Split the ubi image of Antrea into two images.

Signed-off-by: Pulkit Jain <[email protected]>

.github/workflows/build.yml

@@ -85,6 +85,8 @@ jobs:
         echo "$DOCKER_PASSWORD" | docker login -u "$DOCKER_USERNAME" --password-stdin
         ./hack/build-antrea-linux-all.sh --pull --push-base-images --distro ubi
         docker push antrea/antrea-ubi:latest
+        docker push antrea/antrea-agent-ubi:latest
+        docker push antrea/antrea-controller-ubi:latest
 
   build-scale:
     needs: check-changes

.github/workflows/build_tag.yml

@@ -65,6 +65,8 @@ jobs:
           ./hack/build-antrea-linux-all.sh --pull --distro ubi
           echo "$DOCKER_PASSWORD" | docker login -u "$DOCKER_USERNAME" --password-stdin
           docker push antrea/antrea-ubi:"${VERSION}"
+          docker push antrea/antrea-agent-ubi:"${VERSION}"
+          docker push antrea/antrea-controller-ubi:"${VERSION}"
 
   build-windows:
     runs-on: [windows-2019]

.github/workflows/conformance.yml

@@ -66,7 +66,7 @@ jobs:
       - name: Create K8s cluster
         run: |
           # The command also loads local antrea/antrea-agent-ubuntu:latest and antrea/antrea-controller-ubuntu:latest
-          # into Nodes if it exists.
+          # into Nodes if they exist.
           ./ci/kind/kind-setup.sh create kind \
             --k8s-version "${{ inputs.k8s-version }}"
       - name: Install Antrea

Makefile

@@ -374,6 +374,26 @@ else
 endif
 	docker tag antrea/antrea-ubi:$(DOCKER_IMG_VERSION) antrea/antrea-ubi
 
+.PHONY: build-agent-ubi
+build-ubi:
+	@echo "===> Building Antrea bins and antrea/antrea-agent-ubi Docker image <==="
+ifneq ($(NO_PULL),"")
+	docker build -t antrea/antrea-agent-ubi:$(DOCKER_IMG_VERSION) -f build/images/Dockerfile.build.agent.ubi $(DOCKER_BUILD_ARGS) .
+else
+	docker build --pull -t antrea/antrea-agent-ubi:$(DOCKER_IMG_VERSION) -f build/images/Dockerfile.build.agent.ubi $(DOCKER_BUILD_ARGS) .
+endif
+	docker tag antrea/antrea-agent-ubi:$(DOCKER_IMG_VERSION) antrea/antrea-agent-ubi
+
+.PHONY: build-controller-ubi
+build-ubi:
+	@echo "===> Building Antrea bins and antrea/antrea-controller-ubi Docker image <==="
+ifneq ($(NO_PULL),"")
+	docker build -t antrea/antrea-controller-ubi:$(DOCKER_IMG_VERSION) -f build/images/Dockerfile.build.controller.ubi $(DOCKER_BUILD_ARGS) .
+else
+	docker build --pull -t antrea/antrea-controller-ubi:$(DOCKER_IMG_VERSION) -f build/images/Dockerfile.build.controller.ubi $(DOCKER_BUILD_ARGS) .
+endif
+	docker tag antrea/antrea-controller-ubi:$(DOCKER_IMG_VERSION) antrea/antrea-controller-ubi
+
 .PHONY: build-windows
 build-windows:
 	@echo "===> Building Antrea bins and antrea/antrea-windows Docker image <==="

build/charts/antrea/templates/agent/daemonset.yaml

@@ -72,7 +72,11 @@ spec:
       {{- end }}
         - name: install-cni
           image: {{ include "antreaAgentImage" . | quote }}
+          {{- if .Values.image.pullPolicy }}
+          imagePullPolicy: {{ .Values.image }}
+          {{- else }}
           imagePullPolicy: {{ .Values.agentImage.pullPolicy }}
+          {{- end }}
           resources: {{- .Values.agent.installCNI.resources | toYaml | nindent 12 }}
           {{- if eq .Values.trafficEncapMode "networkPolicyOnly" }}
           command: ["install_cni_chaining"]
@@ -128,7 +132,11 @@ spec:
       {{- end }}
         - name: antrea-agent
           image: {{ include "antreaAgentImage" . | quote }}
+          {{- if .Values.image.pullPolicy }}
+          imagePullPolicy: {{ .Values.image }}
+          {{- else }}
           imagePullPolicy: {{ .Values.agentImage.pullPolicy }}
+          {{- end }}
           {{- if ((.Values.testing).coverage) }}
           command: ["/bin/sh"]
           args: ["-c", "sleep 2; antrea-agent-coverage -test.run=TestBincoverRunMain -test.coverprofile=antrea-agent.cov.out -args-file=/agent-arg-file; while true; do sleep 5 & wait $!; done"]
@@ -258,7 +266,11 @@ spec:
           {{- end }}
         - name: antrea-ovs
           image: {{ include "antreaAgentImage" . | quote }}
+          {{- if .Values.image.pullPolicy }}
+          imagePullPolicy: {{ .Values.image }}
+          {{- else }}
           imagePullPolicy: {{ .Values.agentImage.pullPolicy }}
+          {{- end }}
           resources: {{- .Values.agent.antreaOVS.resources | toYaml | nindent 12 }}
           command: ["start_ovs"]
           args:
@@ -314,7 +326,11 @@ spec:
         {{- if eq .Values.trafficEncryptionMode "ipsec" }}
         - name: antrea-ipsec
           image: {{ include "antreaAgentImage" . | quote }}
+          {{- if .Values.image.pullPolicy }}
+          imagePullPolicy: {{ .Values.image }}
+          {{- else }}
           imagePullPolicy: {{ .Values.agentImage.pullPolicy }}
+          {{- end }}
           resources: {{- .Values.agent.antreaIPsec.resources | toYaml | nindent 12 }}
           command: ["start_ovs_ipsec"]
           livenessProbe:

build/charts/antrea/templates/controller/deployment.yaml

@@ -61,7 +61,11 @@ spec:
       containers:
         - name: antrea-controller
           image: {{ include "antreaControllerImage" . | quote }}
+          {{- if .Values.image }}
+          imagePullPolicy: {{ .Values.image.pullPolicy }}
+          {{- else }}
           imagePullPolicy: {{ .Values.controllerImage.pullPolicy }}
+          {{- end }}
           resources: {{- .Values.controller.antreaController.resources | toYaml | nindent 12 }}
           {{- if ((.Values.testing).coverage) }}
           command: ["/bin/sh"]

build/images/Dockerfile.build.agent.ubi

@@ -0,0 +1,65 @@
+# Copyright 2024 Antrea Authors
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+ARG BUILD_TAG
+FROM registry.access.redhat.com/ubi8 as antrea-build
+
+ADD https://go.dev/dl/?mode=json&include=all go-versions.json
+
+RUN yum install ca-certificates gcc git jq make wget -y
+
+ARG GO_VERSION
+
+# GO_VERSION is a Go minor version, we use the downloaded go-versions.json file
+# to identify and install the latest patch release for this minor version.
+RUN set -eux; \
+    arch="$(uname -m)"; \
+    case "${arch##*-}" in \
+         x86_64) goArch='amd64' ;; \
+         arm) goArch='armv6l' ;; \
+         aarch64) goArch='arm64' ;; \
+         *) goArch=''; echo >&2; echo >&2 "unsupported architecture '$arch'"; echo >&2 ; exit 1 ;; \
+    esac; \
+    GO_ARCHIVE=$(jq --arg version_prefix "go${GO_VERSION}." --arg arch "$goArch" -r '. | map(select(. | .version | startswith($version_prefix))) | first | .files[] | select(.os == "linux" and .arch == $arch and .kind == "archive").filename' go-versions.json); \
+    wget -q -O - https://go.dev/dl/${GO_ARCHIVE} | tar xz -C /usr/local/
+
+# Using ENV makes the change persistent, but this is just a builder image.
+ENV PATH /usr/local/go/bin:$PATH
+
+WORKDIR /antrea
+
+COPY go.mod /antrea/go.mod
+
+RUN go mod download
+
+COPY . /antrea
+
+RUN make antrea-agent antrea-cni
+# Disable CGO for antctl in case it is copied outside of the container image. It
+# also reduces the size of the binary and aligns with how we distribute antctl
+# in release assets.
+RUN CGO_ENABLED=0 make antctl-linux
+RUN mv bin/antctl-linux bin/antctl
+
+FROM antrea/base-ubi:${BUILD_TAG}
+
+LABEL maintainer="Antrea <[email protected]>"
+LABEL description="The Docker image to deploy the antrea-agent."
+
+USER root
+
+COPY build/images/scripts/* /usr/local/bin/
+COPY --from=antrea-build /antrea/bin/antrea-agent /usr/local/bin/
+COPY --from=antrea-build /antrea/bin/antrea-cni /usr/local/bin/
+COPY --from=antrea-build /antrea/bin/antctl /usr/local/bin/

