fix: [NPM] [CVEs] [v1.5] Update Ubuntu Image to 24.04 and Revert Manual NPM Linux Dockerfile Package Installations #3679
Conversation
* removed all logs from npm dataplane (except error/warning logs) * removed all logs from npm controller (except error/warning logs) * restored logs that are ununused by current npm (v2) * removed test files * resolved comments * keep log related to reconciling chain placement when the chain is not in the right place * added bootup logs back * Removed two more noisy logs * Add loglevel config option when printing application insight logs * Updated all non-error/warning logs to commented out and with a vap TODO * fixed typo * small typo fix * updated configmap with loglevel * updated default value * added a default value for loglevel * fixed typo in json * removed comma * changed loglevel to info in configmap * add a short sleep in TestNetPolInBackgroundSkipAddAfterRemove * test remove dataplane changes to see if race condition fixes * Revert "test remove dataplane changes to see if race condition fixes" This reverts commit 08697eb. * test * Revert "test" This reverts commit 449c2af. * test * update dataplane to test if changes are flagged in race * added stop channels to unit tests to avoid race condtiions * add non noisy logs back * increased time * revert time change after RunPeriodicTasks * test with 1000 seconds * 5000 milliseconds * tweaked the delay * update to 1500 for defer * increased to 1500 * increase to 2000 * removed kubernetes
There was a problem hiding this comment.
Pull Request Overview
This PR reverts previous manual version-specific package installations in the NPM Linux Dockerfile now that the Ubuntu base image has been updated to resolve the CVEs.
- Removed explicit version constraints for libc-bin, libc6, libtasn1-6, and libgnutls30
- Continues to install other required packages (iptables, ipset, ca-certificates) without version pinning
|
/azp run Azure Container Networking PR |
|
/azp run NPM Conformance Tests |
|
/azp run NPM Scale Test |
|
Azure Pipelines successfully started running 1 pipeline(s). |
2 similar comments
|
Azure Pipelines successfully started running 1 pipeline(s). |
|
Azure Pipelines successfully started running 1 pipeline(s). |
rayaisaiah
changed the title
|
/azp run NPM Conformance Tests |
|
Azure Pipelines successfully started running 1 pipeline(s). |
|
/azp run NPM Conformance Tests |
|
Azure Pipelines successfully started running 1 pipeline(s). |
|
conformance passed on rerun: https://msazure.visualstudio.com/One/_build/results?buildId=125179648&view=results |
|
/azp run NPM Conformance Tests |
|
Azure Pipelines successfully started running 1 pipeline(s). |
github-merge-queue
bot
removed this pull request from the merge queue due to failed status checks
github-merge-queue
bot
removed this pull request from the merge queue due to failed status checks
github-merge-queue
bot
removed this pull request from the merge queue due to failed status checks
…age-installlations
|
/azp run Azure Container Networking PR |
|
Azure Pipelines successfully started running 1 pipeline(s). |
github-merge-queue
bot
removed this pull request from the merge queue due to failed status checks
rayaisaiah
changed the title
rayaisaiah
changed the title
|
/azp run Azure Container Networking PR |
|
/azp run NPM Conformance Tests |
|
Azure Pipelines successfully started running 1 pipeline(s). |
1 similar comment
|
Azure Pipelines successfully started running 1 pipeline(s). |
|
/azp run NPM Scale Test |
|
Azure Pipelines successfully started running 1 pipeline(s). |
|
Note: NPM on |
| @@ -6,8 +6,8 @@ WORKDIR /usr/local/src | |||
| COPY . . | |||
| RUN CGO_ENABLED=0 go build -v -o /usr/local/bin/azure-npm -ldflags "-X main.version="$VERSION" -X "$NPM_AI_PATH"="$NPM_AI_ID"" -gcflags="-dwarflocationlists=true" npm/cmd/*.go | |||
|
|
|||
| FROM mcr.microsoft.com/mirror/docker/library/ubuntu:20.04 | |||
| FROM mcr.microsoft.com/mirror/docker/library/ubuntu:24.04 | |||
There was a problem hiding this comment.
cyclonus run on the 24.04 image also failed quite a few tests (75% for first run 66% for second). because of this i think at a later time we should probably dedicate some cycles to seeing the iprule/ipset differences between the Ubuntu versions to see what is causing this drop. Maybe use Ubuntu 22.04?
There was a problem hiding this comment.
Queued a run directly from the cyclonus pipeline here: https://github.com/Azure/azure-container-networking/actions/runs/15448171797
There was a problem hiding this comment.
green on second run: https://github.com/Azure/azure-container-networking/actions/runs/15449432372
|
Passing the cyclonus-extended test on master: https://github.com/Azure/azure-container-networking/actions/runs/15539895740 Scale: https://msazure.visualstudio.com/One/_build/results?buildId=126046671&view=results |
Reason for Change:
Bumps the NPM Ubuntu base image version from
20.04to24.04as20.04is EOL and no longer supported (https://ubuntu.com/blog/ubuntu-20-04-lts-end-of-life-standard-support-is-coming-to-an-end-heres-how-to-prepare).Reverts manual package installations made to the NPM Linux dockerfile in: #3439 and #3461. These changes were made as NPM base image (Ubuntu) did not have the updated packages installed which lead to CVEs on the base image. Ubuntu has since been patched to have the CVEs resolved so there is no need to manually install the packages at a specific version.
Trivy scan of NPM linux with changes to dockerfile:
Issue Fixed:
Requirements:
Notes: