From f7cdd31696af7fb5d0c1283f945e47c1acccb60a Mon Sep 17 00:00:00 2001 From: Pulkit Jain Date: Tue, 12 Dec 2023 15:35:05 +0530 Subject: [PATCH] Use Different Images for Agent and Controller Fixes #5691. Modified the code to build separate images for antrea-agent and antrea-controller, because there are many resources that are not required by controller and are required by agent only, and unified image for both creates a burden when starting antrea-controller and thus it takes time to start. For this reason I have create separate images for antrea-agent and antrea-controller. Signed-off-by: Pulkit Jain --- .github/workflows/build.yml | 4 ++ .github/workflows/kind.yml | 20 +++++--- Makefile | 40 ++++++++++++++++ build/charts/antrea/README.md | 4 +- build/charts/antrea/templates/_helpers.tpl | 34 +++++++++++++- .../antrea/templates/agent/daemonset.yaml | 16 +++---- .../templates/controller/deployment.yaml | 4 +- build/charts/antrea/values.yaml | 11 ++++- build/images/Dockerfile.agent.build.coverage | 47 +++++++++++++++++++ build/images/Dockerfile.build.agent.ubuntu | 44 +++++++++++++++++ .../images/Dockerfile.build.controller.ubuntu | 42 +++++++++++++++++ .../Dockerfile.controller.build.coverage | 45 ++++++++++++++++++ build/yamls/antrea-aks.yml | 8 ++-- build/yamls/antrea-eks.yml | 8 ++-- build/yamls/antrea-gke.yml | 8 ++-- build/yamls/antrea-ipsec.yml | 10 ++-- build/yamls/antrea.yml | 8 ++-- ci/kind/kind-setup.sh | 4 +- ci/kind/test-e2e-kind.sh | 6 ++- ci/kind/test-netpol-v2-conformance-kind.sh | 3 +- ci/kind/test-upgrade-antrea.sh | 3 +- hack/build-antrea-linux-all.sh | 4 ++ hack/generate-helm-release.sh | 2 + hack/generate-manifest.sh | 3 +- hack/generate-standard-manifests.sh | 19 ++++++-- hack/release/prepare-assets.sh | 3 +- test/e2e/tls_test.go | 5 +- 27 files changed, 346 insertions(+), 59 deletions(-) create mode 100644 build/images/Dockerfile.agent.build.coverage create mode 100644 build/images/Dockerfile.build.agent.ubuntu create mode 100644 build/images/Dockerfile.build.controller.ubuntu create mode 100644 build/images/Dockerfile.controller.build.coverage diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 71c86d2657b..2514e6a5b30 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -49,7 +49,11 @@ jobs: echo "$DOCKER_PASSWORD" | docker login -u "$DOCKER_USERNAME" --password-stdin ./hack/build-antrea-linux-all.sh --pull --push-base-images docker tag antrea/antrea-ubuntu:latest antrea/antrea-ubuntu-amd64:latest + docker tag antrea/antrea-controller-ubuntu:latest antrea/antrea-controller-ubuntu-amd64:latest + docker tag antrea/antrea-agent-ubuntu:latest antrea/antrea-agent-ubuntu-amd64:latest docker push antrea/antrea-ubuntu-amd64:latest + docker push antrea/antrea-controller-ubuntu-amd64:latest + docker push antrea/antrea-agent-ubuntu-amd64:latest - name: Trigger Antrea arm builds and multi-arch manifest update if: ${{ github.repository == 'antrea-io/antrea' && github.event_name == 'push' && github.ref == 'refs/heads/main' }} uses: benc-uk/workflow-dispatch@v1 diff --git a/.github/workflows/kind.yml b/.github/workflows/kind.yml index c967fd2ca90..fbfd6912be3 100644 --- a/.github/workflows/kind.yml +++ b/.github/workflows/kind.yml @@ -41,7 +41,7 @@ jobs: run: | ./hack/build-antrea-linux-all.sh --pull --coverage - name: Save Antrea image to tarball - run: docker save -o antrea-ubuntu.tar antrea/antrea-ubuntu-coverage:latest + run: docker save -o antrea-ubuntu.tar antrea/antrea-agent-ubuntu-coverage:latest antrea/antrea-controller-ubuntu-coverage:latest - name: Upload Antrea image for subsequent jobs uses: actions/upload-artifact@v4 with: @@ -488,7 +488,8 @@ jobs: - name: Load Antrea image run: | docker load -i antrea-ubuntu.tar - docker tag antrea/antrea-ubuntu-coverage:latest antrea/antrea-ubuntu:latest + docker tag antrea/antrea-agent-ubuntu-coverage:latest antrea/antrea-agent-ubuntu:latest + docker tag antrea/antrea-controller-ubuntu-coverage:latest antrea/antrea-controller-ubuntu:latest - name: Install Kind run: | KIND_VERSION=$(head -n1 ./ci/kind/version) @@ -533,7 +534,8 @@ jobs: - name: Load Antrea image run: | docker load -i antrea-ubuntu.tar - docker tag antrea/antrea-ubuntu-coverage:latest antrea/antrea-ubuntu:latest + docker tag antrea/antrea-agent-ubuntu-coverage:latest antrea/antrea-agent-ubuntu:latest + docker tag antrea/antrea-controller-ubuntu-coverage:latest antrea/antrea-controller-ubuntu:latest - name: Install Kind run: | KIND_VERSION=$(head -n1 ./ci/kind/version) @@ -578,7 +580,8 @@ jobs: - name: Load Antrea image run: | docker load -i antrea-ubuntu.tar - docker tag antrea/antrea-ubuntu-coverage:latest antrea/antrea-ubuntu:latest + docker tag antrea/antrea-agent-ubuntu-coverage:latest antrea/antrea-agent-ubuntu:latest + docker tag antrea/antrea-controller-ubuntu-coverage:latest antrea/antrea-controller-ubuntu:latest - name: Install Kind run: | KIND_VERSION=$(head -n1 ./ci/kind/version) @@ -623,7 +626,8 @@ jobs: - name: Load Antrea image run: | docker load -i antrea-ubuntu.tar - docker tag antrea/antrea-ubuntu-coverage:latest antrea/antrea-ubuntu:latest + docker tag antrea/antrea-agent-ubuntu-coverage:latest antrea/antrea-agent-ubuntu:latest + docker tag antrea/antrea-controller-ubuntu-coverage:latest antrea/antrea-controller-ubuntu:latest - name: Install Kind run: | KIND_VERSION=$(head -n1 ./ci/kind/version) @@ -668,7 +672,8 @@ jobs: - name: Load Antrea image run: | docker load -i antrea-ubuntu.tar - docker tag antrea/antrea-ubuntu-coverage:latest antrea/antrea-ubuntu:latest + docker tag antrea/antrea-agent-ubuntu-coverage:latest antrea/antrea-agent-ubuntu:latest + docker tag antrea/antrea-controller-ubuntu-coverage:latest antrea/antrea-controller-ubuntu:latest - name: Install Kind run: | KIND_VERSION=$(head -n1 ./ci/kind/version) @@ -710,7 +715,8 @@ jobs: - name: Load Antrea image run: | docker load -i antrea-ubuntu.tar - docker tag antrea/antrea-ubuntu-coverage:latest antrea/antrea-ubuntu:latest + docker tag antrea/antrea-agent-ubuntu-coverage:latest antrea/antrea-agent-ubuntu:latest + docker tag antrea/antrea-controller-ubuntu-coverage:latest antrea/antrea-controller-ubuntu:latest - name: Install Kind run: | KIND_VERSION=$(head -n1 ./ci/kind/version) diff --git a/Makefile b/Makefile index e612daeb145..5a21cd36a31 100644 --- a/Makefile +++ b/Makefile @@ -332,6 +332,26 @@ else endif docker tag antrea/antrea-ubuntu:$(DOCKER_IMG_VERSION) antrea/antrea-ubuntu +.PHONY: build-controller-ubuntu +build-controller-ubuntu: + @echo "===> Building antrea/antrea-controller-ubuntu Docker image <===" +ifneq ($(NO_PULL),) + docker build -t antrea/antrea-controller-ubuntu:$(DOCKER_IMG_VERSION) -f build/images/Dockerfile.build.controller.ubuntu $(DOCKER_BUILD_ARGS) . +else + docker build --pull -t antrea/antrea-controller-ubuntu:$(DOCKER_IMG_VERSION) -f build/images/Dockerfile.build.controller.ubuntu $(DOCKER_BUILD_ARGS) . +endif + docker tag antrea/antrea-controller-ubuntu:$(DOCKER_IMG_VERSION) antrea/antrea-controller-ubuntu + +.PHONY: build-agent-ubuntu +build-agent-ubuntu: + @echo "===> Building antrea/antrea-agent-ubuntu Docker image <===" +ifneq ($(NO_PULL),) + docker build -t antrea/antrea-agent-ubuntu:$(DOCKER_IMG_VERSION) -f build/images/Dockerfile.build.agent.ubuntu $(DOCKER_BUILD_ARGS) . +else + docker build --pull -t antrea/antrea-agent-ubuntu:$(DOCKER_IMG_VERSION) -f build/images/Dockerfile.build.agent.ubuntu $(DOCKER_BUILD_ARGS) . +endif + docker tag antrea/antrea-agent-ubuntu:$(DOCKER_IMG_VERSION) antrea/antrea-agent-ubuntu + # Build bins in a golang container, and build the antrea-ubuntu Docker image. .PHONY: build-ubuntu build-ubuntu: @@ -374,6 +394,26 @@ else endif docker tag antrea/antrea-ubuntu-coverage:$(DOCKER_IMG_VERSION) antrea/antrea-ubuntu-coverage +.PHONY: