Skip to content

ci: add azure iptables monitor pipeline #3781

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 2 commits into from
Aug 2, 2025
Merged

ci: add azure iptables monitor pipeline #3781

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
e7a87d6
add azure iptables monitor to pipelines
QxBytes Jul 9, 2025
0803b3a
strip debug symbols from azure iptables monitor
QxBytes Jul 30, 2025
File filter

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
19 changes: 10 additions & 9 deletions .github/CODEOWNERS
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,12 +7,13 @@
# review a PR in an area.
#
# Rules are evaluated in this order, and the last match is used for auto-assignment.
* @azure/azure-sdn-members
/.github/ @azure/acn-admins
/cns/ @azure/acn-cns-reviewers
/cni/ @azure/acn-cni-reviewers
/dropgz/ @rbtr @camrynl @paulyufan2 @ashvindeodhar @thatmattlong
/npm/ @azure/acn-npm-reviewers
/zapai/ @rbtr @ZetaoZhuang
/bpf-prog/ @camrynl
/azure-ip-masq-merger/ @QxBytes @santhoshmprabhu
* @azure/azure-sdn-members
/.github/ @azure/acn-admins
/cns/ @azure/acn-cns-reviewers
/cni/ @azure/acn-cni-reviewers
/dropgz/ @rbtr @camrynl @paulyufan2 @ashvindeodhar @thatmattlong
/npm/ @azure/acn-npm-reviewers
/zapai/ @rbtr @ZetaoZhuang
/bpf-prog/ @camrynl
/azure-ip-masq-merger/ @QxBytes @santhoshmprabhu
/azure-iptables-monitor/ @QxBytes @santhoshmprabhu
18 changes: 18 additions & 0 deletions .pipelines/build/dockerfiles/azure-iptables-monitor.Dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,18 @@
ARG ARCH

# mcr.microsoft.com/azurelinux/base/core:3.0
FROM mcr.microsoft.com/azurelinux/base/core@sha256:9948138108a3d69f1dae62104599ac03132225c3b7a5ac57b85a214629c8567d AS mariner-core

# mcr.microsoft.com/azurelinux/distroless/minimal:3.0
FROM mcr.microsoft.com/azurelinux/distroless/minimal@sha256:0801b80a0927309572b9adc99bd1813bc680473175f6e8175cd4124d95dbd50c AS mariner-distroless

FROM mariner-core AS iptables
RUN tdnf install -y iptables

FROM mariner-distroless AS linux
ARG ARTIFACT_DIR
COPY --from=iptables /usr/sbin/*tables* /usr/sbin/
COPY --from=iptables /usr/lib /usr/lib
COPY ${ARTIFACT_DIR}/bin/azure-iptables-monitor /azure-iptables-monitor

ENTRYPOINT ["/azure-iptables-monitor"]
4 changes: 4 additions & 0 deletions .pipelines/build/ob-prepare.steps.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -62,6 +62,10 @@ steps:
echo "##vso[task.setvariable variable=azureIpMasqMergerVersion;isOutput=true]$AZUREIPMASQMERGERVERSION"
echo "azureIpMasqMergerVersion: $AZUREIPMASQMERGERVERSION"

AZUREIPTABLESMONITORVERSION=$(make azure-iptables-monitor-version)
echo "##vso[task.setvariable variable=azureIptablesMonitorVersion;isOutput=true]$AZUREIPTABLESMONITORVERSION"
echo "azureIptablesMonitorVersion: $AZUREIPTABLESMONITORVERSION"

CNIVERSION=$(make cni-version)
echo "##vso[task.setvariable variable=cniVersion;isOutput=true]$CNIVERSION"
echo "cniVersion: $CNIVERSION"
Expand Down
18 changes: 18 additions & 0 deletions .pipelines/build/scripts/azure-iptables-monitor.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,18 @@
#!/bin/bash
set -eux

