Add dropgz module for CNI installer

.github/dependabot.yaml

@@ -47,14 +47,21 @@ updates:
     - "azure/azure-sdn-members"
   commit-message:
     prefix: "deps"
+- package-ecosystem: "gomod"
+  directory: "/dropgz"
+  schedule:
+    interval: "daily"
+  assignees:
+    - "matmerr"
+    - "rbtr"
+  commit-message:
+    prefix: "deps"
 - package-ecosystem: "gomod"
   directory: "/zapai"
   schedule:
     interval: "daily"
   assignees:
     - "matmerr"
     - "rbtr"
-  reviewers:
-    - "azure/azure-sdn-members"
   commit-message:
     prefix: "deps"

.pipelines/pipeline.yaml

@@ -150,14 +150,22 @@ stages:
           name: "$(BUILD_POOL_NAME_DEFAULT)"
         strategy:
           matrix:
-            cni_manager_linux_amd64:
+            acncli_linux_amd64:
               arch: amd64
               os: linux
-              name: cni-manager
-            cni_manager_linux_arm64:
+              name: acncli
+            acncli_linux_arm64:
               arch: arm64
               os: linux
-              name: cni-manager
+              name: acncli
+            cni_dropgz_linux_amd64:
+              arch: amd64
+              os: linux
+              name: cni-dropgz
+            cni_dropgz_linux_arm64:
+              arch: arm64
+              os: linux
+              name: cni-dropgz
             cns_linux_amd64:
               arch: amd64
               os: linux
@@ -216,8 +224,11 @@ stages:
           name: "$(BUILD_POOL_NAME_DEFAULT)"
         strategy:
           matrix:
-            cni-manager:
-              name: cni-manager
+            acncli:
+              name: acncli 
+              platforms: linux/amd64 linux/arm64
+            cni_dropgz:
+              name: cni-dropgz
               platforms: linux/amd64 linux/arm64
             cns:
               name: cns

Makefile

@@ -81,15 +81,15 @@ CNI_BAREMETAL_ARCHIVE_NAME = azure-vnet-cni-baremetal-$(GOOS)-$(GOARCH)-$(VERSIO
 CNS_ARCHIVE_NAME = azure-cns-$(GOOS)-$(GOARCH)-$(VERSION).$(ARCHIVE_EXT)
 NPM_ARCHIVE_NAME = azure-npm-$(GOOS)-$(GOARCH)-$(VERSION).$(ARCHIVE_EXT)
 NPM_IMAGE_INFO_FILE = azure-npm-$(VERSION).txt
-CNI_IMAGE_ARCHIVE_NAME = azure-cni-manager-$(GOOS)-$(GOARCH)-$(VERSION).$(ARCHIVE_EXT)
-CNI_IMAGE_INFO_FILE = azure-cni-manager-$(VERSION).txt
+CNIDROPGZ_IMAGE_ARCHIVE_NAME = cni-dropgz-$(GOOS)-$(GOARCH)-$(VERSION).$(ARCHIVE_EXT)
+CNIDROPGZ_IMAGE_INFO_FILE = cni-dropgz-$(VERSION).txt
 CNS_IMAGE_INFO_FILE = azure-cns-$(VERSION).txt
 
 # Docker libnetwork (CNM) plugin v2 image parameters.
 CNM_PLUGIN_IMAGE ?= microsoft/azure-vnet-plugin
 CNM_PLUGIN_ROOTFS = azure-vnet-plugin-rootfs
 
-VERSION ?= $(shell git describe --tags --always --dirty)
+VERSION ?= $(shell git describe --exclude "zapai*" --tags --always --dirty)
 
 # Default target
 all-binaries-platforms: ## Make all platform binaries
@@ -101,7 +101,7 @@ all-binaries-platforms: ## Make all platform binaries
 
 # OS specific binaries/images
 ifeq ($(GOOS),linux)
-all-binaries: azure-cnm-plugin azure-cni-plugin azure-cns azure-npm
+all-binaries: acncli azure-cnm-plugin azure-cni-plugin azure-cns azure-npm
 all-images: npm-image cns-image cni-manager-image
 else
 all-binaries: azure-cnm-plugin azure-cni-plugin azure-cns azure-npm
@@ -156,9 +156,10 @@ azure-npm-binary:
 
