feat: add azure ip masq merger (#3737)

* add azure ip masq merger

merges ip masq agent configs into one configmap and outputs to a directory
adds the non masquerade ips list together and ORs the other flags together
if no configmap that starts with ip-masq exists, no merged configmap is output and any previously created merged configmap in the merged-config directory is deleted
this binary is separate from the rest of the repo similar to azure-ipam

* add azure ip masq merger make targets

ip masq merger is only meant to work on linux since ip masq agent only runs on linux

* add ip masq merger tests

rename ip masq merger to be consistent with other files
add golangci yml for linting
fix shadowing issues with err and use newer method to check file not found error
fix linter issues
use require for tests

* add make test for azure ip masq merger

tested

* add input output configuration

* update images to mariner 3.0

* update temp base to 3.0 and fix formatting

Author: QxBytes

Makefile

@@ -30,18 +30,20 @@ EXE_EXT 	= .exe
 endif
 
 # Interrogate the git repo and set some variables
-REPO_ROOT				?= $(shell git rev-parse --show-toplevel)
-REVISION				?= $(shell git rev-parse --short HEAD)
-ACN_VERSION				?= $(shell git describe --exclude "azure-ipam*" --exclude "dropgz*" --exclude "zapai*" --exclude "ipv6-hp-bpf*" --tags --always)
-IPV6_HP_BPF_VERSION		?= $(notdir $(shell git describe --match "ipv6-hp-bpf*" --tags --always))
-AZURE_IPAM_VERSION		?= $(notdir $(shell git describe --match "azure-ipam*" --tags --always))
-CNI_VERSION				?= $(ACN_VERSION)
-CNS_VERSION				?= $(ACN_VERSION)
-NPM_VERSION				?= $(ACN_VERSION)
-ZAPAI_VERSION			?= $(notdir $(shell git describe --match "zapai*" --tags --always))
+REPO_ROOT							?= $(shell git rev-parse --show-toplevel)
+REVISION							?= $(shell git rev-parse --short HEAD)
+ACN_VERSION							?= $(shell git describe --exclude "azure-ipam*" --exclude "dropgz*" --exclude "zapai*" --exclude "ipv6-hp-bpf*" --tags --always)
+IPV6_HP_BPF_VERSION					?= $(notdir $(shell git describe --match "ipv6-hp-bpf*" --tags --always))
+AZURE_IPAM_VERSION					?= $(notdir $(shell git describe --match "azure-ipam*" --tags --always))
+AZURE_IP_MASQ_MERGER_VERSION		?= $(notdir $(shell git describe --match "azure-ip-masq-merger*" --tags --always))
+CNI_VERSION							?= $(ACN_VERSION)
+CNS_VERSION							?= $(ACN_VERSION)
+NPM_VERSION							?= $(ACN_VERSION)
+ZAPAI_VERSION						?= $(notdir $(shell git describe --match "zapai*" --tags --always))
 
 # Build directories.
 AZURE_IPAM_DIR = $(REPO_ROOT)/azure-ipam
+AZURE_IP_MASQ_MERGER_DIR = $(REPO_ROOT)/azure-ip-masq-merger
 IPV6_HP_BPF_DIR = $(REPO_ROOT)/bpf-prog/ipv6-hp-bpf
 
 CNI_NET_DIR = $(REPO_ROOT)/cni/network/plugin
@@ -55,6 +57,7 @@ NPM_DIR = $(REPO_ROOT)/npm/cmd
 OUTPUT_DIR = $(REPO_ROOT)/output
 BUILD_DIR = $(OUTPUT_DIR)/$(GOOS)_$(GOARCH)
 AZURE_IPAM_BUILD_DIR = $(BUILD_DIR)/azure-ipam
+AZURE_IP_MASQ_MERGER_BUILD_DIR = $(BUILD_DIR)/azure-ip-masq-merger
 IPV6_HP_BPF_BUILD_DIR = $(BUILD_DIR)/bpf-prog/ipv6-hp-bpf
 IMAGE_DIR  = $(OUTPUT_DIR)/images
 
