Conversation
There was a problem hiding this comment.
Pull request overview
Adds a new antrea/tshark container image (Ubuntu-based) to support packet capture with tshark/dumpcap, and wires up CI + Renovate to build, tag, push, and keep dependencies updated.
Changes:
- Add
images/tsharkimage (Dockerfile + usage README) with pinnedtsharkpackage and non-root runtime user. - Add GitHub Actions workflow to build multi-arch and push tags derived from the
tsharkversion. - Extend Renovate config to update the pinned
tsharkdeb version via a custom regex manager.
Reviewed changes
Copilot reviewed 5 out of 5 changed files in this pull request and generated 6 comments.
Show a summary per file
| File | Description |
|---|---|
images/tshark/README.md |
Documents the new image and provides a Kubernetes DaemonSet example for captures. |
images/tshark/Dockerfile |
Defines the Ubuntu 24.04-based tshark image, user/group setup, and default command. |
README.md |
Adds antrea/tshark to the top-level image list. |
.github/workflows/docker_build_tshark.yml |
Builds and pushes the new image (multi-arch) and computes tags from the pinned tshark version. |
.github/renovate.json5 |
Enables a custom Renovate regex manager to update the pinned tshark package version. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 5 out of 5 changed files in this pull request and generated 2 comments.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
antoninbas
force-pushed
the
add-tshark-image
branch
from
c97678c to
a81c66a
Compare
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 5 out of 5 changed files in this pull request and generated 1 comment.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
antoninbas
force-pushed
the
add-tshark-image
branch
from
a81c66a to
0ee185d
Compare
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 5 out of 5 changed files in this pull request and generated 1 comment.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Add a new tshark image based on ubuntu:24.04. The image runs as a dedicated non-root user added to the wireshark group (required to execute dumpcap). The tshark apt package version is pinned; packet capture requires NET_RAW and NET_ADMIN capabilities to be granted at runtime via the container's securityContext. The image tag is derived from the tshark semver (extracted from the pinned package version in the Dockerfile) suffixed with the short commit SHA, e.g., `4.2.2-abc1234`. Rolling tags `<semver>` and `latest` are also produced. The GitHub Actions workflow builds for linux/amd64, linux/arm64, and linux/arm/v7, and pushes on merge to main. Renovate is configured to auto-update both the ubuntu base image digest and the pinned tshark apt package version. Signed-off-by: Antonin Bas <antonin.bas@broadcom.com>
antoninbas
force-pushed
the
add-tshark-image
branch
from
0ee185d to
f896f1d
Compare
Add a new tshark image based on ubuntu:24.04. The image runs as a
dedicated non-root user added to the wireshark group (required to
execute dumpcap). The tshark apt package version is pinned; packet
capture requires NET_RAW and NET_ADMIN capabilities to be granted at
runtime via the container's securityContext.
The image tag is derived from the tshark semver (extracted from the
pinned package version in the Dockerfile) suffixed with the short commit
SHA, e.g.,
4.2.2-abc1234. Rolling tags<semver>andlatestarealso produced. The GitHub Actions workflow builds for linux/amd64,
linux/arm64, and linux/arm/v7, and pushes on merge to main. Renovate is
configured to auto-update both the ubuntu base image digest and the
pinned tshark apt package version.
We do not add tshark to the toolbox image, as that would grow the image
size too much.