diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index a8fd533e6df..eb51345968d 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -85,6 +85,8 @@ jobs: echo "$DOCKER_PASSWORD" | docker login -u "$DOCKER_USERNAME" --password-stdin ./hack/build-antrea-linux-all.sh --pull --push-base-images --distro ubi docker push antrea/antrea-ubi:latest + docker push antrea/antrea-agent-ubi:latest + docker push antrea/antrea-controller-ubi:latest build-scale: needs: check-changes diff --git a/.github/workflows/build_tag.yml b/.github/workflows/build_tag.yml index 90a6702e8fa..bc31d7bf311 100644 --- a/.github/workflows/build_tag.yml +++ b/.github/workflows/build_tag.yml @@ -65,6 +65,8 @@ jobs: ./hack/build-antrea-linux-all.sh --pull --distro ubi echo "$DOCKER_PASSWORD" | docker login -u "$DOCKER_USERNAME" --password-stdin docker push antrea/antrea-ubi:"${VERSION}" + docker push antrea/antrea-agent-ubi:"${VERSION}" + docker push antrea/antrea-controller-ubi:"${VERSION}" build-windows: runs-on: [windows-2019] diff --git a/.github/workflows/conformance.yml b/.github/workflows/conformance.yml index 323052996d1..a92bcab2a91 100644 --- a/.github/workflows/conformance.yml +++ b/.github/workflows/conformance.yml @@ -66,7 +66,7 @@ jobs: - name: Create K8s cluster run: | # The command also loads local antrea/antrea-agent-ubuntu:latest and antrea/antrea-controller-ubuntu:latest - # into Nodes if it exists. + # into Nodes if they exist. ./ci/kind/kind-setup.sh create kind \ --k8s-version "${{ inputs.k8s-version }}" - name: Install Antrea diff --git a/Makefile b/Makefile index d0544e5f559..77f96f86112 100644 --- a/Makefile +++ b/Makefile @@ -374,6 +374,26 @@ else endif docker tag antrea/antrea-ubi:$(DOCKER_IMG_VERSION) antrea/antrea-ubi +.PHONY: build-agent-ubi +build-ubi: + @echo "===> Building Antrea bins and antrea/antrea-agent-ubi Docker image <===" +ifneq ($(NO_PULL),"") + docker build -t antrea/antrea-agent-ubi:$(DOCKER_IMG_VERSION) -f build/images/Dockerfile.build.agent.ubi $(DOCKER_BUILD_ARGS) . +else + docker build --pull -t antrea/antrea-agent-ubi:$(DOCKER_IMG_VERSION) -f build/images/Dockerfile.build.agent.ubi $(DOCKER_BUILD_ARGS) . +endif + docker tag antrea/antrea-agent-ubi:$(DOCKER_IMG_VERSION) antrea/antrea-agent-ubi + +.PHONY: build-controller-ubi +build-ubi: + @echo "===> Building Antrea bins and antrea/antrea-controller-ubi Docker image <===" +ifneq ($(NO_PULL),"") + docker build -t antrea/antrea-controller-ubi:$(DOCKER_IMG_VERSION) -f build/images/Dockerfile.build.controller.ubi $(DOCKER_BUILD_ARGS) . +else + docker build --pull -t antrea/antrea-controller-ubi:$(DOCKER_IMG_VERSION) -f build/images/Dockerfile.build.controller.ubi $(DOCKER_BUILD_ARGS) . +endif + docker tag antrea/antrea-controller-ubi:$(DOCKER_IMG_VERSION) antrea/antrea-controller-ubi + .PHONY: build-windows build-windows: @echo "===> Building Antrea bins and antrea/antrea-windows Docker image <===" diff --git a/build/charts/antrea/templates/agent/daemonset.yaml b/build/charts/antrea/templates/agent/daemonset.yaml index 3a4fc03dc2a..bdddb750826 100644 --- a/build/charts/antrea/templates/agent/daemonset.yaml +++ b/build/charts/antrea/templates/agent/daemonset.yaml @@ -72,7 +72,11 @@ spec: {{- end }} - name: install-cni image: {{ include "antreaAgentImage" . | quote }} + {{- if .Values.image.pullPolicy }} + imagePullPolicy: {{ .Values.image }} + {{- else }} imagePullPolicy: {{ .Values.agentImage.pullPolicy }} + {{- end }} resources: {{- .Values.agent.installCNI.resources | toYaml | nindent 12 }} {{- if eq .Values.trafficEncapMode "networkPolicyOnly" }} command: ["install_cni_chaining"] @@ -128,7 +132,11 @@ spec: {{- end }} - name: antrea-agent image: {{ include "antreaAgentImage" . | quote }} + {{- if .Values.image.pullPolicy }} + imagePullPolicy: {{ .Values.image }} + {{- else }} imagePullPolicy: {{ .Values.agentImage.pullPolicy }} + {{- end }} {{- if ((.Values.testing).coverage) }} command: ["/bin/sh"] args: ["-c", "sleep 2; antrea-agent-coverage -test.run=TestBincoverRunMain -test.coverprofile=antrea-agent.cov.out -args-file=/agent-arg-file; while true; do sleep 5 & wait $!; done"] @@ -258,7 +266,11 @@ spec: {{- end }} - name: antrea-ovs image: {{ include "antreaAgentImage" . | quote }} + {{- if .Values.image.pullPolicy }} + imagePullPolicy: {{ .Values.image }} + {{- else }} imagePullPolicy: {{ .Values.agentImage.pullPolicy }} + {{- end }} resources: {{- .Values.agent.antreaOVS.resources | toYaml | nindent 12 }} command: ["start_ovs"] args: @@ -314,7 +326,11 @@ spec: {{- if eq .Values.trafficEncryptionMode "ipsec" }} - name: antrea-ipsec image: {{ include "antreaAgentImage" . | quote }} + {{- if .Values.image.pullPolicy }} + imagePullPolicy: {{ .Values.image }} + {{- else }} imagePullPolicy: {{ .Values.agentImage.pullPolicy }} + {{- end }} resources: {{- .Values.agent.antreaIPsec.resources | toYaml | nindent 12 }} command: ["start_ovs_ipsec"] livenessProbe: diff --git a/build/charts/antrea/templates/controller/deployment.yaml b/build/charts/antrea/templates/controller/deployment.yaml index 53738d05a53..6f813e38d79 100644 --- a/build/charts/antrea/templates/controller/deployment.yaml +++ b/build/charts/antrea/templates/controller/deployment.yaml @@ -61,7 +61,11 @@ spec: containers: - name: antrea-controller image: {{ include "antreaControllerImage" . | quote }} + {{- if .Values.image }} + imagePullPolicy: {{ .Values.image.pullPolicy }} + {{- else }} imagePullPolicy: {{ .Values.controllerImage.pullPolicy }} + {{- end }} resources: {{- .Values.controller.antreaController.resources | toYaml | nindent 12 }} {{- if ((.Values.testing).coverage) }} command: ["/bin/sh"] diff --git a/build/images/Dockerfile.build.agent.ubi b/build/images/Dockerfile.build.agent.ubi new file mode 100644 index 00000000000..71d3aaa80e6 --- /dev/null +++ b/build/images/Dockerfile.build.agent.ubi @@ -0,0 +1,65 @@ +# Copyright 2024 Antrea Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +ARG BUILD_TAG +FROM registry.access.redhat.com/ubi8 as antrea-build + +ADD https://go.dev/dl/?mode=json&include=all go-versions.json + +RUN yum install ca-certificates gcc git jq make wget -y + +ARG GO_VERSION + +# GO_VERSION is a Go minor version, we use the downloaded go-versions.json file +# to identify and install the latest patch release for this minor version. +RUN set -eux; \ + arch="$(uname -m)"; \ + case "${arch##*-}" in \ + x86_64) goArch='amd64' ;; \ + arm) goArch='armv6l' ;; \ + aarch64) goArch='arm64' ;; \ + *) goArch=''; echo >&2; echo >&2 "unsupported architecture '$arch'"; echo >&2 ; exit 1 ;; \ + esac; \ + GO_ARCHIVE=$(jq --arg version_prefix "go${GO_VERSION}." --arg arch "$goArch" -r '. | map(select(. | .version | startswith($version_prefix))) | first | .files[] | select(.os == "linux" and .arch == $arch and .kind == "archive").filename' go-versions.json); \ + wget -q -O - https://go.dev/dl/${GO_ARCHIVE} | tar xz -C /usr/local/ + +# Using ENV makes the change persistent, but this is just a builder image. +ENV PATH /usr/local/go/bin:$PATH + +WORKDIR /antrea + +COPY go.mod /antrea/go.mod + +RUN go mod download + +COPY . /antrea + +RUN make antrea-agent antrea-cni +# Disable CGO for antctl in case it is copied outside of the container image. It +# also reduces the size of the binary and aligns with how we distribute antctl +# in release assets. +RUN CGO_ENABLED=0 make antctl-linux +RUN mv bin/antctl-linux bin/antctl + +FROM antrea/base-ubi:${BUILD_TAG} + +LABEL maintainer="Antrea " +LABEL description="The Docker image to deploy the antrea-agent." + +USER root + +COPY build/images/scripts/* /usr/local/bin/ +COPY --from=antrea-build /antrea/bin/antrea-agent /usr/local/bin/ +COPY --from=antrea-build /antrea/bin/antrea-cni /usr/local/bin/ +COPY --from=antrea-build /antrea/bin/antctl /usr/local/bin/ diff --git a/build/images/Dockerfile.build.controller.ubi b/build/images/Dockerfile.build.controller.ubi new file mode 100644 index 00000000000..376801bde38 --- /dev/null +++ b/build/images/Dockerfile.build.controller.ubi @@ -0,0 +1,63 @@ +# Copyright 2024 Antrea Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +ARG BUILD_TAG +FROM registry.access.redhat.com/ubi8 as antrea-build + +ADD https://go.dev/dl/?mode=json&include=all go-versions.json + +RUN yum install ca-certificates gcc git jq make wget -y + +ARG GO_VERSION + +# GO_VERSION is a Go minor version, we use the downloaded go-versions.json file +# to identify and install the latest patch release for this minor version. +RUN set -eux; \ + arch="$(uname -m)"; \ + case "${arch##*-}" in \ + x86_64) goArch='amd64' ;; \ + arm) goArch='armv6l' ;; \ + aarch64) goArch='arm64' ;; \ + *) goArch=''; echo >&2; echo >&2 "unsupported architecture '$arch'"; echo >&2 ; exit 1 ;; \ + esac; \ + GO_ARCHIVE=$(jq --arg version_prefix "go${GO_VERSION}." --arg arch "$goArch" -r '. | map(select(. | .version | startswith($version_prefix))) | first | .files[] | select(.os == "linux" and .arch == $arch and .kind == "archive").filename' go-versions.json); \ + wget -q -O - https://go.dev/dl/${GO_ARCHIVE} | tar xz -C /usr/local/ + +# Using ENV makes the change persistent, but this is just a builder image. +ENV PATH /usr/local/go/bin:$PATH + +WORKDIR /antrea + +COPY go.mod /antrea/go.mod + +RUN go mod download + +COPY . /antrea + +RUN make antrea-controller +# Disable CGO for antctl in case it is copied outside of the container image. It +# also reduces the size of the binary and aligns with how we distribute antctl +# in release assets. +RUN CGO_ENABLED=0 make antctl-linux +RUN mv bin/antctl-linux bin/antctl + +FROM ubuntu:22.04 + +LABEL maintainer="Antrea " +LABEL description="The Docker image to deploy the antrea-controller." + +USER root + +COPY --from=antrea-build /antrea/bin/antctl /usr/local/bin/ +COPY --from=antrea-build /antrea/bin/antrea-controller /usr/local/bin/ diff --git a/hack/build-antrea-linux-all.sh b/hack/build-antrea-linux-all.sh index 433a9c6e60c..56604ccd08c 100755 --- a/hack/build-antrea-linux-all.sh +++ b/hack/build-antrea-linux-all.sh @@ -28,7 +28,8 @@ all Dockerfiles. --push-base-images Push built images to the registry. Only base images will be pushed. --coverage Build the image with support for code coverage. --platform Target platform for the images if server is multi-platform capable. - --distro Target Linux distribution." + --distro Target Linux distribution. + --skip-unified-image Skips building the Antrea unified image." function print_usage { echoerr "$_usage" @@ -39,6 +40,7 @@ PUSH=false COVERAGE=false PLATFORM="" DISTRO="ubuntu" +UNIFIED=true while [[ $# -gt 0 ]] do @@ -65,6 +67,10 @@ case $key in DISTRO="$2" shift 2 ;; + --skip-unified-image) + UNIFIED=false + shift 2 + ;; -h|--help) print_usage exit 0 @@ -163,14 +169,22 @@ if [ "$DISTRO" == "ubuntu" ]; then if $COVERAGE; then make build-controller-ubuntu-coverage make build-agent-ubuntu-coverage - make build-ubuntu-coverage + if $UNIFIED; then + make build-ubuntu-coverage + fi else make build-controller-ubuntu make build-agent-ubuntu - make + if $UNIFIED; then + make + fi fi elif [ "$DISTRO" == "ubi" ]; then - make build-ubi + make build-controller-ubi + make build-agent-ubi + if $UNIFIED; then + make build-ubi + fi fi popd > /dev/null