add cni

Signed-off-by: Evan Baker <[email protected]>

Author: rbtr

.github/workflows/baseimages.yaml

@@ -1,8 +1,15 @@
-name: 'Update Base Images'
+name: 'Latest Base Images'
 on:
   workflow_dispatch:
-  schedule:
-    - cron: '0 0 * * *'  # Runs daily at midnight
+  pull_request:
+    types:
+        - opened
+        - reopened
+        - synchronize
+        - ready_for_review
+  merge_group:
+    types:
+      - checks_requested
 
 jobs:
   render:
@@ -15,22 +22,11 @@ jobs:
       uses: actions/setup-go@v5
       with:
         go-version: '1.23'
-    - name: Render Templates
+    - name: Render Dockerfiles
       run: make dockerfiles
-    - name: Check for changes
-      id: check_changes
+    - name: Fail if base images are outdated
       run: |
         if [ -n "$(git status --porcelain)" ]; then
-          echo "##[set-output name=changes;]true"
-        else
-          echo "##[set-output name=changes;]false"
+          echo "Changes detected. Please run 'make dockerfiles' locally to update the base images."
+          exit 1
         fi
-    - name: Create Pull Request
-      if: steps.check_changes.outputs.changes == 'true'
-      uses: peter-evans/create-pull-request@v5
-      with:
-        commit-message: 'deps: update base images'
-        branch: 'base-image-update'
-        title: 'deps: update base images'
-        body: 'Automated base image updates.'
-        labels: 'dependencies'

Makefile

@@ -811,6 +811,7 @@ test-k8se2e-only: ## Run k8s network conformance test, use TYPE=basic for only d
 
 dockerfiles: tools ## Render all Dockerfile templates with current state of world
 	@make -f build/images.mk render PATH=cns
+	@make -f build/images.mk render PATH=cni
 
 
 $(REPO_ROOT)/.git/hooks/pre-push:

cni/Dockerfile

@@ -1,13 +1,15 @@
+# !! AUTOGENERATED - DO NOT EDIT !!
+# SOURCE: cni/Dockerfile.tmpl
 ARG ARCH
 ARG DROPGZ_VERSION=v0.0.12
 ARG OS_VERSION
 ARG OS
 
-# skopeo inspect docker://mcr.microsoft.com/oss/go/microsoft/golang:1.23.2-cbl-mariner2.0 --format "{{.Name}}@{{.Digest}}"
-FROM --platform=linux/${ARCH} mcr.microsoft.com/oss/go/microsoft/golang@sha256:f8613198423d5cb702961f1547f9cb061f8da1c6ca9ce8da4824eb47db663cd7 AS go
+# mcr.microsoft.com/oss/go/microsoft/golang:1.23-cbl-mariner2.0
+FROM --platform=linux/${ARCH} mcr.microsoft.com/oss/go/microsoft/golang@sha256:48731a521e1de4c77f42141d38c8ddb10342d3f5414c6c4adffb10a37bfdfe30 AS go
 
-# skopeo inspect docker://mcr.microsoft.com/cbl-mariner/base/core:2.0 --format "{{.Name}}@{{.Digest}}"
-FROM --platform=linux/${ARCH} mcr.microsoft.com/cbl-mariner/base/core@sha256:a490e0b0869dc570ae29782c2bc17643aaaad1be102aca83ce0b96e0d0d2d328 AS mariner-core
+# mcr.microsoft.com/cbl-mariner/base/core:2.0
+FROM --platform=linux/${ARCH} mcr.microsoft.com/cbl-mariner/base/core@sha256:ae7b5fdffdbec3a8be8201d0ba2ae46dbcf495dea77baf0d4b653902e1bb797b AS mariner-core
 
 FROM go AS azure-vnet
 ARG OS
@@ -51,7 +53,9 @@ FROM scratch AS linux
 COPY --from=dropgz /go/bin/dropgz dropgz
 ENTRYPOINT [ "/dropgz" ]
 