build-controller-ubuntu-coverage +build-controller-ubuntu-coverage: + @echo "===> Building Antrea bins and antrea/antrea-controller-ubuntu-coverage Docker image <===" +ifneq ($(NO_PULL),) + docker build -t antrea/antrea-controller-ubuntu-coverage:$(DOCKER_IMG_VERSION) -f build/images/Dockerfile.controller.build.coverage $(DOCKER_BUILD_ARGS) . +else + docker build --pull -t antrea/antrea-controller-ubuntu-coverage:$(DOCKER_IMG_VERSION) -f build/images/Dockerfile.controller.build.coverage $(DOCKER_BUILD_ARGS) . +endif + docker tag antrea/antrea-controller-ubuntu-coverage:$(DOCKER_IMG_VERSION) antrea/antrea-controller-ubuntu-coverage + +.PHONY: build-agent-ubuntu-coverage +build-agent-ubuntu-coverage: + @echo "===> Building Antrea bins and antrea/antrea-agent-ubuntu-coverage Docker image <===" +ifneq ($(NO_PULL),) + docker build -t antrea/antrea-agent-ubuntu-coverage:$(DOCKER_IMG_VERSION) -f build/images/Dockerfile.agent.build.coverage $(DOCKER_BUILD_ARGS) . +else + docker build --pull -t antrea/antrea-agent-ubuntu-coverage:$(DOCKER_IMG_VERSION) -f build/images/Dockerfile.agent.build.coverage $(DOCKER_BUILD_ARGS) . +endif + docker tag antrea/antrea-agent-ubuntu-coverage:$(DOCKER_IMG_VERSION) antrea/antrea-agent-ubuntu-coverage + .PHONY: build-scale-simulator build-scale-simulator: @echo "===> Building simulator bin and antrea-ubuntu-simulator image" diff --git a/build/charts/antrea/README.md b/build/charts/antrea/README.md index da824a9b1e9..4d5a618f5f6 100644 --- a/build/charts/antrea/README.md +++ b/build/charts/antrea/README.md @@ -52,6 +52,7 @@ Kubernetes: `>= 1.16.0-0` | agent.priorityClassName | string | `"system-node-critical"` | Prority class to use for the antrea-agent Pods. | | agent.tolerations | list | `[{"key":"CriticalAddonsOnly","operator":"Exists"},{"effect":"NoSchedule","operator":"Exists"},{"effect":"NoExecute","operator":"Exists"}]` | Tolerations for the antrea-agent Pods. | | agent.updateStrategy | object | `{"type":"RollingUpdate"}` | Update strategy for the antrea-agent DaemonSet. | +| agentImage | object | `{"pullPolicy":"IfNotPresent","repository":"antrea/antrea-agent-ubuntu","tag":""}` | Container image to use for antrea-agent component. | | antreaProxy.defaultLoadBalancerMode | string | `"nat"` | Determines how external traffic is processed when it's load balanced across Nodes by default. It must be one of "nat" or "dsr". | | antreaProxy.enable | bool | `true` | To disable AntreaProxy, set this to false. | | antreaProxy.nodePortAddresses | list | `[]` | String array of values which specifies the host IPv4/IPv6 addresses for NodePort. By default, all host addresses are used. | @@ -82,6 +83,7 @@ Kubernetes: `>= 1.16.0-0` | controller.priorityClassName | string | `"system-cluster-critical"` | Prority class to use for the antrea-controller Pod. | | controller.selfSignedCert | bool | `true` | Indicates whether to use auto-generated self-signed TLS certificates. If false, a Secret named "antrea-controller-tls" must be provided with the following keys: ca.crt, tls.crt, tls.key. | | controller.tolerations | list | `[{"key":"CriticalAddonsOnly","operator":"Exists"},{"effect":"NoSchedule","key":"node-role.kubernetes.io/master"},{"effect":"NoSchedule","key":"node-role.kubernetes.io/control-plane"},{"effect":"NoExecute","key":"node.kubernetes.io/unreachable","operator":"Exists","tolerationSeconds":0}]` | Tolerations for the antrea-controller Pod. | +| controllerImage | object | `{"pullPolicy":"IfNotPresent","repository":"antrea/antrea-controller-ubuntu","tag":""}` | Container image to use for antrea-controller component. | | defaultMTU | int | `0` | Default MTU to use for the host gateway interface and the network interface of each Pod. By default, antrea-agent will discover the MTU of the Node's primary interface and adjust it to accommodate for tunnel encapsulation overhead if