-
Notifications
You must be signed in to change notification settings - Fork 270
Expand file tree
/
Copy pathDockerfile
More file actions
64 lines (55 loc) · 2.91 KB
/
Dockerfile
File metadata and controls
64 lines (55 loc) · 2.91 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
# !! AUTOGENERATED - DO NOT EDIT !!
# SOURCE: azure-iptables-monitor/Dockerfile.tmpl
ARG ARCH
# mcr.microsoft.com/azurelinux/base/core:3.0
FROM mcr.microsoft.com/azurelinux/base/core@sha256:2d83ae6e0d21cd58973633948d903038679f70fb594d6565626f29ddc162fe0c AS mariner-core
# mcr.microsoft.com/azurelinux/distroless/base:3.0
FROM mcr.microsoft.com/azurelinux/distroless/base@sha256:60a4f5539feea275365474c3600bba9c426872c5a86f80755acd169618da335e AS mariner-distroless
# mcr.microsoft.com/oss/go/microsoft/golang:1.26-azurelinux3.0
FROM --platform=linux/${ARCH} mcr.microsoft.com/oss/go/microsoft/golang@sha256:5f95bf70f4c437de4a6ba1f72ef1532f69fca392c131fff2172993cabbea359c AS go
FROM go AS azure-iptables-monitor
ARG OS
ARG VERSION
ENV GOEXPERIMENT=ms_nocgo_opensslcrypto
WORKDIR /azure-iptables-monitor
COPY ./azure-iptables-monitor .
RUN GOOS=$OS CGO_ENABLED=0 go build -a -o /go/bin/iptables-monitor -trimpath -ldflags "-s -w -X main.version="$VERSION"" -gcflags="-dwarflocationlists=true" .
FROM go AS azure-block-iptables
ARG OS
ARG AZURE_BLOCK_IPTABLES_VERSION
ARG ARCH
WORKDIR /azure-container-networking
COPY ./bpf-prog/azure-block-iptables ./bpf-prog/azure-block-iptables
COPY ./go.mod ./go.sum ./
# Install BPF development dependencies for Azure Linux (mariner)
RUN tdnf install -y llvm clang libbpf-devel gcc binutils glibc
# Set up C include path for BPF
ENV C_INCLUDE_PATH=/usr/include/bpf
ENV GOEXPERIMENT=ms_nocgo_opensslcrypto
# Set up architecture-specific symlinks for cross-compilation support
RUN if [ "$ARCH" = "amd64" ]; then \
ARCH_DIR=x86_64-linux-gnu; \
elif [ "$ARCH" = "arm64" ]; then \
ARCH_DIR=aarch64-linux-gnu; \
fi && \
if [ -n "$ARCH_DIR" ] && [ -d "/usr/include/$ARCH_DIR" ]; then \
for dir in /usr/include/"$ARCH_DIR"/*; do \
if [ -d "$dir" ]; then \
ln -sfn "$dir" /usr/include/$(basename "$dir") || echo "Warning: Failed to create symlink for directory $dir" >&2; \
elif [ -f "$dir" ]; then \
ln -Tsfn "$dir" /usr/include/$(basename "$dir") || echo "Warning: Failed to create symlink for file $dir" >&2; \
fi; \
done; \
fi
RUN GOOS=$OS CGO_ENABLED=0 go generate ./bpf-prog/azure-block-iptables/...
RUN GOOS=$OS CGO_ENABLED=0 go build -a -o /go/bin/azure-block-iptables -trimpath -ldflags "-s -w -X main.version="$AZURE_BLOCK_IPTABLES_VERSION"" -gcflags="-dwarflocationlists=true" ./bpf-prog/azure-block-iptables/cmd/azure-block-iptables
FROM mariner-core AS iptools
RUN tdnf install -y iptables iproute
FROM mariner-distroless AS linux
COPY --from=iptools /usr/sbin/*tables* /usr/sbin/
COPY --from=iptools /usr/sbin/ip /usr/sbin/
COPY --from=iptools /usr/lib /usr/lib
COPY --from=iptools /usr/lib64 /usr/lib64
COPY --from=azure-iptables-monitor /go/bin/iptables-monitor azure-iptables-monitor
COPY --from=azure-block-iptables /go/bin/azure-block-iptables azure-block-iptables
ENTRYPOINT ["/azure-iptables-monitor"]