Skip to content

[NPM] Update NPM base image to Distroless #3143

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 3 commits into from
Closed

[NPM] Update NPM base image to Distroless #3143

wants to merge 3 commits into from

Conversation

@rejain456
Copy link
Contributor

@rejain456 rejain456 commented Nov 13, 2024

Reason for Change:

Updated NPM base image to Distroless.

Issue Fixed:

Updating npm base image eliminated the segmentation error we would see with ~20k chains added in iptables-nft with base image Ubuntu 20.04

Requirements:

Notes:

@rejain456 rejain456 requested a review from a team as a code owner November 13, 2024 00:28
@rejain456 rejain456 requested a review from vakalapa November 13, 2024 00:28
@rejain456 rejain456 force-pushed the jainriya/distroless1 branch from 491fb4c to 44a8801 Compare November 13, 2024 00:29
@rejain456 rejain456 requested a review from a team as a code owner November 13, 2024 00:29
@rejain456 rejain456 force-pushed the jainriya/distroless1 branch from 44a8801 to eba581e Compare November 13, 2024 00:31
huntergregory
huntergregory reviewed Nov 13, 2024
View reviewed changes
.pipelines/npm/npm-conformance-tests.yaml
az aks create --no-ssh-key \
--resource-group $(RESOURCE_GROUP) \
--name $(AZURE_CLUSTER) \
--network-plugin azure
Copy link
Contributor

@huntergregory huntergregory Nov 13, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

going to need a \

.pipelines/npm/npm-conformance-tests.yaml Outdated
--resource-group $(RESOURCE_GROUP) \
--name $(AZURE_CLUSTER) \
--network-plugin azure
----os-sku $(OS_SKU)
Copy link
Contributor

@huntergregory huntergregory Nov 13, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

too many - :)

@huntergregory
Copy link
Contributor

huntergregory commented Nov 13, 2024

@rbtr Do you have any advice for the docker file?

@rbtr
Copy link
Collaborator

rbtr commented Nov 13, 2024

This looks good, it's very similar to what I did for CNS

rbtr
rbtr reviewed Nov 13, 2024
View reviewed changes
npm/linux.Dockerfile
ARG VERSION
ARG NPM_AI_PATH
ARG NPM_AI_ID
RUN apt-get update && apt-get install -y iptables ipset ca-certificates conntrack grep && apt-get autoremove -y && apt-get clean
Copy link
Collaborator

@rbtr rbtr Nov 13, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

make this a separate build stage to keep the concerns distinct and so it can parallelize - let the Go builder only build Go and we'll make an iptables target to get those bits.

move to something like

FROM mariner-core AS iptables
RUN tdnf install -y iptables etc

then change your copies to --from iptables

@github-actions
Copy link

github-actions bot commented Nov 28, 2024

This pull request is stale because it has been open for 2 weeks with no activity. Remove stale label or comment or this will be closed in 7 days

@github-actions github-actions bot added the stale Stale due to inactivity. label Nov 28, 2024
@rbtr rbtr removed the stale Stale due to inactivity. label Nov 28, 2024
@rbtr rbtr added the npm Related to NPM. label Nov 28, 2024
@github-actions
Copy link

github-actions bot commented Dec 13, 2024

This pull request is stale because it has been open for 2 weeks with no activity. Remove stale label or comment or this will be closed in 7 days

@github-actions github-actions bot added the stale Stale due to inactivity. label Dec 13, 2024
@rbtr rbtr removed the stale Stale due to inactivity. label Dec 13, 2024
@github-actions
Copy link

github-actions bot commented Dec 28, 2024

This pull request is stale because it has been open for 2 weeks with no activity. Remove stale label or comment or this will be closed in 7 days

@github-actions github-actions bot added the stale Stale due to inactivity. label Dec 28, 2024
@github-actions
Copy link

github-actions bot commented Jan 5, 2025

Pull request closed due to inactivity.

@github-actions github-actions bot closed this Jan 5, 2025
@github-actions github-actions bot deleted the jainriya/distroless1 branch January 5, 2025 00:01
@rbtr rbtr restored the jainriya/distroless1 branch January 6, 2025 18:18
@rbtr rbtr reopened this Jan 6, 2025
@github-actions github-actions bot removed the stale Stale due to inactivity. label Jan 7, 2025
@github-actions
Copy link

github-actions bot commented Jan 22, 2025

This pull request is stale because it has been open for 2 weeks with no activity. Remove stale label or comment or this will be closed in 7 days

@github-actions github-actions bot added the stale Stale due to inactivity. label Jan 22, 2025
@github-actions
Copy link

github-actions bot commented Jan 29, 2025

Pull request closed due to inactivity.

@github-actions github-actions bot closed this Jan 29, 2025
@github-actions github-actions bot deleted the jainriya/distroless1 branch January 29, 2025 00:01
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@rbtr rbtr rbtr left review comments

@vakalapa vakalapa Awaiting requested review from vakalapa vakalapa is a code owner automatically assigned from Azure/acn-npm-reviewers

+1 more reviewer

@huntergregory huntergregory huntergregory left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

@rejain456 rejain456

Labels

npm Related to NPM. stale Stale due to inactivity.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@rejain456 @huntergregory @rbtr @rejain789