Skip to content

Commit 4902139

Browse files
rbtrrbtr
authored
chore: move cns from servercore to nanoserver (#2454)
feat: migrate CNS Windows to nanoserver and pin all SHAs Signed-off-by: Evan Baker <[email protected]>
1 parent b48007e commit 4902139

File tree

3 files changed

+58
-29
lines changed

3 files changed

+58
-29
lines changed

azure-ipam/Dockerfile

Lines changed: 20 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -3,22 +3,28 @@ ARG DROPGZ_VERSION=v0.0.12
33
ARG OS_VERSION
44
ARG OS
55

6-
FROM --platform=linux/${ARCH} mcr.microsoft.com/oss/go/microsoft/golang:1.21 AS azure-ipam
6+
# skopeo inspect docker://mcr.microsoft.com/oss/go/microsoft/golang:1.22-cbl-mariner2.0 --format "{{.Name}}@{{.Digest}}"
7+
FROM --platform=linux/${ARCH} mcr.microsoft.com/oss/go/microsoft/golang@sha256:c062e5e23f2d172a8fd590adcd171499af7005cae344a36284255f26e5ce4f8a AS go
8+
9+
# skopeo inspect docker://mcr.microsoft.com/cbl-mariner/base/core:2.0 --format "{{.Name}}@{{.Digest}}"
10+
FROM --platform=linux/${ARCH} mcr.microsoft.com/cbl-mariner/base/core@sha256:a490e0b0869dc570ae29782c2bc17643aaaad1be102aca83ce0b96e0d0d2d328 AS mariner-core
11+
12+
FROM go AS azure-ipam
713
ARG OS
814
ARG VERSION
915
WORKDIR /azure-ipam
1016
COPY ./azure-ipam .
1117
RUN GOOS=$OS CGO_ENABLED=0 go build -a -o /go/bin/azure-ipam -trimpath -ldflags "-X main.version="$VERSION"" -gcflags="-dwarflocationlists=true" .
1218

13-
FROM --platform=linux/${ARCH} mcr.microsoft.com/cbl-mariner/base/core:2.0 AS compressor
19+
FROM mariner-core AS compressor
1420
ARG OS
1521
WORKDIR /payload
1622
COPY --from=azure-ipam /go/bin/* /payload
1723
COPY --from=azure-ipam /azure-ipam/*.conflist /payload
1824
RUN cd /payload && sha256sum * > sum.txt
1925
RUN gzip --verbose --best --recursive /payload && for f in /payload/*.gz; do mv -- "$f" "${f%%.gz}"; done
2026

21-
FROM --platform=linux/${ARCH} mcr.microsoft.com/oss/go/microsoft/golang:1.21 AS dropgz
27+
FROM go AS dropgz
2228
ARG DROPGZ_VERSION
2329
ARG OS
2430
ARG VERSION
@@ -27,10 +33,19 @@ WORKDIR /go/pkg/mod/github.com/azure/azure-container-networking/dropgz\@$DROPGZ_
2733
COPY --from=compressor /payload/* pkg/embed/fs/
2834
RUN GOOS=$OS CGO_ENABLED=0 go build -a -o /go/bin/dropgz -trimpath -ldflags "-X github.com/Azure/azure-container-networking/dropgz/internal/buildinfo.Version="$VERSION"" -gcflags="-dwarflocationlists=true" main.go
2935

30-
FROM scratch as linux
36+
FROM scratch AS linux
3137
COPY --from=dropgz /go/bin/dropgz dropgz
3238
ENTRYPOINT [ "/dropgz" ]
3339

