diff --git a/Makefile b/Makefile index 41b9abdc63..cea899920b 100644 --- a/Makefile +++ b/Makefile @@ -32,6 +32,7 @@ OS ?= $(GOOS) ARCH ?= $(GOARCH) PLATFORM ?= $(OS)/$(ARCH) PLATFORMS ?= linux/amd64 linux/arm64 windows/amd64 +OS_VERSION ?= ltsc2019 CONTAINER_BUILDER ?= docker CONTAINER_RUNTIME ?= docker @@ -214,10 +215,11 @@ container-docker: buildx # util target to build container images using docker bu --platform $(PLATFORM) \ --metadata-file=$$image_metadata_filename \ -f $(DOCKERFILE) \ - --build-arg VERSION=$(VERSION) $(EXTRA_BUILD_ARGS) \ - --build-arg GOOS=$$os \ - --build-arg GOARCH=$$arch \ --build-arg APP_INSIGHTS_ID=$(APP_INSIGHTS_ID) \ + --build-arg GOARCH=$$arch \ + --build-arg GOOS=$$os \ + --build-arg OS_VERSION=$(OS_VERSION) \ + --build-arg VERSION=$(VERSION) $(EXTRA_BUILD_ARGS) \ --target=$(TARGET) \ -t $(IMAGE_REGISTRY)/$(IMAGE):$(TAG) \ $(CONTEXT_DIR) @@ -233,7 +235,7 @@ retina-image: ## build the retina linux container image. fi; \ $(MAKE) container-$(CONTAINER_BUILDER) \ PLATFORM=$(PLATFORM) \ - DOCKERFILE=controller/Dockerfile.controller \ + DOCKERFILE=controller/Dockerfile \ REGISTRY=$(IMAGE_REGISTRY) \ IMAGE=$$image_name \ VERSION=$(TAG) \ @@ -249,11 +251,13 @@ retina-image-win: ## build the retina Windows container image. echo "Building $(RETINA_PLATFORM_TAG)"; \ $(MAKE) container-$(CONTAINER_BUILDER) \ PLATFORM=windows/amd64 \ - DOCKERFILE=controller/Dockerfile.windows-$$year \ + DOCKERFILE=controller/Dockerfile \ REGISTRY=$(IMAGE_REGISTRY) \ IMAGE=$(RETINA_IMAGE) \ + OS_VERSION=ltsc$$year \ VERSION=$(TAG) \ TAG=$$tag \ + TARGET=agent-win \ CONTEXT_DIR=$(REPO_ROOT); \ done diff --git a/controller/Dockerfile b/controller/Dockerfile new file mode 100644 index 0000000000..c2437404ca --- /dev/null +++ b/controller/Dockerfile @@ -0,0 +1,91 @@ +ARG OS_VERSION=ltsc2019 + +# capture binary +FROM --platform=$BUILDPLATFORM mcr.microsoft.com/oss/go/microsoft/golang:1.22 AS capture-bin +ARG APP_INSIGHTS_ID # set to enable AI telemetry +ARG GOARCH=amd64 # default to amd64 +ARG GOOS=linux # default to linux +ARG VERSION +ENV CGO_ENABLED=0 +ENV GOARCH=${GOARCH} +ENV GOOS=${GOOS} +COPY . /go/src/github.com/microsoft/retina +WORKDIR /go/src/github.com/microsoft/retina +RUN --mount=type=cache,target="/root/.cache/go-build" go build -v -o /go/bin/retina/captureworkload -ldflags "-X main.version="$VERSION" -X main.applicationInsightsID="$APP_INSIGHTS_ID"" captureworkload/main.go + + +# controller binary +FROM --platform=$BUILDPLATFORM mcr.microsoft.com/oss/go/microsoft/golang:1.22 AS controller-bin +ARG APP_INSIGHTS_ID # set to enable AI telemetry +ARG GOARCH=amd64 # default to amd64 +ARG GOOS=linux # default to linux +ARG VERSION +ENV CGO_ENABLED=0 +ENV GOARCH=${GOARCH} +ENV GOOS=${GOOS} +COPY . /go/src/github.com/microsoft/retina +WORKDIR /go/src/github.com/microsoft/retina +RUN --mount=type=cache,target="/root/.cache/go-build" go build -v -o /go/bin/retina/controller -ldflags "-X main.version="$VERSION" -X main.applicationInsightsID="$APP_INSIGHTS_ID"" controller/main.go + + +# init binary +FROM --platform=$BUILDPLATFORM mcr.microsoft.com/oss/go/microsoft/golang:1.22 AS init-bin +ARG APP_INSIGHTS_ID # set to enable AI telemetry +ARG GOARCH=amd64 # default to amd64 +ARG GOOS=linux # default to linux +ARG VERSION +ENV CGO_ENABLED=0 +ENV GOARCH=${GOARCH} +ENV GOOS=${GOOS} +COPY . /go/src/github.com/microsoft/retina +WORKDIR /go/src/github.com/microsoft/retina +RUN --mount=type=cache,target="/root/.cache/go-build" go build -v -o /go/bin/retina/initretina -ldflags "-X