 ##@ Containers
 
-CNI_IMAGE = azure-cni-manager
-CNS_IMAGE = azure-cns
-NPM_IMAGE = azure-npm
+ACNCLI_IMAGE    = acncli
+CNIDROPGZ_IMAGE = cni-dropgz
+CNS_IMAGE       = azure-cns
+NPM_IMAGE       = azure-npm
 
 TAG               ?= $(VERSION)
 IMAGE_REGISTRY    ?= acnpublic.azurecr.io
@@ -213,33 +214,60 @@ container-info: # util target to write container info file. do not invoke direct
 	sudo chown -R $$(whoami) $(IMAGE_DIR) 
 	sudo chmod -R 777 $(IMAGE_DIR)
 
-cni-manager-image-name: # util target to print the CNI manager image name.
-	@echo $(CNI_IMAGE)
+acncli-image-name: # util target to print the CNI manager image name.
+	@echo $(ACNCLI_IMAGE)
 
-cni-manager-image: ## build cni-manager container image.
+acncli-image: ## build cni-manager container image.
 	$(MAKE) containerize-$(CONTAINER_BUILDER) \
 		PLATFORM=$(PLATFORM) \
 		DOCKERFILE=tools/acncli/Dockerfile \
 		REGISTRY=$(IMAGE_REGISTRY) \
-		IMAGE=$(CNI_IMAGE) \
-		EXTRA_BUILD_ARGS='--build-arg PLATFORM=$(OS)_$(ARCH)' \
+		IMAGE=$(ACNCLI_IMAGE) \
+		TAG=$(TAG)
+
+acncli-image-info: # util target to write cni-manager container info file.
+	$(MAKE) container-info IMAGE=$(ACNCLI_IMAGE) TAG=$(TAG) FILE=$(ACNCLI_IMAGE_INFO_FILE)
+
+acncli-image-push: ## push cni-manager container image.
+	$(MAKE) container-push \
+		PLATFORM=$(PLATFORM) \
+		REGISTRY=$(IMAGE_REGISTRY) \
+		IMAGE=$(ACNCLI_IMAGE) \
+		TAG=$(TAG)
+
+acncli-image-pull: ## pull cni-manager container image.
+	$(MAKE) container-pull \
+		PLATFORM=$(PLATFORM) \
+		REGISTRY=$(IMAGE_REGISTRY) \
+		IMAGE=$(ACNCLI_IMAGE) \
 		TAG=$(TAG)
 
-cni-manager-image-info: # util target to write cni-manager container info file.
-	$(MAKE) container-info IMAGE=$(CNI_IMAGE) TAG=$(TAG) FILE=$(CNI_IMAGE_INFO_FILE)
+cni-dropgz-image-name: # util target to print the CNI dropgz image name.
+	@echo $(CNIDROPGZ_IMAGE)
+
+cni-dropgz-image: ## build cni-dropgz container image.
+	$(MAKE) containerize-$(CONTAINER_BUILDER) \
+		PLATFORM=$(PLATFORM) \
+		DOCKERFILE=dropgz/build/cni.Dockerfile \
+		REGISTRY=$(IMAGE_REGISTRY) \
+		IMAGE=$(CNIDROPGZ_IMAGE) \
+		TAG=$(TAG)
 
-cni-manager-image-push: ## push cni-manager container image.
+cni-dropgz-image-info: # util target to write cni-dropgz container info file.
+	$(MAKE) container-info IMAGE=$(CNIDROPGZ_IMAGE) TAG=$(TAG) FILE=$(CNIDROPGZ_IMAGE_INFO_FILE)
+
+cni-dropgz-image-push: ## push cni-dropgz container image.
 	$(MAKE) container-push \
 		PLATFORM=$(PLATFORM) \
 		REGISTRY=$(IMAGE_REGISTRY) \
-		IMAGE=$(CNI_IMAGE) \
+		IMAGE=$(CNIDROPGZ_IMAGE) \
 		TAG=$(TAG)
 