@@ -102,6 +105,7 @@ CNI_DUALSTACK_ARCHIVE_NAME = azure-vnet-cni-overlay-dualstack-$(GOOS)-$(GOARCH)-
 CNS_ARCHIVE_NAME = azure-cns-$(GOOS)-$(GOARCH)-$(CNS_VERSION).$(ARCHIVE_EXT)
 NPM_ARCHIVE_NAME = azure-npm-$(GOOS)-$(GOARCH)-$(NPM_VERSION).$(ARCHIVE_EXT)
 AZURE_IPAM_ARCHIVE_NAME = azure-ipam-$(GOOS)-$(GOARCH)-$(AZURE_IPAM_VERSION).$(ARCHIVE_EXT)
+AZURE_IP_MASQ_MERGER_ARCHIVE_NAME = azure-ip-masq-merger-$(GOOS)-$(GOARCH)-$(AZURE_IP_MASQ_MERGER_VERSION).$(ARCHIVE_EXT)
 IPV6_HP_BPF_ARCHIVE_NAME = ipv6-hp-bpf-$(GOOS)-$(GOARCH)-$(IPV6_HP_BPF_VERSION).$(ARCHIVE_EXT)
 
 # Image info file names.
@@ -119,8 +123,8 @@ all-binaries-platforms: ## Make all platform binaries
 
 # OS specific binaries/images
 ifeq ($(GOOS),linux)
-all-binaries: acncli azure-cni-plugin azure-cns azure-npm azure-ipam ipv6-hp-bpf
-all-images: npm-image cns-image cni-manager-image ipv6-hp-bpf-image
+all-binaries: acncli azure-cni-plugin azure-cns azure-npm azure-ipam azure-ip-masq-merger ipv6-hp-bpf
+all-images: npm-image cns-image cni-manager-image azure-ip-masq-merger-image ipv6-hp-bpf-image
 else
 all-binaries: azure-cni-plugin azure-cns azure-npm
 all-images:
@@ -134,6 +138,7 @@ acncli: acncli-binary acncli-archive
 azure-npm: azure-npm-binary npm-archive
 azure-ipam: azure-ipam-binary azure-ipam-archive
 ipv6-hp-bpf: ipv6-hp-bpf-binary ipv6-hp-bpf-archive
+azure-ip-masq-merger: azure-ip-masq-merger-binary azure-ip-masq-merger-archive
 
 
 ##@ Versioning
@@ -149,6 +154,9 @@ acncli-version: version
 azure-ipam-version: ## prints the azure-ipam version
 	@echo $(AZURE_IPAM_VERSION)
 
+azure-ip-masq-merger-version: ## prints the azure-ip-masq-merger version
+	@echo $(AZURE_IP_MASQ_MERGER_VERSION)
+
 ipv6-hp-bpf-version: ## prints the ipv6-hp-bpf version
 	@echo $(IPV6_HP_BPF_VERSION)
 
@@ -218,6 +226,10 @@ azure-npm-binary:
 	cd $(CNI_TELEMETRY_DIR) && CGO_ENABLED=0 go build -v -o $(NPM_BUILD_DIR)/azure-vnet-telemetry$(EXE_EXT) -ldflags "-X main.version=$(NPM_VERSION)" -gcflags="-dwarflocationlists=true"
 	cd $(NPM_DIR) && CGO_ENABLED=0 go build -v -o $(NPM_BUILD_DIR)/azure-npm$(EXE_EXT) -ldflags "-X main.version=$(NPM_VERSION) -X $(NPM_AI_PATH)=$(NPM_AI_ID)" -gcflags="-dwarflocationlists=true"
 
+# Build the azure-ip-masq-merger binary.
+azure-ip-masq-merger-binary:
+	cd $(AZURE_IP_MASQ_MERGER_DIR) && CGO_ENABLED=0 go build -v -o $(AZURE_IP_MASQ_MERGER_BUILD_DIR)/azure-ip-masq-merger$(EXE_EXT) -ldflags "-X main.version=$(AZURE_IP_MASQ_MERGER_VERSION)" -gcflags="-dwarflocationlists=true"
+
 ##@ Containers
 