build/images/Dockerfile.build.controller.ubi

@@ -0,0 +1,63 @@
+# Copyright 2024 Antrea Authors
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+ARG BUILD_TAG
+FROM registry.access.redhat.com/ubi8 as antrea-build
+
+ADD https://go.dev/dl/?mode=json&include=all go-versions.json
+
+RUN yum install ca-certificates gcc git jq make wget -y
+
+ARG GO_VERSION
+
+# GO_VERSION is a Go minor version, we use the downloaded go-versions.json file
+# to identify and install the latest patch release for this minor version.
+RUN set -eux; \
+    arch="$(uname -m)"; \
+    case "${arch##*-}" in \
+         x86_64) goArch='amd64' ;; \
+         arm) goArch='armv6l' ;; \
+         aarch64) goArch='arm64' ;; \
+         *) goArch=''; echo >&2; echo >&2 "unsupported architecture '$arch'"; echo >&2 ; exit 1 ;; \
+    esac; \
+    GO_ARCHIVE=$(jq --arg version_prefix "go${GO_VERSION}." --arg arch "$goArch" -r '. | map(select(. | .version | startswith($version_prefix))) | first | .files[] | select(.os == "linux" and .arch == $arch and .kind == "archive").filename' go-versions.json); \
+    wget -q -O - https://go.dev/dl/${GO_ARCHIVE} | tar xz -C /usr/local/
+
+# Using ENV makes the change persistent, but this is just a builder image.
+ENV PATH /usr/local/go/bin:$PATH
+
+WORKDIR /antrea
+
+COPY go.mod /antrea/go.mod
+
+RUN go mod download
+
+COPY . /antrea
+
+RUN make antrea-controller
+# Disable CGO for antctl in case it is copied outside of the container image. It
+# also reduces the size of the binary and aligns with how we distribute antctl
+# in release assets.
+RUN CGO_ENABLED=0 make antctl-linux
+RUN mv bin/antctl-linux bin/antctl
+
+FROM ubuntu:22.04
+
+LABEL maintainer="Antrea <[email protected]>"
+LABEL description="The Docker image to deploy the antrea-controller."
+
+USER root
+
+COPY --from=antrea-build /antrea/bin/antctl /usr/local/bin/
+COPY --from=antrea-build /antrea/bin/antrea-controller /usr/local/bin/

hack/build-antrea-linux-all.sh

@@ -28,7 +28,8 @@ all Dockerfiles.
         --push-base-images      Push built images to the registry. Only base images will be pushed.
         --coverage              Build the image with support for code coverage.
         --platform <PLATFORM>   Target platform for the images if server is multi-platform capable.
-        --distro <distro>       Target Linux distribution."
+        --distro <distro>       Target Linux distribution.
+        --skip-unified-image    Skips building the Antrea unified image."
 
 function print_usage {
     echoerr "$_usage"
@@ -39,6 +40,7 @@ PUSH=false
 COVERAGE=false
 PLATFORM=""
 DISTRO="ubuntu"
+UNIFIED=true
 
 while [[ $# -gt 0 ]]
 do
@@ -65,6 +67,10 @@ case $key in
     DISTRO="$2"
     shift 2
     ;;
+    --skip-unified-image)
+    UNIFIED=false
+    shift 2
+    ;;
     -h|--help)
     print_usage
     exit 0
@@ -163,14 +169,22 @@ if [ "$DISTRO" == "ubuntu" ]; then
     if $COVERAGE; then
         make build-controller-ubuntu-coverage
         make build-agent-ubuntu-coverage
-        make build-ubuntu-coverage
+        if $UNIFIED; then
+            make build-ubuntu-coverage
+        fi
     else
         make build-controller-ubuntu
         make build-agent-ubuntu
-        make
+        if $UNIFIED; then
+            make
+        fi
     fi
 elif [ "$DISTRO" == "ubi" ]; then
-    make build-ubi
+    make build-controller-ubi
+    make build-agent-ubi
+    if $UNIFIED; then
+        make build-ubi
+    fi
 fi
 
 popd > /dev/null