34-
FROM mcr.microsoft.com/windows/nanoserver:${OS_VERSION} as windows
40+
# skopeo inspect --override-os windows docker://mcr.microsoft.com/windows/nanoserver:ltsc2019 --format "{{.Name}}@{{.Digest}}"
41+
FROM mcr.microsoft.com/windows/nanoserver@sha256:7f6649348a11655e3576463fd6d55c29248f97405f8e643cab2409009339f520 AS ltsc2019
42+
43+
# skopeo inspect --override-os windows docker://mcr.microsoft.com/windows/nanoserver:ltsc2022 --format "{{.Name}}@{{.Digest}}"
44+
FROM mcr.microsoft.com/windows/nanoserver@sha256:244113e50a678a25a63930780f9ccafd22e1a37aa9e3d93295e4cebf0f170a11 AS ltsc2022
45+
46+
# skopeo inspect --override-os windows docker://mcr.microsoft.com/windows/nanoserver:ltsc2025 --format "{{.Name}}@{{.Digest}}" ## 2025 isn't tagged yet
47+
FROM mcr.microsoft.com/windows/nanoserver/insider@sha256:67e0ab7f3a79cd73be4a18bae24659c03b294aed0dbeaa624feb3810931f0bd2 AS ltsc2025
48+
49+
FROM ${OS_VERSION} AS windows
3550
COPY --from=dropgz /go/bin/dropgz dropgz.exe
3651
ENTRYPOINT [ "/dropgz.exe" ]

cni/Dockerfile

Lines changed: 19 additions & 13 deletions
Original file line numberDiff line numberDiff line change
@@ -3,7 +3,13 @@ ARG DROPGZ_VERSION=v0.0.12
33
ARG OS_VERSION
44
ARG OS
55

6-
FROM --platform=linux/${ARCH} mcr.microsoft.com/oss/go/microsoft/golang:1.21 AS azure-vnet
6+
# skopeo inspect docker://mcr.microsoft.com/oss/go/microsoft/golang:1.22-cbl-mariner2.0 --format "{{.Name}}@{{.Digest}}"
7+
FROM --platform=linux/${ARCH} mcr.microsoft.com/oss/go/microsoft/golang@sha256:c062e5e23f2d172a8fd590adcd171499af7005cae344a36284255f26e5ce4f8a AS go
8+
9+
# skopeo inspect docker://mcr.microsoft.com/cbl-mariner/base/core:2.0 --format "{{.Name}}@{{.Digest}}"
10+
FROM --platform=linux/${ARCH} mcr.microsoft.com/cbl-mariner/base/core@sha256:a490e0b0869dc570ae29782c2bc17643aaaad1be102aca83ce0b96e0d0d2d328 AS mariner-core
11+
12+
FROM go AS azure-vnet
713
ARG OS
814
ARG VERSION
915
WORKDIR /azure-container-networking
@@ -13,10 +19,7 @@ RUN GOOS=$OS CGO_ENABLED=0 go build -a -o /go/bin/azure-vnet-telemetry -trimpath
1319
RUN GOOS=$OS CGO_ENABLED=0 go build -a -o /go/bin/azure-vnet-ipam -trimpath -ldflags "-X main.version="$VERSION"" -gcflags="-dwarflocationlists=true" cni/ipam/plugin/main.go
1420
RUN GOOS=$OS CGO_ENABLED=0 go build -a -o /go/bin/azure-vnet-stateless -trimpath -ldflags "-X main.version="$VERSION"" -gcflags="-dwarflocationlists=true" cni/network/stateless/main.go
1521

16-
FROM scratch as bins
17-
COPY --from=azure-vnet /go/bin/* /
18-
19-
FROM --platform=linux/${ARCH} mcr.microsoft.com/cbl-mariner/base/core:2.0 AS compressor
22+
FROM mariner-core AS compressor
2023
ARG OS
2124
WORKDIR /payload
2225
COPY --from=azure-vnet /go/bin/* /payload/
@@ -30,7 +33,7 @@ COPY --from=azure-vnet /azure-container-networking/telemetry/azure-vnet-telemetr
3033
RUN cd /payload && sha256sum * > sum.txt
3134
RUN gzip --verbose --best --recursive /payload && for f in /payload/*.gz; do mv -- "$f" "${f%%.gz}"; done
3235

