From 8497f0335335ce46746b56dc06653dccf9a67029 Mon Sep 17 00:00:00 2001
From: rejain456 <rejain6@gmail.com>
Date: Wed, 13 Nov 2024 00:26:07 +0000
Subject: [PATCH 1/3] updated container image to be distroless

---
 npm/linux.Dockerfile | 30 +++++++++++++++++++++++++++---
 1 file changed, 27 insertions(+), 3 deletions(-)

diff --git a/npm/linux.Dockerfile b/npm/linux.Dockerfile
index 3c278d2467..acb0848237 100644
--- a/npm/linux.Dockerfile
+++ b/npm/linux.Dockerfile
@@ -2,12 +2,36 @@ FROM mcr.microsoft.com/oss/go/microsoft/golang:1.23 AS builder
 ARG VERSION
 ARG NPM_AI_PATH
 ARG NPM_AI_ID
+RUN apt-get update && apt-get install -y iptables ipset ca-certificates conntrack grep && apt-get autoremove -y && apt-get clean
 WORKDIR /usr/local/src
 COPY . .
 RUN CGO_ENABLED=0 go build -v -o /usr/local/bin/azure-npm -ldflags "-X main.version="$VERSION" -X "$NPM_AI_PATH"="$NPM_AI_ID"" -gcflags="-dwarflocationlists=true" npm/cmd/*.go
+RUN chmod +x /usr/local/bin/azure-npm
 
-FROM mcr.microsoft.com/mirror/docker/library/ubuntu:20.04 as linux
+FROM mcr.microsoft.com/cbl-mariner/distroless/minimal@sha256:63a0a70ceaa1320bc6eb98b81106667d43e46b674731ea8d28e4de1b87e0747f AS linux
 COPY --from=builder /usr/local/bin/azure-npm /usr/bin/azure-npm
-RUN apt-get update && apt-get install -y iptables ipset ca-certificates && apt-get autoremove -y && apt-get clean
-RUN chmod +x /usr/bin/azure-npm
+COPY --from=builder /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ca-certificates.crt
+COPY --from=builder /lib/ /lib
+COPY --from=builder /usr/lib/ /usr/lib
+COPY --from=builder /usr/sbin/ /usr/sbin/
+
+# Copy iptables, iptables-nft, and iptables-nft-save binaries
+COPY --from=builder /usr/sbin/iptables /usr/sbin/iptables
+COPY --from=builder /usr/sbin/iptables-nft /usr/sbin/iptables-nft
+COPY --from=builder /usr/sbin/iptables-restore /usr/sbin/iptables-restore
+COPY --from=builder /usr/sbin/iptables-save /usr/sbin/iptables-save
+COPY --from=builder /usr/sbin/iptables-nft-restore /usr/sbin/iptables-nft-restore
+COPY --from=builder /usr/sbin/iptables-nft-save /usr/sbin/iptables-nft-save
+COPY --from=builder /usr/sbin/conntrack /usr/sbin/conntrack
+COPY --from=builder /bin/grep /bin/grep
+
+# Copy required libraries based on ldd output
+COPY --from=builder /lib/x86_64-linux-gnu/libxtables.so.12 /lib/x86_64-linux-gnu/libxtables.so.12
+COPY --from=builder /lib/x86_64-linux-gnu/libmnl.so.0 /lib/x86_64-linux-gnu/libmnl.so.0
+COPY --from=builder /lib/x86_64-linux-gnu/libnftnl.so.11 /lib/x86_64-linux-gnu/libnftnl.so.11
+COPY --from=builder /lib/x86_64-linux-gnu/libnetfilter_conntrack.so.3 /lib/x86_64-linux-gnu/libnetfilter_conntrack.so.3
+COPY --from=builder /lib/x86_64-linux-gnu/libnfnetlink.so.0 /lib/x86_64-linux-gnu/libnfnetlink.so.0
+COPY --from=builder /lib/x86_64-linux-gnu/libc.so.6 /lib/x86_64-linux-gnu/libc.so.6
+COPY --from=builder /lib64/ld-linux-x86-64.so.2 /lib64/ld-linux-x86-64.so.2
+
 ENTRYPOINT ["/usr/bin/azure-npm", "start"]

