-
Notifications
You must be signed in to change notification settings - Fork 26
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
feat(container): make chaos GBI compliant (#734)
- Loading branch information
Showing
28 changed files
with
356 additions
and
277 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,7 +1,13 @@ | ||
FROM scratch as handler | ||
|
||
ARG TARGETARCH | ||
|
||
COPY handler_${TARGETARCH} /usr/local/bin/handler | ||
|
||
ENTRYPOINT ["/usr/local/bin/handler"] | ||
|
||
LABEL baseimage.os="scratch" | ||
LABEL baseimage.isgbi="scratch" | ||
LABEL baseimage.name="scratch" | ||
|
||
ARG BUILDSTAMP | ||
LABEL baseimage.buildstamp="${BUILDSTAMP}" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,16 +1,48 @@ | ||
FROM ubuntu:22.10 as injector | ||
FROM ubuntu:22.10 as binaries | ||
|
||
RUN apt-get update && \ | ||
# iproute2 => tc | ||
# coreutils => df | ||
# iptables => iptables libs | ||
# libelf1 => EBPF libs | ||
apt-get -y install --no-install-recommends iproute2 coreutils iptables libelf1 tree && \ | ||
# make copy from binaries unified and possible | ||
mkdir -p /lib64 | ||
|
||
FROM gcr.io/distroless/python3-debian11:latest | ||
|
||
# binaries used by the chaos-injector, ran as commmands | ||
COPY --from=binaries /usr/bin/df /usr/bin/ls /usr/bin/test /usr/bin/ | ||
COPY --from=binaries /usr/sbin/iptables /usr/sbin/ | ||
COPY --from=binaries /sbin/tc /sbin/tc | ||
|
||
# libraries used by above mentioned binaries (mostly GLIBC related) | ||
COPY --from=binaries /lib/ld-linux-aarch64.so.[1] /lib/ | ||
COPY --from=binaries /lib64/ld-linux-x86-64.so.[2] /lib64/ | ||
COPY --from=binaries /lib/tc /lib/tc/ | ||
COPY --from=binaries /usr/lib/tc /usr/lib/tc/ | ||
COPY --from=binaries /lib/aarch64-linux-gn[u] /lib/aarch64-linux-gnu/ | ||
COPY --from=binaries /lib/x86_64-linux-gn[u] /lib/x86_64-linux-gnu/ | ||
COPY --from=binaries /usr/lib/aarch64-linux-gn[u] /usr/lib/aarch64-linux-gnu/ | ||
COPY --from=binaries /usr/lib/x86_64-linux-gn[u] /usr/lib/x86_64-linux-gnu/ | ||
|
||
# no more sh | ||
COPY --from=binaries /usr/bin/test /bin/sh | ||
|
||
ARG TARGETARCH | ||
ENV BPF_DISK_FAILURE_NAME "bpf-disk-failure-${TARGETARCH}" | ||
|
||
RUN apt-get update && \ | ||
apt-get -y install curl git gcc iproute2 coreutils python3 iptables libelf1 | ||
|
||
COPY injector_${TARGETARCH} /usr/local/bin/chaos-injector | ||
COPY injector_${TARGETARCH} /usr/local/bin/injector | ||
|
||
COPY dns_disruption_resolver.py /usr/local/bin/dns_disruption_resolver.py | ||
COPY ebpf/ /usr/local/bin/ | ||
|
||
# create a symlink to not break if anyone used explicitly injector somewhere | ||
RUN ln -s /usr/local/bin/chaos-injector /usr/local/bin/injector | ||
|
||
ENTRYPOINT ["/usr/local/bin/chaos-injector"] | ||
|
||
LABEL baseimage.os="debian" | ||
LABEL baseimage.isgbi="custom" | ||
LABEL baseimage.name="gcr.io/distroless/python3-debian11:latest" | ||
|
||
ARG BUILDSTAMP | ||
LABEL baseimage.buildstamp="${BUILDSTAMP}" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,9 +1,19 @@ | ||
FROM golang:1.18-alpine | ||
|
||
RUN addgroup -S appgroup && adduser -S appuser -G appgroup | ||
USER appuser | ||
ARG BUILDGOVERSION | ||
FROM golang:${BUILDGOVERSION} as go | ||
FROM gcr.io/distroless/base-debian11:nonroot | ||
|
||
ARG TARGETARCH | ||
COPY manager_${TARGETARCH} /usr/local/bin/manager | ||
|
||
# COPY go runtime as it's needed by ddmark to dynamically load structs and their associated markers | ||
COPY --from=go /usr/local/go /usr/local/go/ | ||
COPY --from=go /usr/local/go/bin /usr/local/bin/ | ||
|
||
ENTRYPOINT ["/usr/local/bin/manager"] | ||
|
||
LABEL baseimage.os="debian" | ||
LABEL baseimage.isgbi="custom" | ||
LABEL baseimage.name="gcr.io/distroless/base-debian11:nonroot" | ||
|
||
ARG BUILDSTAMP | ||
LABEL baseimage.buildstamp="${BUILDSTAMP}" |
Oops, something went wrong.