-# skopeo inspect docker://mcr.microsoft.com/oss/kubernetes/windows-host-process-containers-base-image:v1.0.0 --format "{{.Name}}@{{.Digest}}"
-FROM mcr.microsoft.com/oss/kubernetes/windows-host-process-containers-base-image@sha256:b4c9637e032f667c52d1eccfa31ad8c63f1b035e8639f3f48a510536bf34032b as windows
+# mcr.microsoft.com/oss/kubernetes/windows-host-process-containers-base-image:v1.0.0
+FROM --platform=windows/${ARCH} mcr.microsoft.com/oss/kubernetes/windows-host-process-containers-base-image@sha256:b4c9637e032f667c52d1eccfa31ad8c63f1b035e8639f3f48a510536bf34032b as hpc
+
+FROM hpc as windows
 COPY --from=dropgz /go/bin/dropgz dropgz.exe
 ENTRYPOINT [ "/dropgz.exe" ]

cni/Dockerfile.tmpl

@@ -0,0 +1,61 @@
+# {{.RENDER_MSG}}
+# SOURCE: {{.SRC}}
+ARG ARCH
+ARG DROPGZ_VERSION=v0.0.12
+ARG OS_VERSION
+ARG OS
+
+# {{.GO_IMG}}
+FROM --platform=linux/${ARCH} {{.GO_PIN}} AS go
+
+# {{.MARINER_CORE_IMG}}
+FROM --platform=linux/${ARCH} {{.MARINER_CORE_PIN}} AS mariner-core
+
+FROM go AS azure-vnet
+ARG OS
+ARG VERSION
+ARG CNI_AI_PATH
+ARG CNI_AI_ID
+WORKDIR /azure-container-networking
+COPY . .
+RUN GOOS=$OS CGO_ENABLED=0 go build -a -o /go/bin/azure-vnet -trimpath -ldflags "-X main.version="$VERSION"" -gcflags="-dwarflocationlists=true" cni/network/plugin/main.go
+RUN GOOS=$OS CGO_ENABLED=0 go build -a -o /go/bin/azure-vnet-telemetry -trimpath -ldflags "-X main.version="$VERSION" -X "$CNI_AI_PATH"="$CNI_AI_ID"" -gcflags="-dwarflocationlists=true" cni/telemetry/service/telemetrymain.go
+RUN GOOS=$OS CGO_ENABLED=0 go build -a -o /go/bin/azure-vnet-ipam -trimpath -ldflags "-X main.version="$VERSION"" -gcflags="-dwarflocationlists=true" cni/ipam/plugin/main.go
+RUN GOOS=$OS CGO_ENABLED=0 go build -a -o /go/bin/azure-vnet-stateless -trimpath -ldflags "-X main.version="$VERSION"" -gcflags="-dwarflocationlists=true" cni/network/stateless/main.go
+
+FROM mariner-core AS compressor
+ARG OS
+WORKDIR /payload
+COPY --from=azure-vnet /go/bin/* /payload/
+COPY --from=azure-vnet /azure-container-networking/cni/azure-$OS.conflist /payload/azure.conflist
+COPY --from=azure-vnet /azure-container-networking/cni/azure-$OS-swift.conflist /payload/azure-swift.conflist
+COPY --from=azure-vnet /azure-container-networking/cni/azure-linux-multitenancy-transparent-vlan.conflist /payload/azure-multitenancy-transparent-vlan.conflist
+COPY --from=azure-vnet /azure-container-networking/cni/azure-$OS-swift-overlay.conflist /payload/azure-swift-overlay.conflist
+COPY --from=azure-vnet /azure-container-networking/cni/azure-$OS-swift-overlay-dualstack.conflist /payload/azure-swift-overlay-dualstack.conflist
+COPY --from=azure-vnet /azure-container-networking/cni/azure-$OS-multitenancy.conflist /payload/azure-multitenancy.conflist
+COPY --from=azure-vnet /azure-container-networking/telemetry/azure-vnet-telemetry.config /payload/azure-vnet-telemetry.config
+RUN cd /payload && sha256sum * > sum.txt
+RUN gzip --verbose --best --recursive /payload && for f in /payload/*.gz; do mv -- "$f" "${f%%.gz}"; done
+
+FROM go AS dropgz
+ARG DROPGZ_VERSION
+ARG OS
+ARG VERSION
+RUN go mod download github.com/azure/azure-container-networking/dropgz@$DROPGZ_VERSION
+WORKDIR /go/pkg/mod/github.com/azure/azure-container-networking/dropgz\@$DROPGZ_VERSION
+COPY --from=compressor /payload/* pkg/embed/fs/
+RUN GOOS=$OS CGO_ENABLED=0 go build -a -o /go/bin/dropgz -trimpath -ldflags "-X github.com/Azure/azure-container-networking/dropgz/internal/buildinfo.Version="$VERSION"" -gcflags="-dwarflocationlists=true" main.go
+
+FROM scratch AS bins
+COPY --from=azure-vnet /go/bin/* /
+
+FROM scratch AS linux
+COPY --from=dropgz /go/bin/dropgz dropgz
+ENTRYPOINT [ "/dropgz" ]
+
+# {{.WIN_HPC_IMG}}
+FROM --platform=windows/${ARCH} {{.WIN_HPC_PIN}} as hpc
+
+FROM hpc as windows
+COPY --from=dropgz /go/bin/dropgz dropgz.exe
+ENTRYPOINT [ "/dropgz.exe" ]