main.version="$VERSION" -X main.applicationInsightsID="$APP_INSIGHTS_ID"" init/retina/main_linux.go + + +# tools image +FROM --platform=$TARGETPLATFORM mcr.microsoft.com/mirror/docker/library/debian:bookworm@sha256:1aadfee8d292f64b045adb830f8a58bfacc15789ae5f489a0fedcd517a862cb9 AS tools +RUN apt-get update && \ + apt-get install -y \ + apt-file \ + clang \ + curl \ + gnupg2 \ + iproute2 \ + iptables \ + tcpdump + +RUN mkdir -p /tmp/bin +RUN arr="clang tcpdump ip ss iptables-legacy iptables-legacy-save iptables-nft iptables-nft-save cp uname" ;\ + for i in $arr; do \ + cp $(which $i) /tmp/bin; \ + done + + +# init final image +FROM --platform=$TARGETPLATFORM gcr.io/distroless/cc-debian12:debug as init +COPY --from=init-bin /go/bin/retina/initretina /retina/initretina +COPY --from=tools /lib/ /lib +COPY --from=tools /usr/lib/ /usr/lib +COPY --from=tools /bin/mount /bin/mount +ENTRYPOINT ["./retina/initretina"] + + +# agent final image +FROM --platform=$TARGETPLATFORM gcr.io/distroless/cc-debian12:debug as agent +COPY --from=tools /lib/ /lib +COPY --from=tools /usr/lib/ /usr/lib +COPY --from=tools /tmp/bin/ /bin +COPY --from=controller-bin /go/bin/retina/controller /retina/controller +COPY --from=controller-bin /go/src/github.com/microsoft/retina/pkg/plugin /go/src/github.com/microsoft/retina/pkg/plugin +COPY --from=capture-bin /go/bin/retina/captureworkload /retina/captureworkload +ENTRYPOINT ["./retina/controller"] + + +# agent final image for win2019 +FROM --platform=$TARGETPLATFORM mcr.microsoft.com/windows/servercore:${OS_VERSION} as agent-win +COPY --from=controller-bin /go/src/github.com/microsoft/retina/windows/kubeconfigtemplate.yaml kubeconfigtemplate.yaml +COPY --from=controller-bin /go/src/github.com/microsoft/retina/windows/setkubeconfigpath.ps1 setkubeconfigpath.ps1 +COPY --from=controller-bin /go/bin/retina/controller controller.exe +COPY --from=capture-bin /go/bin/retina/captureworkload captureworkload.exe +ADD https://github.com/microsoft/etl2pcapng/releases/download/v1.10.0/etl2pcapng.exe /etl2pcapng.exe +CMD ["controller.exe", "start", "--kubeconfig=.\\kubeconfig"] diff --git a/controller/Dockerfile.controller b/controller/Dockerfile.controller deleted file mode 100644 index 44382317a8..0000000000 --- a/controller/Dockerfile.controller +++ /dev/null @@ -1,136 +0,0 @@ -ARG builderImage="ghcr.io/microsoft/retina/retina-builder:0.0.1" -ARG toolsImage="ghcr.io/microsoft/retina/retina-tools:0.0.1" - -# Stage: Build binary -FROM --platform=$TARGETPLATFORM mcr.microsoft.com/oss/go/microsoft/golang:1.22 AS builder -LABEL Name=retina-builder Version=0.0.1 - -RUN apt-get update &&\ - apt-get -y install lsb-release wget software-properties-common gnupg file git make - -RUN wget -O - https://apt.llvm.org/llvm-snapshot.gpg.key | apt-key add - -RUN add-apt-repository "deb http://apt.llvm.org/bullseye/ llvm-toolchain-bullseye-14 main" -RUN apt-get update - -RUN apt-get install -y clang-14 lldb-14 lld-14 clangd-14 man-db -RUN apt-get install -y bpftool libbpf-dev - -RUN ln -s /usr/bin/clang-14 /usr/bin/clang - -COPY . /go/src/github.com/microsoft/retina -WORKDIR /go/src/github.com/microsoft/retina - -# Default linux/architecture. -ARG GOOS=linux -ENV GOOS=${GOOS} - -ARG GOARCH=amd64 -ENV GOARCH=${GOARCH} - -ENV CGO_ENABLED=0 - -ARG VERSION -# Application Insights ID for telemetry. -# Default value is empty. -# Set this if you want to enable Application Insights telemetry. -ARG APP_INSIGHTS_ID - -RUN --mount=type=cache,target="/root/.cache/go-build" go build -v -o /go/bin/retina/controller -ldflags "-X main.version="$VERSION" -X "main.applicationInsightsID"="$APP_INSIGHTS_ID"" controller/main.go -RUN --mount=type=cache,target="/root/.cache/go-build" go build -v -o /go/bin/retina/captureworkload -ldflags "-X main.version="$VERSION" -X "main.applicationInsightsID"="$APP_INSIGHTS_ID"" captureworkload/main.go -# We only build initretina for linux. -RUN --mount=type=cache,target="/root/.cache/go-build" go build -v -o /go/bin/retina/initretina -ldflags "-X main.version="$VERSION" -X "main.applicationInsightsID"="$APP_INSIGHTS_ID"" ././init/retina/main_linux.go - -# ----------------------------------------------------------------------------------- # - -# Stage: Prepare clang and tools -# Bullseye -> debian11 -FROM --platform=$TARGETPLATFORM mcr.microsoft.com/mirror/docker/library/debian:bullseye@sha256:a648e10e02af129706b1fb89e1ac9694ae3db7f2b8439aa906321e68cc281bc0 AS tools - -LABEL Name=retina-tools Version=0.0.1 - -WORKDIR /tmp -RUN apt-get update && \ - apt-get install -y --no-install-recommends \ - curl xz-utils binutils wget gnupg2 -RUN apt-get install -y --no-install-recommends \ - ca-certificates tcpdump iproute2 iptables - -RUN mkdir -p /usr/local - -ARG GOARCH=amd64 -ENV GOARCH=${GOARCH} - -RUN if [ "$GOARCH" = "amd64" ] ; then \ - # Download clang and llvm. - wget https://releases.llvm.org/release-keys.asc; \ - gpg2 --import release-keys.asc; \ - wget -O clang+llvm.tar.xz https://github.com/llvm/llvm-project/releases/download/llvmorg-14.0.0/clang+llvm-14.0.0-x86_64-linux-gnu-ubuntu-18.04.tar.xz; \ - wget -O clang+llvm.tar.xz.sig https://github.com/llvm/llvm-project/releases/download/llvmorg-14.0.0/clang+llvm-14.0.0-x86_64-linux-gnu-ubuntu-18.04.tar.xz.sig; \ - gpg2 --verify clang+llvm.tar.xz.sig clang+llvm.tar.xz; \ - tar -C /usr/local -xJf ./clang+llvm.tar.xz --no-same-owner; \ - mv /usr/local/clang+llvm-14.0.0-x86_64-linux-gnu-ubuntu-18.04 /usr/local/clang+llvm; \ - else \ - # GOARCH=Arm64. - # Download clang and llvm. - # Need more dependencies for Arm64. - apt-get install -y --no-install-recommends libc6 zlib1g libncurses5; \ - apt-get install -y --no-install-recommends apt-file; \ - apt-file update; \ - apt-file find libstdc++.so.6; \ - apt-get install -y --no-install-recommends libstdc++6; \ - # Download clang and llvm. - wget -O clang+llvm.tar.xz https://github.com/llvm/llvm-project/releases/download/llvmorg-14.0.0/clang+llvm-14.0.0-aarch64-linux-gnu.tar.xz; \ - tar -C /usr/local -xJf ./clang+llvm.tar.xz --no-same-owner; \ - mv /usr/local/clang+llvm-14.0.0-aarch64-linux-gnu /usr/local/clang+llvm; \ - # Prepare dependencies for clang to be copied to base. - apt-get install -y --no-install-recommends libncurses5; \ - fi - -# Copy tools. -RUN mkdir -p /tmp/bin -RUN arr="tcpdump ip ss iptables-legacy iptables-legacy-save iptables-nft iptables-nft-save cp uname" ;\ - for i in $arr; do \ - cp $(which $i) /tmp/bin; \ - done - -# ----------------------------------------------------------------------------------- # - -# Stage: Base distroless init image -FROM --platform=$TARGETPLATFORM mcr.microsoft.com/mirror/gcr/distroless/cc-debian11:latest@sha256:b53fbf5f81f4a120a489fedff2092e6fcbeacf7863fce3e45d99cc58dc230ccc as init -LABEL Name=retina-init Version=0.0.1 - -COPY --from=builder /go/bin/retina/initretina /retina/initretina - -# Copy dependencies for mount. Needed for initretina. -COPY --from=tools /lib/ /lib -COPY --from=tools /usr/lib/ /usr/lib -COPY --from=tools /bin/mount /bin/mount - -ENTRYPOINT ["./retina/initretina"] - -# ----------------------------------------------------------------------------------- # - -# Stage: Base distroless image -FROM --platform=$TARGETPLATFORM mcr.microsoft.com/mirror/gcr/distroless/cc-debian11:latest@sha256:b53fbf5f81f4a120a489fedff2092e6fcbeacf7863fce3e45d99cc58dc230ccc as agent - -LABEL Name=retina-controller Version=0.0.1 - -# Copy dependencies for clang and tools. -COPY --from=tools /lib/ /lib -COPY --from=tools /usr/lib/ /usr/lib - -# Copy clang+llvm. -COPY --from=tools /usr/local/clang+llvm/bin/clang /bin/clang - -# Copy tools. -COPY --from=tools /tmp/bin/ /bin - -# Copy the Retina binary. -COPY --from=builder /go/bin/retina/controller /retina/controller -COPY --from=builder /go/bin/retina/captureworkload /retina/captureworkload - -# Copy the plugin eBPF code and headers. -COPY --from=builder /go/src/github.com/microsoft/retina/pkg/plugin /go/src/github.com/microsoft/retina/pkg/plugin - -EXPOSE 80 -ENTRYPOINT ["./retina/controller"] diff --git a/controller/Dockerfile.windows-2019 b/controller/Dockerfile.windows-2019 deleted file mode 100644 index 67eb262afc..0000000000 --- a/controller/Dockerfile.windows-2019 +++ /dev/null @@ -1,25 +0,0 @@ -FROM --platform=linux/amd64 mcr.microsoft.com/oss/go/microsoft/golang:1.22 as builder -# Build args -ARG VERSION -ARG APP_INSIGHTS_ID - -ENV GOOS=windows -ENV GOARCH=amd64 - -WORKDIR /usr/src/retina -# Copy the source -COPY . . - -RUN --mount=type=cache,target="/root/.cache/go-build" go build -v -o /usr/bin/controller.exe -ldflags "-X main.version="$VERSION" -X "main.applicationInsightsID"="$APP_INSIGHTS_ID"" ./controller/ -RUN --mount=type=cache,target="/root/.cache/go-build" go build -v -o /usr/bin/captureworkload.exe ./captureworkload/ - -# Copy into final image -FROM mcr.microsoft.com/windows/servercore:ltsc2019 -COPY --from=builder /usr/src/retina/windows/kubeconfigtemplate.yaml kubeconfigtemplate.yaml -COPY --from=builder /usr/src/retina/windows/setkubeconfigpath.ps1 setkubeconfigpath.ps1 -COPY --from=builder /usr/bin/controller.exe controller.exe -COPY --from=builder /usr/bin/captureworkload.exe captureworkload.exe - -ADD https://github.com/microsoft/etl2pcapng/releases/download/v1.10.0/etl2pcapng.exe /etl2pcapng.exe - -CMD ["controller.exe", "start", "--kubeconfig=.\\kubeconfig"] diff --git a/controller/Dockerfile.windows-2022 b/controller/Dockerfile.windows-2022 deleted file mode 100644 index a642d893d7..0000000000 --- a/controller/Dockerfile.windows-2022 +++ /dev/null @@ -1,26 +0,0 @@ -FROM --platform=linux/amd64 mcr.microsoft.com/oss/go/microsoft/golang:1.22 as builder - -# Build args -ARG VERSION -ARG APP_INSIGHTS_ID - -ENV GOOS=windows -ENV GOARCH=amd64 - -WORKDIR /usr/src/retina -# Copy the source -COPY . . - -RUN --mount=type=cache,target="/root/.cache/go-build" go build -v -o /usr/bin/controller.exe -ldflags "-X main.version="$VERSION" -X "main.applicationInsightsID"="$APP_INSIGHTS_ID"" ./controller/ -RUN --mount=type=cache,target="/root/.cache/go-build" go build -v -o /usr/bin/captureworkload.exe ./captureworkload/ - -# Copy into final image -FROM mcr.microsoft.com/windows/servercore:ltsc2022 -COPY --from=builder /usr/src/retina/windows/kubeconfigtemplate.yaml kubeconfigtemplate.yaml -COPY --from=builder /usr/src/retina/windows/setkubeconfigpath.ps1 setkubeconfigpath.ps1 -COPY --from=builder /usr/bin/controller.exe controller.exe -COPY --from=builder /usr/bin/captureworkload.exe captureworkload.exe - -ADD https://github.com/microsoft/etl2pcapng/releases/download/v1.10.0/etl2pcapng.exe /etl2pcapng.exe - -CMD ["controller.exe", "start", "--kubeconfig=.\\kubeconfig"]