diff --git a/cni/Dockerfile b/cni/Dockerfile index cffc5e4b3e..c99ab73b96 100644 --- a/cni/Dockerfile +++ b/cni/Dockerfile @@ -3,7 +3,10 @@ ARG DROPGZ_VERSION=v0.0.12 ARG OS_VERSION ARG OS -FROM --platform=linux/${ARCH} mcr.microsoft.com/oss/go/microsoft/golang:1.21 AS azure-vnet +# mcr.microsoft.com/oss/go/microsoft/golang:1.22-cbl-mariner2.0 +FROM --platform=linux/${ARCH} mcr.microsoft.com/oss/go/microsoft/golang:sha256:2eeb7bba5fefbb2a4b2a4b12212d806db9175602af5a9e9cdef422db7f761a2c AS go + +FROM go as azure-vnet ARG OS ARG VERSION WORKDIR /azure-container-networking @@ -16,7 +19,8 @@ RUN GOOS=$OS CGO_ENABLED=0 go build -a -o /go/bin/azure-vnet-stateless -trimpath FROM scratch as bins COPY --from=azure-vnet /go/bin/* / -FROM --platform=linux/${ARCH} mcr.microsoft.com/cbl-mariner/base/core:2.0 AS compressor +# mcr.microsoft.com/cbl-mariner/base/core:2.0 +FROM --platform=linux/${ARCH} mcr.microsoft.com/cbl-mariner/base/core:sha256:a490e0b0869dc570ae29782c2bc17643aaaad1be102aca83ce0b96e0d0d2d328 AS compressor ARG OS WORKDIR /payload COPY --from=azure-vnet /go/bin/* /payload/ @@ -30,7 +34,7 @@ COPY --from=azure-vnet /azure-container-networking/telemetry/azure-vnet-telemetr RUN cd /payload && sha256sum * > sum.txt RUN gzip --verbose --best --recursive /payload && for f in /payload/*.gz; do mv -- "$f" "${f%%.gz}"; done -FROM --platform=linux/${ARCH} mcr.microsoft.com/oss/go/microsoft/golang:1.21 AS dropgz +FROM go AS dropgz ARG DROPGZ_VERSION ARG OS ARG VERSION diff --git a/cns/Dockerfile b/cns/Dockerfile index 81cbebf256..f8cfe67f54 100644 --- a/cns/Dockerfile +++ b/cns/Dockerfile @@ -1,8 +1,10 @@ +# to update tag SHAs, get the latest from `skopeo inspect docker://mcr.microsoft.com/powershell:lts-nanoserver-1809 | jq -r .Digest` ARG ARCH ARG OS_VERSION ARG OS -FROM --platform=linux/${ARCH} mcr.microsoft.com/oss/go/microsoft/golang:1.22-cbl-mariner2.0 AS builder +# mcr.microsoft.com/oss/go/microsoft/golang:1.22-cbl-mariner2.0 +FROM --platform=linux/${ARCH} mcr.microsoft.com/oss/go/microsoft/golang:sha256:2eeb7bba5fefbb2a4b2a4b12212d806db9175602af5a9e9cdef422db7f761a2c AS builder ARG OS ARG CNS_AI_ID ARG CNS_AI_PATH @@ -11,25 +13,27 @@ WORKDIR /azure-container-networking COPY . . RUN GOOS=$OS CGO_ENABLED=0 go build -a -o /go/bin/azure-cns -ldflags "-X main.version="$VERSION" -X "$CNS_AI_PATH"="$CNS_AI_ID"" -gcflags="-dwarflocationlists=true" cns/service/*.go -FROM mcr.microsoft.com/cbl-mariner/base/core:2.0 as iptables +# mcr.microsoft.com/cbl-mariner/base/core:2.0 +FROM mcr.microsoft.com/cbl-mariner/base/core:sha256:a490e0b0869dc570ae29782c2bc17643aaaad1be102aca83ce0b96e0d0d2d328 as iptables RUN tdnf install -y iptables -FROM mcr.microsoft.com/cbl-mariner/distroless/minimal:2.0 as linux +# mcr.microsoft.com/cbl-mariner/distroless/minimal:2.0 +FROM mcr.microsoft.com/cbl-mariner/distroless/minimal:sha256:d28cbaa097167b4f5fdea02aac5404e3c9ec6c37499df1e115765e38b0a21660 as linux COPY --from=iptables /usr/sbin/*tables* /usr/sbin/ COPY --from=iptables /usr/lib /usr/lib COPY --from=builder /go/bin/azure-cns /usr/local/bin/azure-cns ENTRYPOINT [ "/usr/local/bin/azure-cns" ] EXPOSE 10090 - # intermediate for win-ltsc2019 -FROM mcr.microsoft.com/windows/servercore@sha256:6fdf140282a2f809dae9b13fe441635867f0a27c33a438771673b8da8f3348a4 as ltsc2019 +FROM mcr.microsoft.com/windows/nanoserver@sha256:736f8845da1c7bbc9510b419abddb870230485e74644a96e0001a21e1ca4c172 as ltsc2019 # intermediate for win-ltsc2022 -FROM mcr.microsoft.com/windows/servercore@sha256:45952938708fbde6ec0b5b94de68bcdec3f8c838be018536b1e9e5bd95e6b943 as ltsc2022 +FROM mcr.microsoft.com/windows/nanoserver@sha256:cc9f6a1334190c1f18a905f56d285132e562a9a1ce18ff9476cfaf95194aa0b7 as ltsc2022 # intermediate for win-ltsc2025 -FROM mcr.microsoft.com/windows/servercore/insider@sha256:4daaf3daa404fbdebec9d88783fb343f18009ffd9c8d98c43430ca1f4e615184 as ltsc2025 +FROM mcr.microsoft.com/windows/nanoserver/insider@sha256:67e0ab7f3a79cd73be4a18bae24659c03b294aed0dbeaa624feb3810931f0bd2 as ltsc2025 + FROM ${OS_VERSION} as windows COPY --from=builder /azure-container-networking/cns/kubeconfigtemplate.yaml kubeconfigtemplate.yaml