applicable. | | disableTXChecksumOffload | bool | `false` | Disable TX checksum offloading for container network interfaces. It's supposed to be set to true when the datapath doesn't support TX checksum offloading, which causes packets to be dropped due to bad checksum. It affects Pods running on Linux Nodes only. | | dnsServerOverride | string | `""` | Address of DNS server, to override the kube-dns Service. It's used to resolve hostnames in a FQDN policy. | @@ -95,7 +97,7 @@ Kubernetes: `>= 1.16.0-0` | flowExporter.flowPollInterval | string | `"5s"` | Determines how often the flow exporter polls for new connections. | | flowExporter.idleFlowExportTimeout | string | `"15s"` | timeout after which a flow record is sent to the collector for idle flows. | | hostGateway | string | `"antrea-gw0"` | Name of the interface antrea-agent will create and use for host <-> Pod communication. | -| image | object | `{"pullPolicy":"IfNotPresent","repository":"antrea/antrea-ubuntu","tag":""}` | Container image to use for Antrea components. | +| image | object | `{}` | Container image to use for Antrea components. | | ipsec.authenticationMode | string | `"psk"` | The authentication mode to use for IPsec. Must be one of "psk" or "cert". | | ipsec.csrSigner.autoApprove | bool | `true` | Enable auto approval of Antrea signer for IPsec certificates. | | ipsec.csrSigner.selfSignedCA | bool | `true` | Whether or not to use auto-generated self-signed CA. | diff --git a/build/charts/antrea/templates/_helpers.tpl b/build/charts/antrea/templates/_helpers.tpl index e3573baa7d1..e9665494591 100644 --- a/build/charts/antrea/templates/_helpers.tpl +++ b/build/charts/antrea/templates/_helpers.tpl @@ -18,8 +18,40 @@ {{- end }} {{- end -}} -{{- define "antreaImage" -}} +{{- define "antreaAgentImageTag" -}} +{{- if .Values.agentImage.tag }} +{{- .Values.agentImage.tag -}} +{{- else if eq .Chart.AppVersion "latest" }} +{{- print "latest" -}} +{{- else }} +{{- print "v" .Chart.AppVersion -}} +{{- end }} +{{- end -}} + +{{- define "antreaControllerImageTag" -}} +{{- if .Values.controllerImage.tag }} +{{- .Values.controllerImage.tag -}} +{{- else if eq .Chart.AppVersion "latest" }} +{{- print "latest" -}} +{{- else }} +{{- print "v" .Chart.AppVersion -}} +{{- end }} +{{- end -}} + +{{- define "antreaControllerImage" -}} +{{- if .Values.image.repository }} +{{- print .Values.image.repository ":" (include "antreaImageTag" .) -}} +{{- else }} +{{- print .Values.controllerImage.repository ":" (include "antreaControllerImageTag" .) -}} +{{- end }} +{{- end -}} + +{{- define "antreaAgentImage" -}} +{{- if .Values.image.repository }} {{- print .Values.image.repository ":" (include "antreaImageTag" .) -}} +{{- else }} +{{- print .Values.agentImage.repository ":" (include "antreaAgentImageTag" .) -}} +{{- end }} {{- end -}} {{- define "validateValues" -}} diff --git a/build/charts/antrea/templates/agent/daemonset.yaml b/build/charts/antrea/templates/agent/daemonset.yaml index 96e2e3fb2b9..3a4fc03dc2a 100644 --- a/build/charts/antrea/templates/agent/daemonset.yaml +++ b/build/charts/antrea/templates/agent/daemonset.yaml @@ -71,8 +71,8 @@ spec: containers: {{- end }} - name: install-cni - image: {{ include "antreaImage" . | quote }} - imagePullPolicy: {{ .Values.image.pullPolicy }} + image: {{ include "antreaAgentImage" . | quote }} + imagePullPolicy: {{ .Values.agentImage.pullPolicy }} resources: {{- .Values.agent.installCNI.resources | toYaml | nindent 12 }} {{- if eq .Values.trafficEncapMode "networkPolicyOnly" }} command: ["install_cni_chaining"] @@ -127,8 +127,8 @@ spec: containers: {{- end }} - name: antrea-agent - image: {{ include "antreaImage" . | quote }} - imagePullPolicy: {{ .Values.image.pullPolicy }} + image: {{ include "antreaAgentImage" . | quote }} + imagePullPolicy: {{ .Values.agentImage.pullPolicy }} {{- if ((.Values.testing).coverage) }} command: ["/bin/sh"] args: ["-c", "sleep 2; antrea-agent-coverage -test.run=TestBincoverRunMain -test.coverprofile=antrea-agent.cov.out -args-file=/agent-arg-file; while true; do sleep 5 & wait $!; done"] @@ -257,8 +257,8 @@ spec: {{- toYaml . | trim | nindent 10 }} {{- end }} - name: antrea-ovs - image: {{ include "antreaImage" . | quote }} - imagePullPolicy: {{ .Values.image.pullPolicy }} + image: {{ include "antreaAgentImage" . | quote }} + imagePullPolicy: {{ .Values.agentImage.pullPolicy }} resources: {{- .Values.agent.antreaOVS.resources | toYaml | nindent 12 }} command: ["start_ovs"] args: @@ -313,8 +313,8 @@ spec: subPath: openvswitch {{- if eq .Values.trafficEncryptionMode "ipsec" }} - name: antrea-ipsec - image: {{ include "antreaImage" . | quote }} - imagePullPolicy: {{ .Values.image.pullPolicy }} + image: {{ include "antreaAgentImage" . | quote }} + imagePullPolicy: {{ .Values.agentImage.pullPolicy }} resources: {{- .Values.agent.antreaIPsec.resources | toYaml | nindent 12 }} command: ["start_ovs_ipsec"] livenessProbe: diff --git a/build/charts/antrea/templates/controller/deployment.yaml b/build/charts/antrea/templates/controller/deployment.yaml index 78f70479d56..53738d05a53 100644 --- a/build/charts/antrea/templates/controller/deployment.yaml +++ b/build/charts/antrea/templates/controller/deployment.yaml @@ -60,8 +60,8 @@ spec: serviceAccountName: antrea-controller containers: - name: antrea-controller - image: {{ include "antreaImage" . | quote }} - imagePullPolicy: {{ .Values.image.pullPolicy }} + image: {{ include "antreaControllerImage" . | quote }} + imagePullPolicy: {{ .Values.controllerImage.pullPolicy }} resources: {{- .Values.controller.antreaController.resources | toYaml | nindent 12 }} {{- if ((.Values.testing).coverage) }} command: ["/bin/sh"] diff --git a/build/charts/antrea/values.yaml b/build/charts/antrea/values.yaml index aff2df445a1..f9b40ade08c 100644 --- a/build/charts/antrea/values.yaml +++ b/build/charts/antrea/values.yaml @@ -1,6 +1,13 @@ # -- Container image to use for Antrea components. -image: - repository: "antrea/antrea-ubuntu" +image: {} +# -- Container image to use for antrea-agent component. +agentImage: + repository: "antrea/antrea-agent-ubuntu" + pullPolicy: "IfNotPresent" + tag: "" +# -- Container image to use for antrea-controller component. +controllerImage: + repository: "antrea/antrea-controller-ubuntu" pullPolicy: "IfNotPresent" tag: "" diff --git a/build/images/Dockerfile.agent.build.coverage b/build/images/Dockerfile.agent.build.coverage new file mode 100644 index 00000000000..f2c3288815f --- /dev/null +++ b/build/images/Dockerfile.agent.build.coverage @@ -0,0 +1,47 @@ +# Copyright 2024 Antrea Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +ARG GO_VERSION +ARG BUILD_TAG +FROM golang:${GO_VERSION} as antrea-build + +WORKDIR /antrea + +COPY go.mod /antrea/go.mod + +RUN go mod download + +COPY . /antrea + +RUN make antrea-agent antrea-cni antrea-agent-instr-binary +# Disable CGO for antctl in case it is copied outside of the container image. It +# also reduces the size of the binary and aligns with how we distribute antctl +# in release assets. +RUN CGO_ENABLED=0 make antctl-linux antctl-instr-binary +RUN mv bin/antctl-linux bin/antctl + +FROM antrea/base-ubuntu:${BUILD_TAG} + +LABEL maintainer="Antrea " +LABEL description="The Docker image to deploy the Antrea CNI with code coverage measurement enabled (used for testing)." + +USER root + +COPY build/images/scripts/* /usr/local/bin/ +COPY --from=antrea-build /antrea/bin/antrea-agent /usr/local/bin/ +COPY --from=antrea-build /antrea/bin/antrea-agent-coverage /usr/local/bin/ +COPY --from=antrea-build /antrea/bin/antrea-cni /usr/local/bin/ +COPY --from=antrea-build /antrea/bin/antctl /usr/local/bin/ +COPY --from=antrea-build /antrea/bin/antctl-coverage /usr/local/bin/ +COPY --from=antrea-build /antrea/test/e2e/coverage/agent-arg-file / diff --git a/build/images/Dockerfile.build.agent.ubuntu b/build/images/Dockerfile.build.agent.ubuntu new file mode 100644 index 00000000000..28ceea5dff3 --- /dev/null +++ b/build/images/Dockerfile.build.agent.ubuntu @@ -0,0 +1,44 @@ +# Copyright 2024 Antrea Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +ARG GO_VERSION +ARG BUILD_TAG +FROM golang:${GO_VERSION} as antrea-build + +WORKDIR /antrea + +COPY go.mod /antrea/go.mod + +RUN go mod download + +COPY . /antrea + +RUN make antrea-agent antrea-cni +# Disable CGO for antctl in case it is copied outside of the container image. It +# also reduces the size of the binary and aligns with how we distribute antctl +# in release assets. +RUN CGO_ENABLED=0 make antctl-linux +RUN mv bin/antctl-linux bin/antctl + +FROM antrea/base-ubuntu:${BUILD_TAG} + +LABEL maintainer="Antrea " +LABEL description="The Docker image to deploy the Antrea CNI." + +USER root + +COPY build/images/scripts/* /usr/local/bin/ +COPY --from=antrea-build /antrea/bin/antrea-agent /usr/local/bin/ +COPY --from=antrea-build /antrea/bin/antrea-cni /usr/local/bin/ +COPY --from=antrea-build /antrea/bin/antctl /usr/local/bin/ diff --git a/build/images/Dockerfile.build.controller.ubuntu b/build/images/Dockerfile.build.controller.ubuntu new file mode 100644 index 00000000000..c3f3b60ee11 --- /dev/null +++ b/build/images/Dockerfile.build.controller.ubuntu @@ -0,0 +1,42 @@ +# Copyright 2024 Antrea Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +ARG GO_VERSION +ARG BUILD_TAG +FROM golang:${GO_VERSION} as antrea-build + +WORKDIR /antrea + +COPY go.mod /antrea/go.mod + +RUN go mod download + +COPY . /antrea + +RUN make antrea-controller +# Disable CGO for antctl in case it is copied outside of the container image. It +# also reduces the size of the binary and aligns with how we distribute antctl +# in release assets. +RUN CGO_ENABLED=0 make antctl-linux +RUN mv bin/antctl-linux bin/antctl + +FROM ubuntu:22.04 + +LABEL maintainer="Antrea " +LABEL description="The Docker image to deploy the Antrea CNI." + +USER root + +COPY --from=antrea-build /antrea/bin/antctl /usr/local/bin/ +COPY --from=antrea-build /antrea/bin/antrea-controller /usr/local/bin/ diff --git a/build/images/Dockerfile.controller.build.coverage b/build/images/Dockerfile.controller.build.coverage new file mode 100644 index 00000000000..c89119b9768 --- /dev/null +++ b/build/images/Dockerfile.controller.build.coverage @@ -0,0 +1,45 @@ +# Copyright 2024 Antrea Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +ARG GO_VERSION +ARG BUILD_TAG +FROM golang:${GO_VERSION} as antrea-build + +WORKDIR /antrea + +COPY go.mod /antrea/go.mod + +RUN go mod download + +COPY . /antrea + +RUN make antrea-controller antrea-controller-instr-binary +# Disable CGO for antctl in case it is copied outside of the container image. It +# also reduces the size of the binary and aligns with how we distribute antctl +# in release assets. +RUN CGO_ENABLED=0 make antctl-linux antctl-instr-binary +RUN mv bin/antctl-linux bin/antctl + +FROM ubuntu:22.04 + +LABEL maintainer="Antrea " +LABEL description="The Docker image to deploy the Antrea CNI with code coverage measurement enabled (used for testing)." + +USER root + +COPY --from=antrea-build /antrea/bin/antrea-controller /usr/local/bin/ +COPY --from=antrea-build /antrea/bin/antctl /usr/local/bin/ +COPY --from=antrea-build /antrea/bin/antrea-controller-coverage /usr/local/bin/ +COPY --from=antrea-build /antrea/bin/antctl-coverage /usr/local/bin/ +COPY --from=antrea-build /antrea/test/e2e/coverage/controller-arg-file / diff --git a/build/yamls/antrea-aks.yml b/build/yamls/antrea-aks.yml index d3d020a8454..4fb33975aec 100644 --- a/build/yamls/antrea-aks.yml +++ b/build/yamls/antrea-aks.yml @@ -6946,7 +6946,7 @@ spec: initContainers: containers: - name: install-cni - image: "antrea/antrea-ubuntu:latest" + image: "antrea/antrea-agent-ubuntu:latest" imagePullPolicy: IfNotPresent resources: requests: @@ -6979,7 +6979,7 @@ spec: - name: host-var-run-antrea mountPath: /var/run/antrea - name: antrea-agent - image: "antrea/antrea-ubuntu:latest" + image: "antrea/antrea-agent-ubuntu:latest" imagePullPolicy: IfNotPresent command: ["antrea-agent"] # Log to both "/var/log/antrea/" and stderr (so "kubectl logs" can work).