feat: add retina-shell image for Linux (#928)

# Description Build a new image retina-shell for adhoc network debugging on Linux nodes/pods. ## Related Issue #910 ## Checklist - [x] I have read the [contributing documentation](https://retina.sh/docs/contributing). - [x] I signed and signed-off the commits (`git commit -S -s ...`). See [this documentation](https://docs.github.com/en/authentication/managing-commit-signature-verification/about-commit-signature-verification) on signing commits. - [x] I have correctly attributed the author(s) of the code. - [x] I have tested the changes locally. - [x] I have followed the project's style guidelines. - [x] I have updated the documentation, if necessary. - [x] I have added tests, if applicable. ## Screenshots (if applicable) or Testing Completed Tested building with the following commands: ``` IMAGE_REGISTRY=widalytest.azurecr.io BUILDX_ACTION=--push PLATFORM=linux/amd64 make retina-shell-image IMAGE_REGISTRY=widalytest.azurecr.io BUILDX_ACTION=--push PLATFORM=linux/arm64 make retina-shell-image IMAGE_REGISTRY=widalytest.azurecr.io BUILDX_ACTION=--push make manifest-shell-image ``` Then ran it locally: <img width="779" alt="image" src="https://github.com/user-attachments/assets/7a6b0163-aa90-48b1-815a-99e64a042a25"> ## Additional Notes There are two issues with the AzLinux 3 base image that should be fixed in the upcoming AzLinux3 release. See comments in the Dockerfile for details. --- Please refer to the [CONTRIBUTING.md](../CONTRIBUTING.md) file for more information on how to contribute to this project. Signed-off-by: Will Daly <[email protected]>
microsoft · Nov 4, 2024 · d39e36d · d39e36d
1 parent 6fbdaa4
commit d39e36d
Show file tree

Hide file tree

Showing 2 changed files with 50 additions and 0 deletions.
diff --git a/Makefile b/Makefile
@@ -191,6 +191,7 @@ RETINA_TOOLS_IMAGE				= $(IMAGE_NAMESPACE)/retina-tools
 RETINA_IMAGE 					= $(IMAGE_NAMESPACE)/retina-agent
 RETINA_INIT_IMAGE				= $(IMAGE_NAMESPACE)/retina-init
 RETINA_OPERATOR_IMAGE			= $(IMAGE_NAMESPACE)/retina-operator
+RETINA_SHELL_IMAGE				= $(IMAGE_NAMESPACE)/retina-shell
 RETINA_INTEGRATION_TEST_IMAGE	= $(IMAGE_NAMESPACE)/retina-integration-test
 RETINA_PROTO_IMAGE				= $(IMAGE_NAMESPACE)/retina-proto-gen
 RETINA_GO_GEN_IMAGE				= $(IMAGE_NAMESPACE)/retina-go-gen
@@ -307,6 +308,18 @@ retina-operator-image:  ## build the retina linux operator image.
 			APP_INSIGHTS_ID=$(APP_INSIGHTS_ID) \
 			CONTEXT_DIR=$(REPO_ROOT)
 
+retina-shell-image:
+	echo "Building for $(PLATFORM)"
+	set -e ; \
+	$(MAKE) container-$(CONTAINER_BUILDER) \
+			PLATFORM=$(PLATFORM) \
+			DOCKERFILE=shell/Dockerfile \
+			REGISTRY=$(IMAGE_REGISTRY) \
+			IMAGE=$(RETINA_SHELL_IMAGE) \
+			VERSION=$(TAG) \
+			TAG=$(RETINA_PLATFORM_TAG) \
+			CONTEXT_DIR=$(REPO_ROOT)
+
 kapinger-image: 
 	docker buildx build --builder retina --platform windows/amd64 --target windows-amd64 -t $(IMAGE_REGISTRY)/$(KAPINGER_IMAGE):$(TAG)-windows-amd64  ./hack/tools/kapinger/ --push
 	docker buildx build --builder retina --platform linux/amd64 --target linux-amd64 -t $(IMAGE_REGISTRY)/$(KAPINGER_IMAGE):$(TAG)-linux-amd64  ./hack/tools/kapinger/ --push
@@ -347,12 +360,18 @@ manifest-operator-image: ## create a multiplatform manifest for the operator ima
 	$(eval FULL_IMAGE_NAME=$(IMAGE_REGISTRY)/$(RETINA_OPERATOR_IMAGE):$(TAG))
 	docker buildx imagetools create -t $(FULL_IMAGE_NAME) $(foreach platform,linux/amd64, $(FULL_IMAGE_NAME)-$(subst /,-,$(platform)))
 
+manifest-shell-image:
+	$(eval FULL_IMAGE_NAME=$(IMAGE_REGISTRY)/$(RETINA_SHELL_IMAGE):$(TAG))
+	docker buildx imagetools create -t $(FULL_IMAGE_NAME) $(foreach platform,linux/amd64 linux/arm64, $(FULL_IMAGE_NAME)-$(subst /,-,$(platform)))
+
 manifest:
 	echo "Building for $(COMPONENT)"
 	if [ "$(COMPONENT)" = "retina" ]; then \
 		$(MAKE) manifest-retina-image; \
 	elif [ "$(COMPONENT)" = "operator" ]; then \
 		$(MAKE) manifest-operator-image; \
+	elif [ "$(COMPONENT)" = "shell" ]; then \
+		$(MAKE) manifest-shell-image; \
 	fi
 
 ##@ Tests

diff --git a/shell/Dockerfile b/shell/Dockerfile
@@ -0,0 +1,31 @@
+# mcr.microsoft.com/azurelinux/base/core:3.0.20241005
+FROM mcr.microsoft.com/azurelinux/base/core@sha256:7ec490b605aac8a44aed0b0695b0ee6ae976ec898afd9ac8d5613d7f3ce2b07b
+
+# There are a two known issues with Azure Linux 3.0.20241005 that affect this image:
+# 1. `iptables-nft` binary is not yet installed, but will be fixed by https://github.com/microsoft/azurelinux/pull/10786
+#    Until then, use `nft` to view nftables rules.
+# 2. `nslookup` and `bind` print an error "Algorithm not supported by SCOSSL" (but still complete successfully).
+#    This will be fixed by https://github.com/microsoft/SymCrypt-OpenSSL/pull/92
+RUN tdnf install -y \
+	bind-utils \
+	bpftool \
+	bpftrace \
+	conntrack \
+	curl \
+	ebtables-legacy \
+	iperf3 \
+	iproute \
+	ipset \
+	iptables \
+	iputils \
+	ldns-utils \
+	net-tools \
+	nftables \
+	nmap \
+	openssh \
+	socat \
+	tcpdump \
+	wget \
+	&& tdnf clean all
+
+CMD ["/bin/bash"]