[[ $OS =~ windows ]] && { echo "azure-iptables-monitor is not supported on Windows"; exit 1; }
FILE_EXT=''

export CGO_ENABLED=0

mkdir -p "$OUT_DIR"/bin
mkdir -p "$OUT_DIR"/files

pushd "$REPO_ROOT"/azure-iptables-monitor
GOOS="$OS" go build -v -a -trimpath \
-o "$OUT_DIR"/bin/azure-iptables-monitor"$FILE_EXT" \
-ldflags "-s -w -X github.com/Azure/azure-container-networking/azure-iptables-monitor/internal/buildinfo.Version=$AZURE_IPTABLES_MONITOR_VERSION -X main.version=$AZURE_IPTABLES_MONITOR_VERSION" \
-gcflags="-dwarflocationlists=true" \
.
popd
11 changes: 11 additions & 0 deletions .pipelines/pipeline.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -125,6 +125,10 @@ stages:
arch: amd64
name: azure-ip-masq-merger
os: linux
azure_iptables_monitor_linux_amd64:
arch: amd64
name: azure-iptables-monitor
os: linux
cni_linux_amd64:
arch: amd64
name: cni
Expand Down Expand Up @@ -174,6 +178,10 @@ stages:
arch: arm64
name: azure-ip-masq-merger
os: linux
azure_iptables_monitor_linux_arm64:
arch: arm64
name: azure-iptables-monitor
os: linux
cni_linux_arm64:
arch: arm64
name: cni
Expand Down Expand Up @@ -228,6 +236,9 @@ stages:
azure_ip_masq_merger:
name: azure-ip-masq-merger
platforms: linux/amd64 linux/arm64
azure_iptables_monitor:
name: azure-iptables-monitor
platforms: linux/amd64 linux/arm64
steps:
- template: containers/manifest-template.yaml
parameters:
Expand Down
26 changes: 26 additions & 0 deletions .pipelines/run-pipeline.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -38,6 +38,7 @@ stages:
IMAGE_REPO_PATH: $[ stageDependencies.setup.env.outputs['EnvironmentalVariables.imageRepositoryPath'] ]
AZURE_IPAM_VERSION: $[ stageDependencies.setup.env.outputs['EnvironmentalVariables.azureIpamVersion'] ]
AZURE_IP_MASQ_MERGER_VERSION: $[ stageDependencies.setup.env.outputs['EnvironmentalVariables.azureIpMasqMergerVersion'] ]
AZURE_IPTABLES_MONITOR_VERSION: $[ stageDependencies.setup.env.outputs['EnvironmentalVariables.azureIptablesMonitorVersion'] ]
CNI_VERSION: $[ stageDependencies.setup.env.outputs['EnvironmentalVariables.cniVersion'] ]
CNS_VERSION: $[ stageDependencies.setup.env.outputs['EnvironmentalVariables.cnsVersion'] ]
IPV6_HP_BPF_VERSION: $[ stageDependencies.setup.env.outputs['EnvironmentalVariables.ipv6HpBpfVersion'] ]
Expand Down Expand Up @@ -68,6 +69,12 @@ stages:
archiveName: azure-ip-masq-merger
archiveVersion: $(AZURE_IP_MASQ_MERGER_VERSION)
imageTag: $(Build.BuildNumber)
azure_iptables_monitor:
name: azure-iptables-monitor
extraArgs: ''
archiveName: azure-iptables-monitor
archiveVersion: $(AZURE_IPTABLES_MONITOR_VERSION)
imageTag: $(Build.BuildNumber)
cni:
name: cni
extraArgs: '--build-arg CNI_AI_PATH=$(CNI_AI_PATH) --build-arg CNI_AI_ID=$(CNI_AI_ID)'
Expand Down Expand Up @@ -152,6 +159,12 @@ stages:
archiveName: azure-ip-masq-merger
archiveVersion: $(AZURE_IP_MASQ_MERGER_VERSION)
imageTag: $(Build.BuildNumber)
azure_iptables_monitor:
name: azure-iptables-monitor
extraArgs: ''
archiveName: azure-iptables-monitor
archiveVersion: $(AZURE_IPTABLES_MONITOR_VERSION)
imageTag: $(Build.BuildNumber)
cni:
name: cni
extraArgs: '--build-arg CNI_AI_PATH=$(CNI_AI_PATH) --build-arg CNI_AI_ID=$(CNI_AI_ID)'
Expand Down Expand Up @@ -190,6 +203,7 @@ stages:

