Use Different Images for Agent and Controller

Fixes #5691. Modified the code to build separate images for antrea-agent and antrea-controller, because there are many resources that are not required by controller and are required by agent only, and unified image for both creates a burden when starting antrea-controller and thus it takes time to start. For this reason I have create separate images for antrea-agent and antrea-controller. Signed-off-by: Pulkit Jain <[email protected]>
antrea-io · Jan 4, 2024 · a604e31 · a604e31
1 parent 0204fbc
commit a604e31
Show file tree

Hide file tree

Showing 24 changed files with 316 additions and 70 deletions.
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
@@ -49,7 +49,11 @@ jobs:
         echo "$DOCKER_PASSWORD" | docker login -u "$DOCKER_USERNAME" --password-stdin
         ./hack/build-antrea-linux-all.sh --pull --push-base-images
         docker tag antrea/antrea-ubuntu:latest antrea/antrea-ubuntu-amd64:latest
+        docker tag antrea/antrea-controller-ubuntu:latest antrea/antrea-controller-ubuntu-amd64:latest
+        docker tag antrea/antrea-agent-ubuntu:latest antrea/antrea-agent-ubuntu-amd64:latest
         docker push antrea/antrea-ubuntu-amd64:latest
+        docker push antrea/antrea-controller-ubuntu-amd64:latest
+        docker push antrea/antrea-agent-ubuntu-amd64:latest
     - name: Trigger Antrea arm builds and multi-arch manifest update
       if: ${{ github.repository == 'antrea-io/antrea' && github.event_name == 'push' && github.ref == 'refs/heads/main' }}
       uses: benc-uk/workflow-dispatch@v1

diff --git a/.github/workflows/kind.yml b/.github/workflows/kind.yml
@@ -41,7 +41,7 @@ jobs:
       run: |
         ./hack/build-antrea-linux-all.sh --pull --coverage
     - name: Save Antrea image to tarball
-      run:  docker save -o antrea-ubuntu.tar antrea/antrea-ubuntu-coverage:latest
+      run:  docker save -o antrea-ubuntu.tar antrea/antrea-agent-ubuntu-coverage:latest antrea/antrea-controller-ubuntu-coverage:latest
     - name: Upload Antrea image for subsequent jobs
       uses: actions/upload-artifact@v4
       with:
@@ -487,7 +487,8 @@ jobs:
     - name: Load Antrea image
       run: |
         docker load -i antrea-ubuntu.tar
-        docker tag antrea/antrea-ubuntu-coverage:latest antrea/antrea-ubuntu:latest
+        docker tag antrea/antrea-agent-ubuntu-coverage:latest antrea/antrea-agent-ubuntu:latest
+        docker tag antrea/antrea-controller-ubuntu-coverage:latest antrea/antrea-controller-ubuntu:latest
     - name: Install Kind
       run: |
         KIND_VERSION=$(head -n1 ./ci/kind/version)
@@ -532,7 +533,8 @@ jobs:
       - name: Load Antrea image
         run: |
           docker load -i antrea-ubuntu.tar
-          docker tag antrea/antrea-ubuntu-coverage:latest antrea/antrea-ubuntu:latest
+          docker tag antrea/antrea-agent-ubuntu-coverage:latest antrea/antrea-agent-ubuntu:latest
+          docker tag antrea/antrea-controller-ubuntu-coverage:latest antrea/antrea-controller-ubuntu:latest
       - name: Install Kind
         run: |
           KIND_VERSION=$(head -n1 ./ci/kind/version)
@@ -577,7 +579,8 @@ jobs:
       - name: Load Antrea image
         run: |
           docker load -i antrea-ubuntu.tar
-          docker tag antrea/antrea-ubuntu-coverage:latest antrea/antrea-ubuntu:latest
+          docker tag antrea/antrea-agent-ubuntu-coverage:latest antrea/antrea-agent-ubuntu:latest
+          docker tag antrea/antrea-controller-ubuntu-coverage:latest antrea/antrea-controller-ubuntu:latest
       - name: Install Kind
         run: |
           KIND_VERSION=$(head -n1 ./ci/kind/version)
@@ -622,7 +625,8 @@ jobs:
       - name: Load Antrea image
         run: |
           docker load -i antrea-ubuntu.tar
-          docker tag antrea/antrea-ubuntu-coverage:latest antrea/antrea-ubuntu:latest
+          docker tag antrea/antrea-agent-ubuntu-coverage:latest antrea/antrea-agent-ubuntu:latest
+          docker tag antrea/antrea-controller-ubuntu-coverage:latest antrea/antrea-controller-ubuntu:latest
       - name: Install Kind
         run: |
           KIND_VERSION=$(head -n1 ./ci/kind/version)
@@ -667,7 +671,8 @@ jobs:
       - name: Load Antrea image
         run: |
           docker load -i antrea-ubuntu.tar
-          docker tag antrea/antrea-ubuntu-coverage:latest antrea/antrea-ubuntu:latest
+          docker tag antrea/antrea-agent-ubuntu-coverage:latest antrea/antrea-agent-ubuntu:latest
+          docker tag antrea/antrea-controller-ubuntu-coverage:latest antrea/antrea-controller-ubuntu:latest
       - name: Install Kind
         run: |
           KIND_VERSION=$(head -n1 ./ci/kind/version)
@@ -709,7 +714,8 @@ jobs:
       - name: Load Antrea image
         run: |
           docker load -i antrea-ubuntu.tar
-          docker tag antrea/antrea-ubuntu-coverage:latest antrea/antrea-ubuntu:latest
+          docker tag antrea/antrea-agent-ubuntu-coverage:latest antrea/antrea-agent-ubuntu:latest
+          docker tag antrea/antrea-controller-ubuntu-coverage:latest antrea/antrea-controller-ubuntu:latest
       - name: Install Kind
         run: |
           KIND_VERSION=$(head -n1 ./ci/kind/version)