- @@ -7070,7 +7070,7 @@ spec: - name: xtables-lock mountPath: /run/xtables.lock - name: antrea-ovs - image: "antrea/antrea-ubuntu:latest" + image: "antrea/antrea-agent-ubuntu:latest" imagePullPolicy: IfNotPresent resources: requests: @@ -7186,7 +7186,7 @@ spec: serviceAccountName: antrea-controller containers: - name: antrea-controller - image: "antrea/antrea-ubuntu:latest" + image: "antrea/antrea-controller-ubuntu:latest" imagePullPolicy: IfNotPresent resources: requests: diff --git a/build/yamls/antrea-eks.yml b/build/yamls/antrea-eks.yml index 937b7a3c7e8..3204ca0aa48 100644 --- a/build/yamls/antrea-eks.yml +++ b/build/yamls/antrea-eks.yml @@ -6945,7 +6945,7 @@ spec: initContainers: containers: - name: install-cni - image: "antrea/antrea-ubuntu:latest" + image: "antrea/antrea-agent-ubuntu:latest" imagePullPolicy: IfNotPresent resources: requests: @@ -6978,7 +6978,7 @@ spec: - name: host-var-run-antrea mountPath: /var/run/antrea - name: antrea-agent - image: "antrea/antrea-ubuntu:latest" + image: "antrea/antrea-agent-ubuntu:latest" imagePullPolicy: IfNotPresent command: ["antrea-agent"] # Log to both "/var/log/antrea/" and stderr (so "kubectl logs" can work).- @@ -7071,7 +7071,7 @@ spec: - name: xtables-lock mountPath: /run/xtables.lock - name: antrea-ovs - image: "antrea/antrea-ubuntu:latest" + image: "antrea/antrea-agent-ubuntu:latest" imagePullPolicy: IfNotPresent resources: requests: @@ -7187,7 +7187,7 @@ spec: serviceAccountName: antrea-controller containers: - name: antrea-controller - image: "antrea/antrea-ubuntu:latest" + image: "antrea/antrea-controller-ubuntu:latest" imagePullPolicy: IfNotPresent resources: requests: diff --git a/build/yamls/antrea-gke.yml b/build/yamls/antrea-gke.yml index 9b694745985..5aa2b07c1e2 100644 --- a/build/yamls/antrea-gke.yml +++ b/build/yamls/antrea-gke.yml @@ -6944,7 +6944,7 @@ spec: serviceAccountName: antrea-agent initContainers: - name: install-cni - image: "antrea/antrea-ubuntu:latest" + image: "antrea/antrea-agent-ubuntu:latest" imagePullPolicy: IfNotPresent resources: requests: @@ -6977,7 +6977,7 @@ spec: mountPath: /var/run/antrea containers: - name: antrea-agent - image: "antrea/antrea-ubuntu:latest" + image: "antrea/antrea-agent-ubuntu:latest" imagePullPolicy: IfNotPresent command: ["antrea-agent"] # Log to both "/var/log/antrea/" and stderr (so "kubectl logs" can work).- @@ -7068,7 +7068,7 @@ spec: - name: xtables-lock mountPath: /run/xtables.lock - name: antrea-ovs - image: "antrea/antrea-ubuntu:latest" + image: "antrea/antrea-agent-ubuntu:latest" imagePullPolicy: IfNotPresent resources: requests: @@ -7184,7 +7184,7 @@ spec: serviceAccountName: antrea-controller containers: - name: antrea-controller - image: "antrea/antrea-ubuntu:latest" + image: "antrea/antrea-controller-ubuntu:latest" imagePullPolicy: IfNotPresent resources: requests: diff --git a/build/yamls/antrea-ipsec.yml b/build/yamls/antrea-ipsec.yml index ac30d70d709..10ac0f2f3e1 100644 --- a/build/yamls/antrea-ipsec.yml +++ b/build/yamls/antrea-ipsec.yml @@ -6958,7 +6958,7 @@ spec: serviceAccountName: antrea-agent initContainers: - name: install-cni - image: "antrea/antrea-ubuntu:latest" + image: "antrea/antrea-agent-ubuntu:latest" imagePullPolicy: IfNotPresent resources: requests: @@ -6991,7 +6991,7 @@ spec: mountPath: /var/run/antrea containers: - name: antrea-agent - image: "antrea/antrea-ubuntu:latest" + image: "antrea/antrea-agent-ubuntu:latest" imagePullPolicy: IfNotPresent command: ["antrea-agent"] # Log to both "/var/log/antrea/" and stderr (so "kubectl logs" can work).