 ## Common variables for all containers.
@@ -256,12 +268,13 @@ CONTAINER_TRANSPORT = docker
 endif
 
 ## Image name definitions.
-ACNCLI_IMAGE		= acncli
-AZURE_IPAM_IMAGE	= azure-ipam
-IPV6_HP_BPF_IMAGE	= ipv6-hp-bpf
-CNI_IMAGE			= azure-cni
-CNS_IMAGE			= azure-cns
-NPM_IMAGE			= azure-npm
+ACNCLI_IMAGE				= acncli
+AZURE_IPAM_IMAGE			= azure-ipam
+IPV6_HP_BPF_IMAGE			= ipv6-hp-bpf
+CNI_IMAGE					= azure-cni
+CNS_IMAGE					= azure-cns
+NPM_IMAGE					= azure-npm
+AZURE_IP_MASQ_MERGER_IMAGE	= azure-ip-masq-merger
 
 ## Image platform tags.
 ACNCLI_PLATFORM_TAG				?= $(subst /,-,$(PLATFORM))-$(ACN_VERSION)
@@ -273,6 +286,7 @@ CNI_WINDOWS_PLATFORM_TAG		?= $(subst /,-,$(PLATFORM))-$(CNI_VERSION)-$(OS_SKU_WI
 CNS_PLATFORM_TAG				?= $(subst /,-,$(PLATFORM))-$(CNS_VERSION)
 CNS_WINDOWS_PLATFORM_TAG		?= $(subst /,-,$(PLATFORM))-$(CNS_VERSION)-$(OS_SKU_WIN)
 NPM_PLATFORM_TAG				?= $(subst /,-,$(PLATFORM))-$(NPM_VERSION)
+AZURE_IP_MASQ_MERGER_PLATFORM_TAG	?= $(subst /,-,$(PLATFORM))-$(AZURE_IP_MASQ_MERGER_VERSION)
 
 
 qemu-user-static: ## Set up the host to run qemu multiplatform container builds.
@@ -383,6 +397,34 @@ azure-ipam-image-pull: ## pull azure-ipam container image.
 		IMAGE=$(AZURE_IPAM_IMAGE) \
 		TAG=$(AZURE_IPAM_PLATFORM_TAG)
 
+# azure-ip-masq-merger
+azure-ip-masq-merger-image-name: # util target to print the azure-ip-masq-merger image name.
+	@echo $(AZURE_IP_MASQ_MERGER_IMAGE)
+
+azure-ip-masq-merger-image-name-and-tag: # util target to print the azure-ip-masq-merger image name and tag.
+	@echo $(IMAGE_REGISTRY)/$(AZURE_IP_MASQ_MERGER_IMAGE):$(AZURE_IP_MASQ_MERGER_PLATFORM_TAG)
+
+azure-ip-masq-merger-image: ## build azure-ip-masq-merger container image.
+	$(MAKE) container \
+		DOCKERFILE=azure-ip-masq-merger/Dockerfile \
+		IMAGE=$(AZURE_IP_MASQ_MERGER_IMAGE) \
+		PLATFORM=$(PLATFORM) \
+		TAG=$(AZURE_IP_MASQ_MERGER_PLATFORM_TAG) \
+		TARGET=$(OS) \
+		OS=$(OS) \
+		ARCH=$(ARCH)
+
+azure-ip-masq-merger-image-push: ## push azure-ip-masq-merger container image.
+	$(MAKE) container-push \
+		IMAGE=$(AZURE_IP_MASQ_MERGER_IMAGE) \
+		TAG=$(AZURE_IP_MASQ_MERGER_PLATFORM_TAG)
+
+azure-ip-masq-merger-image-pull: ## pull azure-ip-masq-merger container image.
+	$(MAKE) container-pull \
+		IMAGE=$(AZURE_IP_MASQ_MERGER_IMAGE) \
+		TAG=$(AZURE_IP_MASQ_MERGER_PLATFORM_TAG)
+
+
 # ipv6-hp-bpf
 
 ipv6-hp-bpf-image-name: # util target to print the ipv6-hp-bpf image name.
@@ -559,6 +601,22 @@ azure-ipam-skopeo-archive: ## export tar archive of azure-ipam multiplat contain
 		IMAGE=$(AZURE_IPAM_IMAGE) \
 		TAG=$(AZURE_IPAM_VERSION)
 