diff --git a/Makefile b/Makefile
@@ -332,6 +332,26 @@ else
 endif
 	docker tag antrea/antrea-ubuntu:$(DOCKER_IMG_VERSION) antrea/antrea-ubuntu
 
+.PHONY: build-controller-ubuntu
+build-controller-ubuntu:
+	@echo "===> Building antrea/antrea-controller-ubuntu Docker image <==="
+ifneq ($(NO_PULL),)
+	docker build -t antrea/antrea-controller-ubuntu:$(DOCKER_IMG_VERSION) -f build/images/Dockerfile.build.controller.ubuntu $(DOCKER_BUILD_ARGS) .
+else
+	docker build --pull -t antrea/antrea-controller-ubuntu:$(DOCKER_IMG_VERSION) -f build/images/Dockerfile.build.controller.ubuntu $(DOCKER_BUILD_ARGS) .
+endif
+	docker tag antrea/antrea-controller-ubuntu:$(DOCKER_IMG_VERSION) antrea/antrea-controller-ubuntu
+
+.PHONY: build-agent-ubuntu
+build-agent-ubuntu:
+	@echo "===> Building antrea/antrea-agent-ubuntu Docker image <==="
+ifneq ($(NO_PULL),)
+	docker build -t antrea/antrea-agent-ubuntu:$(DOCKER_IMG_VERSION) -f build/images/Dockerfile.build.agent.ubuntu $(DOCKER_BUILD_ARGS) .
+else
+	docker build --pull -t antrea/antrea-agent-ubuntu:$(DOCKER_IMG_VERSION) -f build/images/Dockerfile.build.agent.ubuntu $(DOCKER_BUILD_ARGS) .
+endif
+	docker tag antrea/antrea-agent-ubuntu:$(DOCKER_IMG_VERSION) antrea/antrea-agent-ubuntu
+
 # Build bins in a golang container, and build the antrea-ubuntu Docker image.
 .PHONY: build-ubuntu
 build-ubuntu:
@@ -374,6 +394,26 @@ else
 endif
 	docker tag antrea/antrea-ubuntu-coverage:$(DOCKER_IMG_VERSION) antrea/antrea-ubuntu-coverage
 
