From d39e36db714061beadbc41a940d6cb3797c278e5 Mon Sep 17 00:00:00 2001
From: Will Daly <wedaly@users.noreply.github.com>
Date: Mon, 4 Nov 2024 14:20:48 -0800
Subject: [PATCH] feat: add retina-shell image for Linux (#928)

# Description

Build a new image retina-shell for adhoc network debugging on Linux
nodes/pods.

## Related Issue

https://github.com/microsoft/retina/issues/910

## Checklist

- [x] I have read the [contributing
documentation](https://retina.sh/docs/contributing).
- [x] I signed and signed-off the commits (`git commit -S -s ...`). See
[this
documentation](https://docs.github.com/en/authentication/managing-commit-signature-verification/about-commit-signature-verification)
on signing commits.
- [x] I have correctly attributed the author(s) of the code.
- [x] I have tested the changes locally.
- [x] I have followed the project's style guidelines.
- [x] I have updated the documentation, if necessary.
- [x] I have added tests, if applicable.

## Screenshots (if applicable) or Testing Completed

Tested building with the following commands:
```
IMAGE_REGISTRY=widalytest.azurecr.io BUILDX_ACTION=--push PLATFORM=linux/amd64 make retina-shell-image
IMAGE_REGISTRY=widalytest.azurecr.io BUILDX_ACTION=--push PLATFORM=linux/arm64 make retina-shell-image
IMAGE_REGISTRY=widalytest.azurecr.io BUILDX_ACTION=--push make manifest-shell-image
```

Then ran it locally:
<img width="779" alt="image"
src="https://github.com/user-attachments/assets/7a6b0163-aa90-48b1-815a-99e64a042a25">


## Additional Notes

There are two issues with the AzLinux 3 base image that should be fixed
in the upcoming AzLinux3 release. See comments in the Dockerfile for
details.

---

Please refer to the [CONTRIBUTING.md](../CONTRIBUTING.md) file for more
information on how to contribute to this project.

Signed-off-by: Will Daly <widaly@microsoft.com>
---
 Makefile         | 19 +++++++++++++++++++
 shell/Dockerfile | 31 +++++++++++++++++++++++++++++++
 2 files changed, 50 insertions(+)
 create mode 100644 shell/Dockerfile

diff --git a/Makefile b/Makefile
index 675a91aba7..c4934a7a9e 100644
--- a/Makefile
+++ b/Makefile
@@ -191,6 +191,7 @@ RETINA_TOOLS_IMAGE				= $(IMAGE_NAMESPACE)/retina-tools
 RETINA_IMAGE 					= $(IMAGE_NAMESPACE)/retina-agent
 RETINA_INIT_IMAGE				= $(IMAGE_NAMESPACE)/retina-init
 RETINA_OPERATOR_IMAGE			= $(IMAGE_NAMESPACE)/retina-operator
+RETINA_SHELL_IMAGE				= $(IMAGE_NAMESPACE)/retina-shell
 RETINA_INTEGRATION_TEST_IMAGE	= $(IMAGE_NAMESPACE)/retina-integration-test
 RETINA_PROTO_IMAGE				= $(IMAGE_NAMESPACE)/retina-proto-gen
 RETINA_GO_GEN_IMAGE				= $(IMAGE_NAMESPACE)/retina-go-gen
@@ -307,6 +308,18 @@ retina-operator-image:  ## build the retina linux operator image.
 			APP_INSIGHTS_ID=$(APP_INSIGHTS_ID) \
 			CONTEXT_DIR=$(REPO_ROOT)
 
+retina-shell-image:
+	echo "Building for $(PLATFORM)"
+	set -e ; \
+	$(MAKE) container-$(CONTAINER_BUILDER) \
+			PLATFORM=$(PLATFORM) \
+			DOCKERFILE=shell/Dockerfile \
+			REGISTRY=$(IMAGE_REGISTRY) \
+			IMAGE=$(RETINA_SHELL_IMAGE) \
+			VERSION=$(TAG) \
+			TAG=$(RETINA_PLATFORM_TAG) \
+			CONTEXT_DIR=$(REPO_ROOT)
+
 kapinger-image: 
 	docker buildx build --builder retina --platform windows/amd64 --target windows-amd64 -t $(IMAGE_REGISTRY)/$(KAPINGER_IMAGE):$(TAG)-windows-amd64  ./hack/tools/kapinger/ --push
 	docker buildx build --builder retina --platform linux/amd64 --target linux-amd64 -t $(IMAGE_REGISTRY)/$(KAPINGER_IMAGE):$(TAG)-linux-amd64  ./hack/tools/kapinger/ --push
@@ -347,12 +360,18 @@ manifest-operator-image: ## create a multiplatform manifest for the operator ima
 	$(eval FULL_IMAGE_NAME=$(IMAGE_REGISTRY)/$(RETINA_OPERATOR_IMAGE):$(TAG))
 	docker buildx imagetools create -t $(FULL_IMAGE_NAME) $(foreach platform,linux/amd64, $(FULL_IMAGE_NAME)-$(subst /,-,$(platform)))
 
+manifest-shell-image:
+	$(eval FULL_IMAGE_NAME=$(IMAGE_REGISTRY)/$(RETINA_SHELL_IMAGE):$(TAG))
+	docker buildx imagetools create -t $(FULL_IMAGE_NAME) $(foreach platform,linux/amd64 linux/arm64, $(FULL_IMAGE_NAME)-$(subst /,-,$(platform)))
+
 manifest:
 	echo "Building for $(COMPONENT)"
 	if [ "$(COMPONENT)" = "retina" ]; then \
 		$(MAKE) manifest-retina-image; \
 	elif [ "$(COMPONENT)" = "operator" ]; then \
 		$(MAKE) manifest-operator-image; \
+	elif [ "$(COMPONENT)" = "shell" ]; then \
+		$(MAKE) manifest-shell-image; \
 	fi
 
 ##@ Tests
diff --git a/shell/Dockerfile b/shell/Dockerfile
new file mode 100644
index 0000000000..84cde72a6d
--- /dev/null
+++ b/shell/Dockerfile
@@ -0,0 +1,31 @@
+# mcr.microsoft.com/azurelinux/base/core:3.0.20241005
+FROM mcr.microsoft.com/azurelinux/base/core@sha256:7ec490b605aac8a44aed0b0695b0ee6ae976ec898afd9ac8d5613d7f3ce2b07b
+
+# There are a two known issues with Azure Linux 3.0.20241005 that affect this image:
+# 1. `iptables-nft` binary is not yet installed, but will be fixed by https://github.com/microsoft/azurelinux/pull/10786
+#    Until then, use `nft` to view nftables rules.
+# 2. `nslookup` and `bind` print an error "Algorithm not supported by SCOSSL" (but still complete successfully).
+#    This will be fixed by https://github.com/microsoft/SymCrypt-OpenSSL/pull/92
+RUN tdnf install -y \
+	bind-utils \
+	bpftool \
+	bpftrace \
+	conntrack \
+	curl \
+	ebtables-legacy \
+	iperf3 \
+	iproute \
+	ipset \
+	iptables \
+	iputils \
+	ldns-utils \
+	net-tools \
+	nftables \
+	nmap \
+	openssh \
+	socat \
+	tcpdump \
+	wget \
+	&& tdnf clean all
+
+CMD ["/bin/bash"]