33-
FROM --platform=linux/${ARCH} mcr.microsoft.com/oss/go/microsoft/golang:1.21 AS dropgz
36+
FROM go AS dropgz
3437
ARG DROPGZ_VERSION
3538
ARG OS
3639
ARG VERSION
@@ -39,18 +42,21 @@ WORKDIR /go/pkg/mod/github.com/azure/azure-container-networking/dropgz\@$DROPGZ_
3942
COPY --from=compressor /payload/* pkg/embed/fs/
4043
RUN GOOS=$OS CGO_ENABLED=0 go build -a -o /go/bin/dropgz -trimpath -ldflags "-X github.com/Azure/azure-container-networking/dropgz/internal/buildinfo.Version="$VERSION"" -gcflags="-dwarflocationlists=true" main.go
4144

42-
FROM scratch as linux
45+
FROM scratch AS bins
46+
COPY --from=azure-vnet /go/bin/* /
47+
48+
FROM scratch AS linux
4349
COPY --from=dropgz /go/bin/dropgz dropgz
4450
ENTRYPOINT [ "/dropgz" ]
4551

46-
# intermediate for win-ltsc2019
47-
FROM mcr.microsoft.com/windows/nanoserver@sha256:736f8845da1c7bbc9510b419abddb870230485e74644a96e0001a21e1ca4c172 as ltsc2019
52+
# skopeo inspect --override-os windows docker://mcr.microsoft.com/windows/nanoserver:ltsc2019 --format "{{.Name}}@{{.Digest}}"
53+
FROM mcr.microsoft.com/windows/nanoserver@sha256:7f6649348a11655e3576463fd6d55c29248f97405f8e643cab2409009339f520 AS ltsc2019
4854

49-
# intermediate for win-ltsc2022
50-
FROM mcr.microsoft.com/windows/nanoserver@sha256:cc9f6a1334190c1f18a905f56d285132e562a9a1ce18ff9476cfaf95194aa0b7 as ltsc2022
55+
# skopeo inspect --override-os windows docker://mcr.microsoft.com/windows/nanoserver:ltsc2022 --format "{{.Name}}@{{.Digest}}"
56+
FROM mcr.microsoft.com/windows/nanoserver@sha256:244113e50a678a25a63930780f9ccafd22e1a37aa9e3d93295e4cebf0f170a11 AS ltsc2022
5157

52-
# intermediate for win-ltsc2025
53-
FROM mcr.microsoft.com/windows/nanoserver/insider@sha256:67e0ab7f3a79cd73be4a18bae24659c03b294aed0dbeaa624feb3810931f0bd2 as ltsc2025
58+
# skopeo inspect --override-os windows docker://mcr.microsoft.com/windows/nanoserver:ltsc2025 --format "{{.Name}}@{{.Digest}}" ## 2025 isn't tagged yet
59+
FROM mcr.microsoft.com/windows/nanoserver/insider@sha256:67e0ab7f3a79cd73be4a18bae24659c03b294aed0dbeaa624feb3810931f0bd2 AS ltsc2025
5460

5561
FROM ${OS_VERSION} as windows
5662
COPY --from=dropgz /go/bin/dropgz dropgz.exe

cns/Dockerfile

Lines changed: 19 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -2,7 +2,16 @@ ARG ARCH
22
ARG OS_VERSION
33
ARG OS
44

5-
FROM --platform=linux/${ARCH} mcr.microsoft.com/oss/go/microsoft/golang:1.22-cbl-mariner2.0 AS builder
5+
# skopeo inspect docker://mcr.microsoft.com/oss/go/microsoft/golang:1.22-cbl-mariner2.0 --format "{{.Name}}@{{.Digest}}"
6+
FROM --platform=linux/${ARCH} mcr.microsoft.com/oss/go/microsoft/golang@sha256:c062e5e23f2d172a8fd590adcd171499af7005cae344a36284255f26e5ce4f8a AS go
7+
8+
# skopeo inspect docker://mcr.microsoft.com/cbl-mariner/base/core:2.0 --format "{{.Name}}@{{.Digest}}"
9+
FROM mcr.microsoft.com/cbl-mariner/base/core@sha256:a490e0b0869dc570ae29782c2bc17643aaaad1be102aca83ce0b96e0d0d2d328 AS mariner-core
10+
11+
# skopeo inspect docker://mcr.microsoft.com/cbl-mariner/distroless/minimal:2.0 --format "{{.Name}}@{{.Digest}}"
12+
FROM mcr.microsoft.com/cbl-mariner/distroless/minimal@sha256:d28cbaa097167b4f5fdea02aac5404e3c9ec6c37499df1e115765e38b0a21660 AS mariner-distroless
13+
14+
FROM --platform=linux/${ARCH} go AS builder
615
ARG OS
716
ARG CNS_AI_ID
817
ARG CNS_AI_PATH
@@ -11,27 +20,26 @@ WORKDIR /azure-container-networking
1120
COPY . .
1221
RUN GOOS=$OS CGO_ENABLED=0 go build -a -o /go/bin/azure-cns -ldflags "-X main.version="$VERSION" -X "$CNS_AI_PATH"="$CNS_AI_ID"" -gcflags="-dwarflocationlists=true" cns/service/*.go
1322