+.PHONY: build-controller-ubuntu-coverage
+build-controller-ubuntu-coverage:
+	@echo "===> Building Antrea bins and antrea/antrea-controller-ubuntu-coverage Docker image <==="
+ifneq ($(NO_PULL),)
+	docker build -t antrea/antrea-controller-ubuntu-coverage:$(DOCKER_IMG_VERSION) -f build/images/Dockerfile.controller.build.coverage $(DOCKER_BUILD_ARGS) .
+else
+	docker build --pull -t antrea/antrea-controller-ubuntu-coverage:$(DOCKER_IMG_VERSION) -f build/images/Dockerfile.controller.build.coverage $(DOCKER_BUILD_ARGS) .
+endif
+	docker tag antrea/antrea-controller-ubuntu-coverage:$(DOCKER_IMG_VERSION) antrea/antrea-controller-ubuntu-coverage
+
+.PHONY: build-agent-ubuntu-coverage
+build-agent-ubuntu-coverage:
+	@echo "===> Building Antrea bins and antrea/antrea-agent-ubuntu-coverage Docker image <==="
+ifneq ($(NO_PULL),)
+	docker build -t antrea/antrea-agent-ubuntu-coverage:$(DOCKER_IMG_VERSION) -f build/images/Dockerfile.agent.build.coverage $(DOCKER_BUILD_ARGS) .
+else
+	docker build --pull -t antrea/antrea-agent-ubuntu-coverage:$(DOCKER_IMG_VERSION) -f build/images/Dockerfile.agent.build.coverage $(DOCKER_BUILD_ARGS) .
+endif
+	docker tag antrea/antrea-agent-ubuntu-coverage:$(DOCKER_IMG_VERSION) antrea/antrea-agent-ubuntu-coverage
+
 .PHONY: build-scale-simulator
 build-scale-simulator:
 	@echo "===> Building simulator bin and antrea-ubuntu-simulator image"

diff --git a/build/charts/antrea/README.md b/build/charts/antrea/README.md
@@ -95,7 +95,7 @@ Kubernetes: `>= 1.16.0-0`
 | flowExporter.flowPollInterval | string | `"5s"` | Determines how often the flow exporter polls for new connections. |
 | flowExporter.idleFlowExportTimeout | string | `"15s"` | timeout after which a flow record is sent to the collector for idle flows. |
 | hostGateway | string | `"antrea-gw0"` | Name of the interface antrea-agent will create and use for host <-> Pod communication. |
-| image | object | `{"pullPolicy":"IfNotPresent","repository":"antrea/antrea-ubuntu","tag":""}` | Container image to use for Antrea components. |
+| images | object | `{"agentRepository":"antrea/antrea-agent-ubuntu","controllerRepository":"antrea/antrea-controller-ubuntu","pullPolicy":"IfNotPresent","tag":""}` | Container images to be used for antrea-controller and antrea-agent components. |
 | ipsec.authenticationMode | string | `"psk"` | The authentication mode to use for IPsec. Must be one of "psk" or "cert". |
 | ipsec.csrSigner.autoApprove | bool | `true` | Enable auto approval of Antrea signer for IPsec certificates. |
 | ipsec.csrSigner.selfSignedCA | bool | `true` | Whether or not to use auto-generated self-signed CA. |

diff --git a/build/charts/antrea/templates/_helpers.tpl b/build/charts/antrea/templates/_helpers.tpl
@@ -9,17 +9,21 @@
 {{- end -}}
 
 {{- define "antreaImageTag" -}}
-{{- if .Values.image.tag }}
-{{- .Values.image.tag -}}
+{{- if .Values.images.tag }}
+{{- .Values.images.tag -}}
 {{- else if eq .Chart.AppVersion "latest" }}
 {{- print "latest" -}}
 {{- else }}
 {{- print "v" .Chart.AppVersion -}}
 {{- end }}
 {{- end -}}
 