+azure-ip-masq-merger-manifest-build: ## build azure-ip-masq-merger multiplat container manifest.
+	$(MAKE) manifest-build \
+		PLATFORMS="$(PLATFORMS)" \
+		IMAGE=$(AZURE_IP_MASQ_MERGER_IMAGE) \
+		TAG=$(AZURE_IP_MASQ_MERGER_VERSION)
+
+azure-ip-masq-merger-manifest-push: ## push azure-ip-masq-merger multiplat container manifest
+	$(MAKE) manifest-push \
+		IMAGE=$(AZURE_IP_MASQ_MERGER_IMAGE) \
+		TAG=$(AZURE_IP_MASQ_MERGER_VERSION)
+
+azure-ip-masq-merger-skopeo-archive: ## export tar archive of azure-ip-masq-merger multiplat container manifest.
+	$(MAKE) manifest-skopeo-archive \
+		IMAGE=$(AZURE_IP_MASQ_MERGER_IMAGE) \
+		TAG=$(AZURE_IP_MASQ_MERGER_VERSION)
+
 ipv6-hp-bpf-manifest-build: ## build ipv6-hp-bpf multiplat container manifest.
 	$(MAKE) manifest-build \
 		PLATFORMS="$(PLATFORMS)" \
@@ -709,6 +767,14 @@ ifeq ($(GOOS),linux)
 	cd $(AZURE_IPAM_BUILD_DIR) && $(ARCHIVE_CMD) $(AZURE_IPAM_ARCHIVE_NAME) azure-ipam$(EXE_EXT)
 endif
 
+# Create a azure-ip-masq-merger archive for the target platform.
+.PHONY: azure-ip-masq-merger-archive
+azure-ip-masq-merger-archive: azure-ip-masq-merger-binary
+ifeq ($(GOOS),linux)
+	$(MKDIR) $(AZURE_IP_MASQ_MERGER_BUILD_DIR)
+	cd $(AZURE_IP_MASQ_MERGER_BUILD_DIR) && $(ARCHIVE_CMD) $(AZURE_IP_MASQ_MERGER_ARCHIVE_NAME) azure-ip-masq-merger$(EXE_EXT)
+endif
+
 # Create a ipv6-hp-bpf archive for the target platform.
 .PHONY: ipv6-hp-bpf-archive
 ipv6-hp-bpf-archive: ipv6-hp-bpf-binary
@@ -791,6 +857,9 @@ test-extended-cyclonus: ## run the cyclonus test for npm.
 test-azure-ipam: ## run the unit test for azure-ipam
 	cd $(AZURE_IPAM_DIR) && go test
 
+test-azure-ip-masq-merger: ## run the unit test for azure-ip-masq-merger
+	cd $(AZURE_IP_MASQ_MERGER_DIR) && go test
+
 kind:
 	kind create cluster --config ./test/kind/kind.yaml
 

azure-ip-masq-merger/.golangci.yml

@@ -0,0 +1,40 @@
+issues:
+  max-same-issues: 0
+  max-issues-per-linter: 0
+  new-from-rev: origin/master
+linters:
+  presets: 
+  - bugs
+  - error
+  - format
+  - performance
+  - unused
+  disable:
+  - maligned
+  - scopelint
+  enable:
+  - exportloopref
+  - goconst
+  - gocritic
+  - gocyclo
+  - gofmt
+  - goprintffuncname
+  - gosimple
+  - lll
+  - misspell
+  - nakedret
+  - promlinter
+  - revive
+linters-settings:
+  gocritic:
+    enabled-tags:
+    - "diagnostic"
+    - "style"
+    - "performance"
+    disabled-checks:
+    - "hugeParam"
+  govet:
+    enable:
+    - shadow
+  lll:
+    line-length: 200