14-
FROM mcr.microsoft.com/cbl-mariner/base/core:2.0 as iptables
23+
FROM mariner-core AS iptables
1524
RUN tdnf install -y iptables
1625

17-
FROM mcr.microsoft.com/cbl-mariner/distroless/minimal:2.0 as linux
26+
FROM mariner-distroless AS linux
1827
COPY --from=iptables /usr/sbin/*tables* /usr/sbin/
1928
COPY --from=iptables /usr/lib /usr/lib
2029
COPY --from=builder /go/bin/azure-cns /usr/local/bin/azure-cns
2130
ENTRYPOINT [ "/usr/local/bin/azure-cns" ]
2231
EXPOSE 10090
2332

33+
# skopeo inspect --override-os windows docker://mcr.microsoft.com/windows/nanoserver:ltsc2019 --format "{{.Name}}@{{.Digest}}"
34+
FROM mcr.microsoft.com/windows/nanoserver@sha256:7f6649348a11655e3576463fd6d55c29248f97405f8e643cab2409009339f520 AS ltsc2019
2435

25-
# intermediate for win-ltsc2019
26-
FROM mcr.microsoft.com/windows/servercore@sha256:6fdf140282a2f809dae9b13fe441635867f0a27c33a438771673b8da8f3348a4 as ltsc2019
27-
28-
# intermediate for win-ltsc2022
29-
FROM mcr.microsoft.com/windows/servercore@sha256:45952938708fbde6ec0b5b94de68bcdec3f8c838be018536b1e9e5bd95e6b943 as ltsc2022
36+
# skopeo inspect --override-os windows docker://mcr.microsoft.com/windows/nanoserver:ltsc2022 --format "{{.Name}}@{{.Digest}}"
37+
FROM mcr.microsoft.com/windows/nanoserver@sha256:244113e50a678a25a63930780f9ccafd22e1a37aa9e3d93295e4cebf0f170a11 AS ltsc2022
3038

31-
# intermediate for win-ltsc2025
32-
FROM mcr.microsoft.com/windows/servercore/insider@sha256:4daaf3daa404fbdebec9d88783fb343f18009ffd9c8d98c43430ca1f4e615184 as ltsc2025
39+
# skopeo inspect --override-os windows docker://mcr.microsoft.com/windows/nanoserver:ltsc2025 --format "{{.Name}}@{{.Digest}}" ## 2025 isn't tagged yet
40+
FROM mcr.microsoft.com/windows/nanoserver/insider@sha256:67e0ab7f3a79cd73be4a18bae24659c03b294aed0dbeaa624feb3810931f0bd2 AS ltsc2025
3341

34-
FROM ${OS_VERSION} as windows
42+
FROM ${OS_VERSION} AS windows
3543
COPY --from=builder /azure-container-networking/cns/kubeconfigtemplate.yaml kubeconfigtemplate.yaml
3644
COPY --from=builder /azure-container-networking/npm/examples/windows/setkubeconfigpath.ps1 setkubeconfigpath.ps1
3745
COPY --from=builder /go/bin/azure-cns /azure-cns.exe

0 commit comments

Comments
 (0)