-{{- define "antreaImage" -}}
-{{- print .Values.image.repository ":" (include "antreaImageTag" .) -}}
+{{- define "antreaControllerImage" -}}
+{{- print .Values.images.controllerRepository ":" (include "antreaImageTag" .) -}}
+{{- end -}}
+
+{{- define "antreaAgentImage" -}}
+{{- print .Values.images.agentRepository ":" (include "antreaImageTag" .) -}}
 {{- end -}}
 
 {{- define "validateValues" -}}

diff --git a/build/charts/antrea/templates/agent/daemonset.yaml b/build/charts/antrea/templates/agent/daemonset.yaml
@@ -71,8 +71,8 @@ spec:
       containers:
       {{- end }}
         - name: install-cni
-          image: {{ include "antreaImage" . | quote }}
-          imagePullPolicy: {{ .Values.image.pullPolicy }}
+          image: {{ include "antreaAgentImage" . | quote }}
+          imagePullPolicy: {{ .Values.images.pullPolicy }}
           resources: {{- .Values.agent.installCNI.resources | toYaml | nindent 12 }}
           {{- if eq .Values.trafficEncapMode "networkPolicyOnly" }}
           command: ["install_cni_chaining"]
@@ -127,8 +127,8 @@ spec:
       containers:
       {{- end }}
         - name: antrea-agent
-          image: {{ include "antreaImage" . | quote }}
-          imagePullPolicy: {{ .Values.image.pullPolicy }}
+          image: {{ include "antreaAgentImage" . | quote }}
+          imagePullPolicy: {{ .Values.images.pullPolicy }}
           {{- if ((.Values.testing).coverage) }}
           command: ["/bin/sh"]
           args: ["-c", "sleep 2; antrea-agent-coverage -test.run=TestBincoverRunMain -test.coverprofile=antrea-agent.cov.out -args-file=/agent-arg-file; while true; do sleep 5 & wait $!; done"]
@@ -257,8 +257,8 @@ spec:
           {{- toYaml . | trim | nindent 10 }}
           {{- end }}
         - name: antrea-ovs
-          image: {{ include "antreaImage" . | quote }}
-          imagePullPolicy: {{ .Values.image.pullPolicy }}
+          image: {{ include "antreaAgentImage" . | quote }}
+          imagePullPolicy: {{ .Values.images.pullPolicy }}
           resources: {{- .Values.agent.antreaOVS.resources | toYaml | nindent 12 }}
           command: ["start_ovs"]
           args:
@@ -313,8 +313,8 @@ spec:
             subPath: openvswitch
         {{- if eq .Values.trafficEncryptionMode "ipsec" }}
         - name: antrea-ipsec
-          image: {{ include "antreaImage" . | quote }}
-          imagePullPolicy: {{ .Values.image.pullPolicy }}
+          image: {{ include "antreaAgentImage" . | quote }}
+          imagePullPolicy: {{ .Values.images.pullPolicy }}
           resources: {{- .Values.agent.antreaIPsec.resources | toYaml | nindent 12 }}
           command: ["start_ovs_ipsec"]
           livenessProbe:

diff --git a/build/charts/antrea/templates/controller/deployment.yaml b/build/charts/antrea/templates/controller/deployment.yaml
@@ -60,8 +60,8 @@ spec:
       serviceAccountName: antrea-controller
       containers:
         - name: antrea-controller
-          image: {{ include "antreaImage" . | quote }}
-          imagePullPolicy: {{ .Values.image.pullPolicy }}
+          image: {{ include "antreaControllerImage" . | quote }}
+          imagePullPolicy: {{ .Values.images.pullPolicy }}
           resources: {{- .Values.controller.antreaController.resources | toYaml | nindent 12 }}
           {{- if ((.Values.testing).coverage) }}
           command: ["/bin/sh"]

diff --git a/build/charts/antrea/values.yaml b/build/charts/antrea/values.yaml
@@ -1,6 +1,7 @@
-# -- Container image to use for Antrea components.
-image:
-  repository: "antrea/antrea-ubuntu"
+# -- Container images to be used for antrea-controller and antrea-agent components.
+images:
+  controllerRepository: "antrea/antrea-controller-ubuntu"
+  agentRepository: "antrea/antrea-agent-ubuntu"
   pullPolicy: "IfNotPresent"
   tag: ""
 

