ WORKDIR /install
 
 # Install build dependencies
 RUN apk add --no-cache \
-    curl \
-    gnupg \
+    make \
+    cmake \
     gcc \
+    g++ \
     musl-dev \
-    python3-dev \
-    py3-pip \
-    py3-setuptools \
-    py3-wheel \
-    build-base \
-    wget \
-    ca-certificates \
-    linux-headers \
+    zlib-dev \
     openssl-dev \
-    libffi-dev \
-    cargo \
-    cmake \
-    zlib-dev
+    linux-headers
 
 ENV PATH=/root/.local/bin:$PATH
 
@@ -31,11 +22,10 @@ COPY . /build/
 
 # General requirements
 ENV POETRY_VIRTUALENVS_IN_PROJECT=true
-RUN pip3 install --no-cache-dir --upgrade pip && \
-    pip3 install --no-cache-dir poetry==1.8.5
+RUN pip install --no-cache-dir poetry==1.8.5
 
 # Install ssh-python separately first
-RUN pip3 install --no-cache-dir ssh-python==1.1.0
+RUN pip install --no-cache-dir ssh-python==1.1.0
 
 # Build medusa itself so we can add the executables in the final image
 RUN cd /build && poetry build && poetry install
@@ -51,8 +41,6 @@ RUN addgroup -S cassandra && adduser -S cassandra -G cassandra
 
 # Install runtime dependencies
 RUN apk add --no-cache \
-    python3 \
-    py3-setuptools \
     wget \
     curl \
     jq \

From f3ac48d98d33258778b9d11e0718b9e51d761977 Mon Sep 17 00:00:00 2001
From: Radovan Zvoncek <rzvoncek@gmail.com>
Date: Mon, 30 Jun 2025 16:51:14 +0300
Subject: [PATCH 3/3] Make docker-entrypoint sh-compliant

---
 k8s/docker-entrypoint.sh | 24 +++++++++++++-----------
 1 file changed, 13 insertions(+), 11 deletions(-)

diff --git a/k8s/docker-entrypoint.sh b/k8s/docker-entrypoint.sh
index 7011c5f58..c242c700e 100755
--- a/k8s/docker-entrypoint.sh
+++ b/k8s/docker-entrypoint.sh
@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/bin/sh
 #
 # While not limited to k8s environments, this script is designed for running
 # Medusa in two containers in a Cassandra pod. One container runs the backup
@@ -30,19 +30,19 @@ restore() {
         exit 0
     fi
 
-    if [ -a $last_restore_file ]; then
-      restore_key=`cat $last_restore_file`
+    if [ -f "$last_restore_file" ]; then
+      restore_key=$(cat "$last_restore_file")
       echo "Last restore is $restore_key"
     else
       restore_key=""
     fi
 
-    if [ "$restore_key" == "$RESTORE_KEY" ]; then
+    if [ "$restore_key" = "$RESTORE_KEY" ]; then
         echo "Skipping restore operation"
     else
         echo "Restoring backup $BACKUP_NAME"
-        poetry run python -m medusa.service.grpc.restore -- "/etc/medusa/medusa.ini" $RESTORE_KEY
-        echo $RESTORE_KEY > $last_restore_file
+        poetry run python -m medusa.service.grpc.restore -- "/etc/medusa/medusa.ini" "$RESTORE_KEY"
+        echo "$RESTORE_KEY" > "$last_restore_file"
     fi
 }
 
@@ -50,7 +50,7 @@ grpc() {
     ORIGINAL_MEDUSA_INI_DIGEST=$(md5sum /etc/medusa/medusa.ini | awk '{print $1}')
     echo "Starting Medusa gRPC service"
 
-    exec poetry run python -m medusa.service.grpc.server server.py &
+    poetry run python -m medusa.service.grpc.server server.py &
     MEDUSA_PID=$!
 
     # Loop while Medusa process is running
@@ -60,7 +60,7 @@ grpc() {
         echo "Detected change in medusa.ini, checking for running backups"
         if ! [ -f /tmp/medusa_backup_in_progress ]; then
           echo "No backups in progress, stopping Medusa"
-          kill $MEDUSA_PID
+          kill "$MEDUSA_PID"
           # Always exit with 0 on config change.
           exit 0
         else
@@ -75,11 +75,13 @@ grpc() {
 }
 
 echo "sleeping for $DEBUG_SLEEP sec"
-sleep $DEBUG_SLEEP
+sleep "$DEBUG_SLEEP"
 
-if [ "$MEDUSA_MODE" == "RESTORE" ]; then
+source .venv/bin/activate
+
+if [ "$MEDUSA_MODE" = "RESTORE" ]; then
     restore
-elif [ "$MEDUSA_MODE" == "GRPC" ]; then
+elif [ "$MEDUSA_MODE" = "GRPC" ]; then
     grpc
 else
     echo "MEDUSA_MODE env var must be set to either RESTORE or GRPC"