Skip to content

Commit

Permalink
Sync to upstream: Keep cbl-mariner for pkg/blobplugin/Dockerfile
Browse files Browse the repository at this point in the history
  • Loading branch information
Stephen Mkandawire committed Dec 4, 2023
1 parent 6fb7911 commit 97ab8d1
Show file tree
Hide file tree
Showing 3 changed files with 12 additions and 31 deletions.
37 changes: 6 additions & 31 deletions pkg/blobplugin/Dockerfile
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@
# See the License for the specific language governing permissions and
# limitations under the License.

FROM registry.k8s.io/build-image/debian-base:bookworm-v1.0.0
FROM mcr.microsoft.com/cbl-mariner/base/core:2.0

ARG ARCH=amd64
ARG binary=./_output/${ARCH}/blobplugin
Expand All @@ -21,44 +21,19 @@ COPY ${binary} /blobplugin
RUN mkdir /blobfuse-proxy/

COPY ./pkg/blobfuse-proxy/init.sh /blobfuse-proxy/
COPY ./pkg/blobfuse-proxy/install-proxy-ubuntu.sh /blobfuse-proxy/
COPY ./pkg/blobfuse-proxy/install-proxy-rhcos.sh /blobfuse-proxy/
COPY ./pkg/blobfuse-proxy/install-proxy-mariner.sh /blobfuse-proxy/
COPY ./pkg/blobfuse-proxy/blobfuse-proxy.service /blobfuse-proxy/
COPY ./_output/${ARCH}/blobfuse-proxy /blobfuse-proxy/

RUN chmod +x /blobfuse-proxy/init.sh && \
chmod +x /blobfuse-proxy/install-proxy-ubuntu.sh && \
chmod +x /blobfuse-proxy/install-proxy-rhcos.sh && \
chmod +x /blobfuse-proxy/install-proxy-mariner.sh && \
chmod +x /blobfuse-proxy/blobfuse-proxy.service && \
chmod +x /blobfuse-proxy/blobfuse-proxy

# packages that are only needed by aznfs: procps conntrack iptables bind9-host iproute2 bash netcat sysvinit-utils.
RUN apt update && apt upgrade -y && apt-mark unhold libcap2 && clean-install ca-certificates uuid-dev util-linux mount udev wget e2fsprogs nfs-common netbase procps conntrack iptables bind9-host iproute2 bash netcat-traditional sysvinit-utils kmod
# Currently no CBL-Mariner image with fix for "curl"/"zlib" CVE-2023-38545/CVE-2023-38546/CVE-2023-45853.
# So, temporarily do update here. Remove "curl"/"zlib" when image is updated.
RUN tdnf updateinfo && \
tdnf install -y util-linux e2fsprogs nfs-utils quota-rpc rpcbind blobfuse2 fuse3 libcap-ng libcap ca-certificates curl zlib && \
tdnf clean all

# install aznfs
RUN if [ "$ARCH" = "amd64" ] ; then \
wget -O aznfs.tar.gz https://github.com/Azure/AZNFS-mount/releases/download/1.0.8/aznfs-1.0.8-1.x86_64.tar.gz; \
else \
wget -O aznfs.tar.gz https://github.com/Azure/AZNFS-mount/releases/download/1.0.8/aznfs-1.0.8-1.arm64.tar.gz;fi
RUN tar xvzf aznfs.tar.gz -C / --keep-directory-symlink && rm aznfs.tar.gz

# install azcopy
ARG azcopyURL=https://azcopyvnext.azureedge.net/releases/release-10.21.2-20231106/azcopy_linux_amd64_10.21.2.tar.gz
RUN if [ "$ARCH" == "arm64" ] ; then \
azcopyURL=https://azcopyvnext.azureedge.net/releases/release-10.21.2-20231106/azcopy_linux_arm64_10.21.2.tar.gz; fi
RUN wget -O azcopy.tar.gz ${azcopyURL} && \
tar xvzf azcopy.tar.gz -C . && rm azcopy.tar.gz && \
mv ./azcopy_linux_$ARCH_*/azcopy /usr/local/bin/azcopy && \
rm -rf ./azcopy_linux_$ARCH_*
RUN chmod +x /usr/local/bin/azcopy

RUN if [ "$ARCH" = "amd64" ] ; then \
clean-install libcurl4-gnutls-dev && \
wget -O /blobfuse-proxy/packages-microsoft-prod-22.04.deb https://packages.microsoft.com/config/ubuntu/22.04/packages-microsoft-prod.deb && \
wget -O /blobfuse-proxy/packages-microsoft-prod-18.04.deb https://packages.microsoft.com/config/ubuntu/18.04/packages-microsoft-prod.deb && \
dpkg -i /blobfuse-proxy/packages-microsoft-prod-18.04.deb && apt update && apt install blobfuse blobfuse2 fuse -y && apt remove wget -y; fi
LABEL maintainers="andyzhangx"
LABEL description="Azure Blob Storage CSI driver"

Expand Down
3 changes: 3 additions & 0 deletions pkg/edgecache/manager.go
Original file line number Diff line number Diff line change
Expand Up @@ -145,8 +145,11 @@ func (m *Manager) MountVolume(account string, container string, suffix string, t
}, m.mountEndpoint)
}

//revive:disable:unused-parameter
func (m *Manager) UnmountVolume(volumeID string, targetPath string) error {
return m.callWithConnection(func(conn grpc.ClientConnInterface) error {
return sendUnmount(csi_mounts.NewCSIMountsClient(conn), targetPath)
}, m.mountEndpoint)
}

//revive:enable:unused-parameter
3 changes: 3 additions & 0 deletions pkg/util/pvutil_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -71,11 +71,14 @@ func pv() *v1.PersistentVolume {
}
}

//revive:disable:unused-parameter
func conflictError(action kubetesting.Action) (bool, runtime.Object, error) {
conflictError := kuberrors.NewApplyConflict([]metav1.StatusCause{}, "OperationNotPermitted")
return true, nil, conflictError
}

//revive:enable:unused-parameter

func TestGetPVByVolumeID(t *testing.T) {
t.Run("ListFail", func(t *testing.T) {
client := fake.NewSimpleClientset()
Expand Down

0 comments on commit 97ab8d1

Please sign in to comment.