cns/Dockerfile

@@ -5,17 +5,14 @@ ARG OS_VERSION
 ARG OS
 
 # mcr.microsoft.com/oss/go/microsoft/golang:1.23-cbl-mariner2.0
-FROM --platform=linux/${ARCH} mcr.microsoft.com/oss/go/microsoft/golang@sha256:220fcfd381b16cd55b89edee97e2cff24b3a0d39f8be8005e719ab0976aeea90 AS go
+FROM --platform=linux/${ARCH} mcr.microsoft.com/oss/go/microsoft/golang@sha256:48731a521e1de4c77f42141d38c8ddb10342d3f5414c6c4adffb10a37bfdfe30 AS go
 
 # mcr.microsoft.com/cbl-mariner/base/core:2.0
 FROM mcr.microsoft.com/cbl-mariner/base/core@sha256:ae7b5fdffdbec3a8be8201d0ba2ae46dbcf495dea77baf0d4b653902e1bb797b AS mariner-core
 
 # mcr.microsoft.com/cbl-mariner/distroless/minimal:2.0
 FROM mcr.microsoft.com/cbl-mariner/distroless/minimal@sha256:e301d8bfb230bf48c650379ac3c3066c0698a490dcca2003c77b1e35ea8ba9b4 AS mariner-distroless
 
-# mcr.microsoft.com/oss/kubernetes/windows-host-process-containers-base-image:v1.0.0
-FROM --platform=windows/${ARCH} mcr.microsoft.com/oss/kubernetes/windows-host-process-containers-base-image@sha256:b4c9637e032f667c52d1eccfa31ad8c63f1b035e8639f3f48a510536bf34032b as hpc
-
 FROM --platform=linux/${ARCH} go AS builder
 ARG OS
 ARG CNS_AI_ID
@@ -35,6 +32,9 @@ COPY --from=builder /go/bin/azure-cns /usr/local/bin/azure-cns
 ENTRYPOINT [ "/usr/local/bin/azure-cns" ]
 EXPOSE 10090
 
+# mcr.microsoft.com/oss/kubernetes/windows-host-process-containers-base-image:v1.0.0
+FROM --platform=windows/${ARCH} mcr.microsoft.com/oss/kubernetes/windows-host-process-containers-base-image@sha256:b4c9637e032f667c52d1eccfa31ad8c63f1b035e8639f3f48a510536bf34032b as hpc
+
 FROM hpc as windows
 COPY --from=builder /azure-container-networking/cns/kubeconfigtemplate.yaml kubeconfigtemplate.yaml
 COPY --from=builder /azure-container-networking/npm/examples/windows/setkubeconfigpath.ps1 setkubeconfigpath.ps1

cns/Dockerfile.tmpl

@@ -13,9 +13,6 @@ FROM {{.MARINER_CORE_PIN}} AS mariner-core
 # {{.MARINER_DISTROLESS_IMG}}
 FROM {{.MARINER_DISTROLESS_PIN}} AS mariner-distroless
 
-# {{.WIN_HPC_IMG}}
-FROM --platform=windows/${ARCH} {{.WIN_HPC_PIN}} as hpc
-
 FROM --platform=linux/${ARCH} go AS builder
 ARG OS
 ARG CNS_AI_ID
@@ -35,6 +32,9 @@ COPY --from=builder /go/bin/azure-cns /usr/local/bin/azure-cns
 ENTRYPOINT [ "/usr/local/bin/azure-cns" ]
 EXPOSE 10090
 
+# {{.WIN_HPC_IMG}}
+FROM --platform=windows/${ARCH} {{.WIN_HPC_PIN}} as hpc
+
 FROM hpc as windows
 COPY --from=builder /azure-container-networking/cns/kubeconfigtemplate.yaml kubeconfigtemplate.yaml
 COPY --from=builder /azure-container-networking/npm/examples/windows/setkubeconfigpath.ps1 setkubeconfigpath.ps1