-cni-manager-image-pull: ## pull cni-manager container image.
+cni-dropgz-image-pull: ## pull cni-dropgz container image.
 	$(MAKE) container-pull \
 		PLATFORM=$(PLATFORM) \
 		REGISTRY=$(IMAGE_REGISTRY) \
-		IMAGE=$(CNI_IMAGE) \
+		IMAGE=$(CNIDROPGZ_IMAGE) \
 		TAG=$(TAG)
 
 cns-image-name: # util target to print the CNS image name
@@ -362,10 +390,16 @@ multiarch-manifest-create: # util target to compose multiarch container manifest
 multiarch-manifest-push: # util target to push multiarch container manifest.
 	$(CONTAINER_BUILDER) manifest push --all $(IMAGE_REGISTRY)/$(IMAGE):$(TAG) docker://$(IMAGE_REGISTRY)/$(IMAGE):$(TAG)
 
-cni-manager-multiarch-manifest-create: ## build cni-manager multi-arch container manifest.
+acncli-multiarch-manifest-create: ## build acncli multi-arch container manifest.
+	$(MAKE) multiarch-manifest-create \
+		PLATFORMS="$(PLATFORMS)" \
+		IMAGE=$(ACNCLI_IMAGE) \
+		TAG=$(TAG)
+
+cni-dropgz-multiarch-manifest-create: ## build cni-dropgz multi-arch container manifest.
 	$(MAKE) multiarch-manifest-create \
 		PLATFORMS="$(PLATFORMS)" \
-		IMAGE=$(CNI_IMAGE) \
+		IMAGE=$(CNIDROPGZ_IMAGE) \
 		TAG=$(TAG)
 
 cns-multiarch-manifest-create: ## build azure-cns multi-arch container manifest.
@@ -481,8 +515,8 @@ workspace: ## Set up the Go workspace.
 	go work init
 	go work use .
 	go work use ./build/tools
+	go work use ./dropgz
 	go work use ./zapai
-	go work sync
 
 ##@ Test 
 

dropgz/build/cni.Dockerfile

@@ -0,0 +1,23 @@
+FROM mcr.microsoft.com/oss/go/microsoft/golang:1.18 AS azure-vnet
+ARG VERSION
+WORKDIR /azure-container-networking
+COPY . .
+RUN CGO_ENABLED=0 go build -a -o bin/azure-vnet -trimpath -ldflags "-X main.version="$VERSION"" -gcflags="-dwarflocationlists=true" cni/network/plugin/main.go
+
+FROM mcr.microsoft.com/cbl-mariner/base/core:2.0 AS compressor
+WORKDIR /dropgz
+COPY dropgz .
+COPY --from=azure-vnet /azure-container-networking/bin/* pkg/embed/fs
+COPY --from=azure-vnet /azure-container-networking/cni/*.conflist pkg/embed/fs
+RUN cd pkg/embed/fs/ && sha256sum * > sum.txt
+RUN gzip --verbose --best --recursive pkg/embed/fs && for f in pkg/embed/fs/*.gz; do mv -- "$f" "${f%%.gz}"; done
+
+FROM mcr.microsoft.com/oss/go/microsoft/golang:1.18 AS dropgz
+ARG VERSION
+WORKDIR /dropgz
+COPY --from=compressor /dropgz .
+RUN CGO_ENABLED=0 go build -a -o bin/dropgz -trimpath -ldflags "-X github.com/Azure/azure-container-networking/dropgz/internal/buildinfo.Version="$VERSION"" -gcflags="-dwarflocationlists=true" main.go
+
+FROM scratch
+COPY --from=dropgz /dropgz/bin/dropgz /dropgz
+ENTRYPOINT [ "/dropgz" ]