diff --git a/build/images/Dockerfile.agent.build.coverage b/build/images/Dockerfile.agent.build.coverage
@@ -0,0 +1,44 @@
+# Copyright 2024 Antrea Authors
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+ARG GO_VERSION
+ARG BUILD_TAG
+FROM golang:${GO_VERSION} as antrea-build
+
+WORKDIR /antrea
+
+COPY go.mod /antrea/go.mod
+
+RUN go mod download
+
+COPY . /antrea
+
+RUN make antrea-agent antrea-cni antrea-agent-instr-binary
+# Disable CGO for antctl in case it is copied outside of the container image. It
+# also reduces the size of the binary and aligns with how we distribute antctl
+# in release assets.
+RUN CGO_ENABLED=0 make antctl-linux antctl-instr-binary
+RUN mv bin/antctl-linux bin/antctl
+
+FROM antrea/base-ubuntu:${BUILD_TAG}
+
+LABEL maintainer="Antrea <[email protected]>"
+LABEL description="The Docker image to deploy the Antrea CNI with code coverage measurement enabled (used for testing)."
+
+USER root
+
+COPY build/images/scripts/* /usr/local/bin/
+COPY --from=antrea-build /antrea/bin/* /usr/local/bin/
+COPY --from=antrea-build /antrea/test/e2e/coverage/controller-arg-file /
+COPY --from=antrea-build /antrea/test/e2e/coverage/agent-arg-file /
diff --git a/build/images/Dockerfile.build.agent.ubuntu b/build/images/Dockerfile.build.agent.ubuntu
@@ -0,0 +1,42 @@
+# Copyright 2024 Antrea Authors
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+ARG GO_VERSION
+ARG BUILD_TAG
+FROM golang:${GO_VERSION} as antrea-build
+
+WORKDIR /antrea
+
+COPY go.mod /antrea/go.mod
+
+RUN go mod download
+
+COPY . /antrea
+
+RUN make antrea-agent antrea-cni
+# Disable CGO for antctl in case it is copied outside of the container image. It
+# also reduces the size of the binary and aligns with how we distribute antctl
+# in release assets.
+RUN CGO_ENABLED=0 make antctl-linux
+RUN mv bin/antctl-linux bin/antctl
+
+FROM antrea/base-ubuntu:${BUILD_TAG}
+
+LABEL maintainer="Antrea <[email protected]>"
+LABEL description="The Docker image to deploy the Antrea CNI."
+
+USER root
+
+COPY build/images/scripts/* /usr/local/bin/
+COPY --from=antrea-build /antrea/bin/* /usr/local/bin/
diff --git a/build/images/Dockerfile.build.controller.ubuntu b/build/images/Dockerfile.build.controller.ubuntu
@@ -0,0 +1,46 @@
+# Copyright 2024 Antrea Authors
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+ARG GO_VERSION
+ARG BUILD_TAG
+FROM golang:${GO_VERSION} as antrea-build
+
+WORKDIR /antrea
+
+COPY go.mod /antrea/go.mod
+
+RUN go mod download
+
+COPY . /antrea
+
+RUN make antrea-controller
+# Disable CGO for antctl in case it is copied outside of the container image. It
+# also reduces the size of the binary and aligns with how we distribute antctl
+# in release assets.
+RUN CGO_ENABLED=0 make antctl-linux
+RUN mv bin/antctl-linux bin/antctl
+
+FROM ubuntu:22.04
+
+LABEL maintainer="Antrea <[email protected]>"
+LABEL description="The Docker image to deploy the Antrea CNI."
+
+USER root
+
+RUN apt-get update && \
+    apt-get install -y --no-install-recommends openssl
+
+COPY build/images/scripts/* /usr/local/bin/
+COPY --from=antrea-build /antrea/bin/antctl /usr/local/bin/
+COPY --from=antrea-build /antrea/bin/antrea-controller /usr/local/bin/