From eba581e968d610ac34052e32c3ae99d156d06bcb Mon Sep 17 00:00:00 2001
From: rejain456 <rejain6@gmail.com>
Date: Wed, 13 Nov 2024 00:29:36 +0000
Subject: [PATCH 2/3] updated tests

---
 .pipelines/npm/npm-conformance-tests.yaml | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/.pipelines/npm/npm-conformance-tests.yaml b/.pipelines/npm/npm-conformance-tests.yaml
index aba3de913b..3cf49ffb71 100644
--- a/.pipelines/npm/npm-conformance-tests.yaml
+++ b/.pipelines/npm/npm-conformance-tests.yaml
@@ -102,14 +102,17 @@ stages:
             AZURE_CLUSTER: "conformance-v2-background"
             PROFILE: "v2-background"
             IS_STRESS_TEST: "false"
+            OS_SKU: "Ubuntu"
           v2-ws22:
             AZURE_CLUSTER: "conformance-v2-ws22"
             PROFILE: "v2-default-ws22"
             IS_STRESS_TEST: "false"
+            OS_SKU: "Ubuntu"
           v2-linux-stress:
             AZURE_CLUSTER: "conformance-v2-linux-stress"
             PROFILE: "v2-background"
             IS_STRESS_TEST: "true"
+            OS_SKU: "Ubuntu"
       pool:
         name: $(BUILD_POOL_NAME_DEFAULT)
         demands:
@@ -210,6 +213,7 @@ stages:
                 --resource-group $(RESOURCE_GROUP) \
                 --name $(AZURE_CLUSTER) \
                 --network-plugin azure
+                ----os-sku $(OS_SKU) 
 
                 if [ $? != 0 ]
                 then

From 48cbf4e30c6d37b996a50ecd6b44c5a15a736bfd Mon Sep 17 00:00:00 2001
From: rejain456 <rejain6@gmail.com>
Date: Wed, 13 Nov 2024 02:16:13 +0000
Subject: [PATCH 3/3] changed to azure linux sku  from ubuntu sku

---
 .pipelines/npm/npm-conformance-tests.yaml | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/.pipelines/npm/npm-conformance-tests.yaml b/.pipelines/npm/npm-conformance-tests.yaml
index 3cf49ffb71..aa39cb3072 100644
--- a/.pipelines/npm/npm-conformance-tests.yaml
+++ b/.pipelines/npm/npm-conformance-tests.yaml
@@ -102,17 +102,17 @@ stages:
             AZURE_CLUSTER: "conformance-v2-background"
             PROFILE: "v2-background"
             IS_STRESS_TEST: "false"
-            OS_SKU: "Ubuntu"
+            OS_SKU: "AzureLinux"
           v2-ws22:
             AZURE_CLUSTER: "conformance-v2-ws22"
             PROFILE: "v2-default-ws22"
             IS_STRESS_TEST: "false"
-            OS_SKU: "Ubuntu"
+            OS_SKU: "AzureLinux"
           v2-linux-stress:
             AZURE_CLUSTER: "conformance-v2-linux-stress"
             PROFILE: "v2-background"
             IS_STRESS_TEST: "true"
-            OS_SKU: "Ubuntu"
+            OS_SKU: "AzureLinux"
       pool:
         name: $(BUILD_POOL_NAME_DEFAULT)
         demands:
@@ -213,7 +213,7 @@ stages:
                 --resource-group $(RESOURCE_GROUP) \
                 --name $(AZURE_CLUSTER) \
                 --network-plugin azure
-                ----os-sku $(OS_SKU) 
+                --os-sku $(OS_SKU) 
 
                 if [ $? != 0 ]
                 then