dropgz/cmd/payload.go

@@ -0,0 +1,126 @@
+package cmd
+
+import (
+	"fmt"
+
+	"github.com/Azure/azure-container-networking/dropgz/pkg/embed"
+	"github.com/Azure/azure-container-networking/dropgz/pkg/hash"
+	"github.com/pkg/errors"
+	"github.com/spf13/cobra"
+	"go.uber.org/zap"
+)
+
+// list subcommand
+var list = &cobra.Command{
+	Use: "list",
+	RunE: func(*cobra.Command, []string) error {
+		if err := setLogLevel(); err != nil {
+			return err
+		}
+		contents, err := embed.Contents()
+		if err != nil {
+			return err
+		}
+		for _, c := range contents {
+			fmt.Printf("\t%s\n", c)
+		}
+		return nil
+	},
+}
+
+func checksum(srcs, dests []string) error {
+	if len(srcs) != len(dests) {
+		return errors.Wrapf(embed.ErrArgsMismatched, "%d and %d", len(srcs), len(dests))
+	}
+	rc, err := embed.Extract("sum.txt")
+	if err != nil {
+		return errors.Wrap(err, "failed to extract checksum file")
+	}
+	defer rc.Close()
+
+	checksums, err := hash.Parse(rc)
+	if err != nil {
+		return errors.Wrap(err, "failed to parse checksums")
+	}
+	for i := range srcs {
+		valid, err := checksums.Check(srcs[i], dests[i])
+		if err != nil {
+			return errors.Wrapf(err, "failed to validate file at %s", dests[i])
+		}
+		if !valid {
+			return errors.Errorf("%s checksum validation failed", dests[i])
+		}
+	}
+	return nil
+}
+
+var (
+	skipVerify bool
+	outs       []string
+)
+
+// deploy subcommand
+var deploy = &cobra.Command{
+	Use: "deploy",
+	RunE: func(_ *cobra.Command, srcs []string) error {
+		if err := setLogLevel(); err != nil {
+			return err
+		}
+		if len(outs) == 0 {
+			outs = srcs
+		}
+		if len(srcs) != len(outs) {
+			return errors.Wrapf(embed.ErrArgsMismatched, "%d files, %d outputs", len(srcs), len(outs))
+		}
+		log := z.With(zap.Strings("sources", srcs), zap.Strings("outputs", outs), zap.String("cmd", "deploy"))
+		if err := embed.Deploy(log, srcs, outs); err != nil {
+			return errors.Wrapf(err, "failed to deploy %s", srcs)
+		}
+		log.Info("successfully wrote files")
+		if skipVerify {
+			return nil
+		}
+		if err := checksum(srcs, outs); err != nil {
+			return err
+		}
+		log.Info("verified file integrity")
+		return nil
+	},
+	Args: cobra.OnlyValidArgs,
+}
+
+// verify subcommand
+var verify = &cobra.Command{
+	Use: "verify",
+	RunE: func(_ *cobra.Command, srcs []string) error {
+		if err := setLogLevel(); err != nil {
+			return err
+		}
+		if len(outs) == 0 {
+			outs = srcs
+		}
+		if len(srcs) != len(outs) {
+			return errors.Wrapf(embed.ErrArgsMismatched, "%d sources, %d destinations", len(srcs), len(outs))
+		}
+		log := z.With(zap.Strings("sources", srcs), zap.Strings("outputs", outs), zap.String("cmd", "verify"))
+		if err := checksum(srcs, outs); err != nil {
+			return err
+		}
+		log.Info("verified files")
+		return nil
+	},
+	Args: cobra.OnlyValidArgs,
+}
+
+func init() {
+	root.AddCommand(list)
+
+	verify.ValidArgs, _ = embed.Contents()
+	verify.Flags().StringSliceVarP(&outs, "output", "o", []string{}, "output file path")
+	root.AddCommand(verify)
+
+	deploy.ValidArgs, _ = embed.Contents() // setting this after the command is initialized is required
+	deploy.Flags().BoolVar(&skipVerify, "skip-verify", false, "set to disable checksum validation")
+	deploy.Flags().StringSliceVarP(&outs, "output", "o", []string{}, "output file path")
+	root.AddCommand(deploy)
+}