Skip to content

Commit

Permalink
feat: migrate CNS Windows to nanoserver and pin all SHAs
Browse files Browse the repository at this point in the history 
Signed-off-by: Evan Baker <rbtr@users.noreply.github.com>
  • Loading branch information
@rbtr
rbtr authored Aug 15, 2024
1 parent 9ff0bac commit 64a299f
Show file tree
Hide file tree
Showing 2 changed files with 18 additions and 10 deletions.
10 changes: 7 additions & 3 deletions cni/Dockerfile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,10 @@ ARG DROPGZ_VERSION=v0.0.12
ARG OS_VERSION
ARG OS

FROM --platform=linux/${ARCH} mcr.microsoft.com/oss/go/microsoft/golang:1.21 AS azure-vnet
# mcr.microsoft.com/oss/go/microsoft/golang:1.22-cbl-mariner2.0
FROM --platform=linux/${ARCH} mcr.microsoft.com/oss/go/microsoft/golang:sha256:2eeb7bba5fefbb2a4b2a4b12212d806db9175602af5a9e9cdef422db7f761a2c AS go

FROM go as azure-vnet
ARG OS
ARG VERSION
WORKDIR /azure-container-networking
Expand All @@ -16,7 +19,8 @@ RUN GOOS=$OS CGO_ENABLED=0 go build -a -o /go/bin/azure-vnet-stateless -trimpath
FROM scratch as bins
COPY --from=azure-vnet /go/bin/* /

FROM --platform=linux/${ARCH} mcr.microsoft.com/cbl-mariner/base/core:2.0 AS compressor
# mcr.microsoft.com/cbl-mariner/base/core:2.0
FROM --platform=linux/${ARCH} mcr.microsoft.com/cbl-mariner/base/core:sha256:a490e0b0869dc570ae29782c2bc17643aaaad1be102aca83ce0b96e0d0d2d328 AS compressor
ARG OS
WORKDIR /payload
COPY --from=azure-vnet /go/bin/* /payload/
Expand All @@ -30,7 +34,7 @@ COPY --from=azure-vnet /azure-container-networking/telemetry/azure-vnet-telemetr
RUN cd /payload && sha256sum * > sum.txt
RUN gzip --verbose --best --recursive /payload && for f in /payload/*.gz; do mv -- "$f" "${f%%.gz}"; done

FROM --platform=linux/${ARCH} mcr.microsoft.com/oss/go/microsoft/golang:1.21 AS dropgz
FROM go AS dropgz
ARG DROPGZ_VERSION
ARG OS
ARG VERSION
Expand Down
18 changes: 11 additions & 7 deletions cns/Dockerfile
View file
Original file line number Diff line number Diff line change
@@ -1,8 +1,10 @@
# to update tag SHAs, get the latest from `skopeo inspect docker://mcr.microsoft.com/powershell:lts-nanoserver-1809 | jq -r .Digest`
ARG ARCH
ARG OS_VERSION
ARG OS

FROM --platform=linux/${ARCH} mcr.microsoft.com/oss/go/microsoft/golang:1.22-cbl-mariner2.0 AS builder
# mcr.microsoft.com/oss/go/microsoft/golang:1.22-cbl-mariner2.0
FROM --platform=linux/${ARCH} mcr.microsoft.com/oss/go/microsoft/golang:sha256:2eeb7bba5fefbb2a4b2a4b12212d806db9175602af5a9e9cdef422db7f761a2c AS builder
ARG OS
ARG CNS_AI_ID
ARG CNS_AI_PATH
Expand All @@ -11,25 +13,27 @@ WORKDIR /azure-container-networking
COPY . .
RUN GOOS=$OS CGO_ENABLED=0 go build -a -o /go/bin/azure-cns -ldflags "-X main.version="$VERSION" -X "$CNS_AI_PATH"="$CNS_AI_ID"" -gcflags="-dwarflocationlists=true" cns/service/*.go

FROM mcr.microsoft.com/cbl-mariner/base/core:2.0 as iptables
# mcr.microsoft.com/cbl-mariner/base/core:2.0
FROM mcr.microsoft.com/cbl-mariner/base/core:sha256:a490e0b0869dc570ae29782c2bc17643aaaad1be102aca83ce0b96e0d0d2d328 as iptables
RUN tdnf install -y iptables

FROM mcr.microsoft.com/cbl-mariner/distroless/minimal:2.0 as linux
# mcr.microsoft.com/cbl-mariner/distroless/minimal:2.0
FROM mcr.microsoft.com/cbl-mariner/distroless/minimal:sha256:d28cbaa097167b4f5fdea02aac5404e3c9ec6c37499df1e115765e38b0a21660 as linux
COPY --from=iptables /usr/sbin/*tables* /usr/sbin/
COPY --from=iptables /usr/lib /usr/lib
COPY --from=builder /go/bin/azure-cns /usr/local/bin/azure-cns
ENTRYPOINT [ "/usr/local/bin/azure-cns" ]
EXPOSE 10090


# intermediate for win-ltsc2019
FROM mcr.microsoft.com/windows/servercore@sha256:6fdf140282a2f809dae9b13fe441635867f0a27c33a438771673b8da8f3348a4 as ltsc2019
FROM mcr.microsoft.com/windows/nanoserver@sha256:736f8845da1c7bbc9510b419abddb870230485e74644a96e0001a21e1ca4c172 as ltsc2019

# intermediate for win-ltsc2022
FROM mcr.microsoft.com/windows/servercore@sha256:45952938708fbde6ec0b5b94de68bcdec3f8c838be018536b1e9e5bd95e6b943 as ltsc2022
FROM mcr.microsoft.com/windows/nanoserver@sha256:cc9f6a1334190c1f18a905f56d285132e562a9a1ce18ff9476cfaf95194aa0b7 as ltsc2022

# intermediate for win-ltsc2025
FROM mcr.microsoft.com/windows/servercore/insider@sha256:4daaf3daa404fbdebec9d88783fb343f18009ffd9c8d98c43430ca1f4e615184 as ltsc2025
FROM mcr.microsoft.com/windows/nanoserver/insider@sha256:67e0ab7f3a79cd73be4a18bae24659c03b294aed0dbeaa624feb3810931f0bd2 as ltsc2025


FROM ${OS_VERSION} as windows
COPY --from=builder /azure-container-networking/cns/kubeconfigtemplate.yaml kubeconfigtemplate.yaml
Expand Down

0 comments on commit 64a299f

Please sign in to comment.