AZURE_IPAM_VERSION: $[ stageDependencies.setup.env.outputs['EnvironmentalVariables.azureIpamVersion'] ]
AZURE_IP_MASQ_MERGER_VERSION: $[ stageDependencies.setup.env.outputs['EnvironmentalVariables.azureIpMasqMergerVersion'] ]
AZURE_IPTABLES_MONITOR_VERSION: $[ stageDependencies.setup.env.outputs['EnvironmentalVariables.azureIptablesMonitorVersion'] ]
CNI_VERSION: $[ stageDependencies.setup.env.outputs['EnvironmentalVariables.cniVersion'] ]
CNS_VERSION: $[ stageDependencies.setup.env.outputs['EnvironmentalVariables.cnsVersion'] ]
IPV6_HP_BPF_VERSION: $[ stageDependencies.setup.env.outputs['EnvironmentalVariables.ipv6HpBpfVersion'] ]
Expand All @@ -202,6 +216,9 @@ stages:
IP_MASQ_MERGER_LINUX_AMD64_REF: $(IMAGE_REPO_PATH)/linux-amd64/azure-ip-masq-merger:$(Build.BuildNumber)
IP_MASQ_MERGER_LINUX_ARM64_REF: $(IMAGE_REPO_PATH)/linux-arm64/azure-ip-masq-merger:$(Build.BuildNumber)

IPTABLES_MONITOR_LINUX_AMD64_REF: $(IMAGE_REPO_PATH)/linux-amd64/azure-iptables-monitor:$(Build.BuildNumber)
IPTABLES_MONITOR_LINUX_ARM64_REF: $(IMAGE_REPO_PATH)/linux-arm64/azure-iptables-monitor:$(Build.BuildNumber)

CNI_LINUX_AMD64_REF: $(IMAGE_REPO_PATH)/linux-amd64/cni:$(Build.BuildNumber)
CNI_LINUX_ARM64_REF: $(IMAGE_REPO_PATH)/linux-arm64/cni:$(Build.BuildNumber)
CNI_WINDOWS_AMD64_REF: $(IMAGE_REPO_PATH)/windows-amd64/cni:$(Build.BuildNumber)
Expand Down Expand Up @@ -241,6 +258,15 @@ stages:
imageReference: $(IP_MASQ_MERGER_LINUX_AMD64_REF)
- platform: linux/arm64
imageReference: $(IP_MASQ_MERGER_LINUX_ARM64_REF)
- job: azure_iptables_monitor
templateContext:
name: azure-iptables-monitor
image_tag: $(AZURE_IPTABLES_MONITOR_VERSION)
platforms:
- platform: linux/amd64
imageReference: $(IPTABLES_MONITOR_LINUX_AMD64_REF)
- platform: linux/arm64
imageReference: $(IPTABLES_MONITOR_LINUX_ARM64_REF)
- job: cni
templateContext:
name: cni
Expand Down
2 changes: 1 addition & 1 deletion azure-iptables-monitor/Dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,7 @@ ARG OS
ARG VERSION
WORKDIR /azure-iptables-monitor
COPY ./azure-iptables-monitor .
RUN GOOS=$OS CGO_ENABLED=0 go build -a -o /go/bin/iptables-monitor -trimpath -ldflags "-X main.version="$VERSION"" -gcflags="-dwarflocationlists=true" .
RUN GOOS=$OS CGO_ENABLED=0 go build -a -o /go/bin/iptables-monitor -trimpath -ldflags "-s -w -X main.version="$VERSION"" -gcflags="-dwarflocationlists=true" .

FROM mariner-core AS iptables
RUN tdnf install -y iptables
Expand Down
Loading