azure-ip-masq-merger/Dockerfile

@@ -0,0 +1,26 @@
+ARG ARCH
+ARG OS_VERSION
+ARG OS
+
+# skopeo inspect docker://mcr.microsoft.com/oss/go/microsoft/golang:1.23.2-azurelinux3.0 --format "{{.Name}}@{{.Digest}}"
+FROM --platform=linux/${ARCH} mcr.microsoft.com/oss/go/microsoft/golang@sha256:f1f0cbd464ae4cd9d41176d47f1f9fe16a6965425871f817587314e3a04576ec AS go
+
+# skopeo inspect docker://mcr.microsoft.com/azurelinux/base/core:3.0 --format "{{.Name}}@{{.Digest}}"
+FROM --platform=linux/${ARCH} mcr.microsoft.com/azurelinux/base/core@sha256:b46476be0b5c9691ad20f78871819950c01433bdfad81d72c61618f4a6202b25 AS mariner-core
+
+FROM go AS azure-ip-masq-merger
+ARG OS
+ARG VERSION
+WORKDIR /azure-ip-masq-merger
+COPY ./azure-ip-masq-merger .
+RUN GOOS=$OS CGO_ENABLED=0 go build -a -o /go/bin/ip-masq-merger -trimpath -ldflags "-X main.version="$VERSION"" -gcflags="-dwarflocationlists=true" .
+
+# TODO: Replace with scratch later
+FROM --platform=linux/${ARCH} mcr.microsoft.com/azurelinux/base/core@sha256:b46476be0b5c9691ad20f78871819950c01433bdfad81d72c61618f4a6202b25 AS linux
+COPY --from=azure-ip-masq-merger /go/bin/ip-masq-merger ip-masq-merger
+ENTRYPOINT [ "/ip-masq-merger" ]
+
+# skopeo inspect docker://mcr.microsoft.com/oss/kubernetes/windows-host-process-containers-base-image:v1.0.0 --format "{{.Name}}@{{.Digest}}"
+FROM mcr.microsoft.com/oss/kubernetes/windows-host-process-containers-base-image@sha256:b4c9637e032f667c52d1eccfa31ad8c63f1b035e8639f3f48a510536bf34032b as windows
+COPY --from=azure-ip-masq-merger /go/bin/ip-masq-merger ip-masq-merger.exe
+ENTRYPOINT [ "/ip-masq-merger.exe" ]

azure-ip-masq-merger/go.mod

@@ -0,0 +1,47 @@
+module github.com/Azure/azure-container-networking/azure-ip-masq-merger
+
+go 1.23.0
+
+require (
+	github.com/stretchr/testify v1.9.0
+	gopkg.in/yaml.v2 v2.4.0
+	k8s.io/apimachinery v0.31.3
+	k8s.io/component-base v0.31.3
+	k8s.io/klog/v2 v2.130.1
+)
+
+require (
+	github.com/beorn7/perks v1.0.1 // indirect
+	github.com/blang/semver/v4 v4.0.0 // indirect
+	github.com/cespare/xxhash/v2 v2.3.0 // indirect
+	github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect
+	github.com/fxamacker/cbor/v2 v2.7.0 // indirect
+	github.com/go-logr/logr v1.4.2 // indirect
+	github.com/gogo/protobuf v1.3.2 // indirect
+	github.com/google/go-cmp v0.6.0 // indirect
+	github.com/google/gofuzz v1.2.0 // indirect
+	github.com/inconshreveable/mousetrap v1.1.0 // indirect
+	github.com/json-iterator/go v1.1.12 // indirect
+	github.com/kr/text v0.2.0 // indirect
+	github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
+	github.com/modern-go/reflect2 v1.0.2 // indirect
+	github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect
+	github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect
+	github.com/prometheus/client_golang v1.19.1 // indirect
+	github.com/prometheus/client_model v0.6.1 // indirect
+	github.com/prometheus/common v0.55.0 // indirect
+	github.com/prometheus/procfs v0.15.1 // indirect
+	github.com/spf13/cobra v1.8.1 // indirect
+	github.com/spf13/pflag v1.0.5 // indirect
+	github.com/x448/float16 v0.8.4 // indirect
+	golang.org/x/net v0.36.0 // indirect
+	golang.org/x/sys v0.30.0 // indirect
+	golang.org/x/text v0.22.0 // indirect
+	google.golang.org/protobuf v1.34.2 // indirect
+	gopkg.in/inf.v0 v0.9.1 // indirect
+	gopkg.in/yaml.v3 v3.0.1 // indirect
+	k8s.io/utils v0.0.0-20240921022957-49e7df575cb6 // indirect
+	sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect
+	sigs.k8s.io/structured-merge-diff/v4 v4.4.1 // indirect
+	sigs.k8s.io/yaml v1.4.0 // indirect
+)