Skip to content

Commit d39e36d

Browse files
wedalywedaly
authored
feat: add retina-shell image for Linux (microsoft#928)
# Description Build a new image retina-shell for adhoc network debugging on Linux nodes/pods. ## Related Issue microsoft#910 ## Checklist - [x] I have read the [contributing documentation](https://retina.sh/docs/contributing). - [x] I signed and signed-off the commits (`git commit -S -s ...`). See [this documentation](https://docs.github.com/en/authentication/managing-commit-signature-verification/about-commit-signature-verification) on signing commits. - [x] I have correctly attributed the author(s) of the code. - [x] I have tested the changes locally. - [x] I have followed the project's style guidelines. - [x] I have updated the documentation, if necessary. - [x] I have added tests, if applicable. ## Screenshots (if applicable) or Testing Completed Tested building with the following commands: ``` IMAGE_REGISTRY=widalytest.azurecr.io BUILDX_ACTION=--push PLATFORM=linux/amd64 make retina-shell-image IMAGE_REGISTRY=widalytest.azurecr.io BUILDX_ACTION=--push PLATFORM=linux/arm64 make retina-shell-image IMAGE_REGISTRY=widalytest.azurecr.io BUILDX_ACTION=--push make manifest-shell-image ``` Then ran it locally: <img width="779" alt="image" src="https://github.com/user-attachments/assets/7a6b0163-aa90-48b1-815a-99e64a042a25"> ## Additional Notes There are two issues with the AzLinux 3 base image that should be fixed in the upcoming AzLinux3 release. See comments in the Dockerfile for details. --- Please refer to the [CONTRIBUTING.md](../CONTRIBUTING.md) file for more information on how to contribute to this project. Signed-off-by: Will Daly <[email protected]>
1 parent 6fbdaa4 commit d39e36d

File tree

2 files changed

+50
-0
lines changed

2 files changed

+50
-0
lines changed

Makefile

+19
Original file line numberDiff line numberDiff line change
@@ -191,6 +191,7 @@ RETINA_TOOLS_IMAGE = $(IMAGE_NAMESPACE)/retina-tools
191191
RETINA_IMAGE = $(IMAGE_NAMESPACE)/retina-agent
192192
RETINA_INIT_IMAGE = $(IMAGE_NAMESPACE)/retina-init
193193
RETINA_OPERATOR_IMAGE = $(IMAGE_NAMESPACE)/retina-operator
194+
RETINA_SHELL_IMAGE = $(IMAGE_NAMESPACE)/retina-shell
194195
RETINA_INTEGRATION_TEST_IMAGE = $(IMAGE_NAMESPACE)/retina-integration-test
195196
RETINA_PROTO_IMAGE = $(IMAGE_NAMESPACE)/retina-proto-gen
196197
RETINA_GO_GEN_IMAGE = $(IMAGE_NAMESPACE)/retina-go-gen
@@ -307,6 +308,18 @@ retina-operator-image: ## build the retina linux operator image.
307308
APP_INSIGHTS_ID=$(APP_INSIGHTS_ID) \
308309
CONTEXT_DIR=$(REPO_ROOT)
309310

311+
retina-shell-image:
312+
echo "Building for $(PLATFORM)"
313+
set -e ; \
314+
$(MAKE) container-$(CONTAINER_BUILDER) \
315+
PLATFORM=$(PLATFORM) \
316+
DOCKERFILE=shell/Dockerfile \
317+
REGISTRY=$(IMAGE_REGISTRY) \
318+
IMAGE=$(RETINA_SHELL_IMAGE) \
319+
VERSION=$(TAG) \
320+
TAG=$(RETINA_PLATFORM_TAG) \
321+
CONTEXT_DIR=$(REPO_ROOT)
322+
310323
kapinger-image:
311324
docker buildx build --builder retina --platform windows/amd64 --target windows-amd64 -t $(IMAGE_REGISTRY)/$(KAPINGER_IMAGE):$(TAG)-windows-amd64 ./hack/tools/kapinger/ --push
312325
docker buildx build --builder retina --platform linux/amd64 --target linux-amd64 -t $(IMAGE_REGISTRY)/$(KAPINGER_IMAGE):$(TAG)-linux-amd64 ./hack/tools/kapinger/ --push
@@ -347,12 +360,18 @@ manifest-operator-image: ## create a multiplatform manifest for the operator ima
347360
$(eval FULL_IMAGE_NAME=$(IMAGE_REGISTRY)/$(RETINA_OPERATOR_IMAGE):$(TAG))
348361
docker buildx imagetools create -t $(FULL_IMAGE_NAME) $(foreach platform,linux/amd64, $(FULL_IMAGE_NAME)-$(subst /,-,$(platform)))
349362

363+
manifest-shell-image:
364+
$(eval FULL_IMAGE_NAME=$(IMAGE_REGISTRY)/$(RETINA_SHELL_IMAGE):$(TAG))
365+
docker buildx imagetools create -t $(FULL_IMAGE_NAME) $(foreach platform,linux/amd64 linux/arm64, $(FULL_IMAGE_NAME)-$(subst /,-,$(platform)))
366+
350367
manifest:
351368
echo "Building for $(COMPONENT)"
352369
if [ "$(COMPONENT)" = "retina" ]; then \
353370
$(MAKE) manifest-retina-image; \
354371
elif [ "$(COMPONENT)" = "operator" ]; then \
355372
$(MAKE) manifest-operator-image; \
373+
elif [ "$(COMPONENT)" = "shell" ]; then \
374+
$(MAKE) manifest-shell-image; \
356375
fi
357376

358377
##@ Tests

shell/Dockerfile

+31
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,31 @@
1+
# mcr.microsoft.com/azurelinux/base/core:3.0.20241005
2+
FROM mcr.microsoft.com/azurelinux/base/core@sha256:7ec490b605aac8a44aed0b0695b0ee6ae976ec898afd9ac8d5613d7f3ce2b07b
3+
4+
# There are a two known issues with Azure Linux 3.0.20241005 that affect this image:
5+
# 1. `iptables-nft` binary is not yet installed, but will be fixed by https://github.com/microsoft/azurelinux/pull/10786
6+
# Until then, use `nft` to view nftables rules.
7+
# 2. `nslookup` and `bind` print an error "Algorithm not supported by SCOSSL" (but still complete successfully).
8+
# This will be fixed by https://github.com/microsoft/SymCrypt-OpenSSL/pull/92
9+
RUN tdnf install -y \
10+
bind-utils \
11+
bpftool \
12+
bpftrace \
13+
conntrack \
14+
curl \
15+
ebtables-legacy \
16+
iperf3 \
17+
iproute \
18+
ipset \
19+
iptables \
20+
iputils \
21+
ldns-utils \
22+
net-tools \
23+
nftables \
24+
nmap \
25+
openssh \
26+
socat \
27+
tcpdump \
28+
wget \
29+
&& tdnf clean all
30+
31+
CMD ["/bin/bash"]

0 commit comments

Comments
 (0)