- @@ -7091,7 +7091,7 @@ spec: - name: xtables-lock mountPath: /run/xtables.lock - name: antrea-ovs - image: "antrea/antrea-ubuntu:latest" + image: "antrea/antrea-agent-ubuntu:latest" imagePullPolicy: IfNotPresent resources: requests: @@ -7127,7 +7127,7 @@ spec: mountPath: /var/log/openvswitch subPath: openvswitch - name: antrea-ipsec - image: "antrea/antrea-ubuntu:latest" + image: "antrea/antrea-agent-ubuntu:latest" imagePullPolicy: IfNotPresent resources: requests: @@ -7243,7 +7243,7 @@ spec: serviceAccountName: antrea-controller containers: - name: antrea-controller - image: "antrea/antrea-ubuntu:latest" + image: "antrea/antrea-controller-ubuntu:latest" imagePullPolicy: IfNotPresent resources: requests: diff --git a/build/yamls/antrea.yml b/build/yamls/antrea.yml index ff792fa34d7..a8989421077 100644 --- a/build/yamls/antrea.yml +++ b/build/yamls/antrea.yml @@ -6944,7 +6944,7 @@ spec: serviceAccountName: antrea-agent initContainers: - name: install-cni - image: "antrea/antrea-ubuntu:latest" + image: "antrea/antrea-agent-ubuntu:latest" imagePullPolicy: IfNotPresent resources: requests: @@ -6977,7 +6977,7 @@ spec: mountPath: /var/run/antrea containers: - name: antrea-agent - image: "antrea/antrea-ubuntu:latest" + image: "antrea/antrea-agent-ubuntu:latest" imagePullPolicy: IfNotPresent command: ["antrea-agent"] # Log to both "/var/log/antrea/" and stderr (so "kubectl logs" can work).- @@ -7068,7 +7068,7 @@ spec: - name: xtables-lock mountPath: /run/xtables.lock - name: antrea-ovs - image: "antrea/antrea-ubuntu:latest" + image: "antrea/antrea-agent-ubuntu:latest" imagePullPolicy: IfNotPresent resources: requests: @@ -7184,7 +7184,7 @@ spec: serviceAccountName: antrea-controller containers: - name: antrea-controller - image: "antrea/antrea-ubuntu:latest" + image: "antrea/antrea-controller-ubuntu:latest" imagePullPolicy: IfNotPresent resources: requests: diff --git a/ci/kind/kind-setup.sh b/ci/kind/kind-setup.sh index 7258a24c44c..c93ae6db8a3 100755 --- a/ci/kind/kind-setup.sh +++ b/ci/kind/kind-setup.sh @@ -19,8 +19,8 @@ # and docker bridge network connecting to worker Node. CLUSTER_NAME="" -ANTREA_IMAGE="antrea/antrea-ubuntu:latest" -IMAGES=$ANTREA_IMAGE +ANTREA_IMAGES="antrea/antrea-agent-ubuntu:latest antrea/antrea-controller-ubuntu:latest" +IMAGES=$ANTREA_IMAGES ANTREA_CNI=false ACTION="" UNTIL_TIME_IN_MINS="" diff --git a/ci/kind/test-e2e-kind.sh b/ci/kind/test-e2e-kind.sh index 6d484cf4c4e..60072baa4b3 100755 --- a/ci/kind/test-e2e-kind.sh +++ b/ci/kind/test-e2e-kind.sh @@ -235,9 +235,11 @@ done # The Antrea images should not be pulled, as we want to use the local build. if $coverage; then manifest_args="$manifest_args --coverage" - COMMON_IMAGES_LIST+=("antrea/antrea-ubuntu-coverage:latest") + COMMON_IMAGES_LIST+=("antrea/antrea-agent-ubuntu-coverage:latest" \ + "antrea/antrea-controller-ubuntu-coverage:latest") else - COMMON_IMAGES_LIST+=("antrea/antrea-ubuntu:latest") + COMMON_IMAGES_LIST+=("antrea/antrea-agent-ubuntu:latest" \ + "antrea/antrea-controller-ubuntu:latest") fi if $flow_visibility; then if $coverage; then diff --git a/ci/kind/test-netpol-v2-conformance-kind.sh b/ci/kind/test-netpol-v2-conformance-kind.sh index 1363db49f06..29bca5257ce 100755 --- a/ci/kind/test-netpol-v2-conformance-kind.sh +++ b/ci/kind/test-netpol-v2-conformance-kind.sh @@ -106,7 +106,8 @@ if [ -n "$feature_gates" ]; then fi IMAGE_LIST=("registry.k8s.io/e2e-test-images/agnhost:2.43" \ - "antrea/antrea-ubuntu:latest") + "antrea/antrea-agent-ubuntu:latest" \ + "antrea/antrea-controller-ubuntu:latest") printf -v IMAGES "%s " "${IMAGE_LIST[@]}" diff --git a/ci/kind/test-upgrade-antrea.sh b/ci/kind/test-upgrade-antrea.sh index 845c7e8183d..63a69d54824 100755 --- a/ci/kind/test-upgrade-antrea.sh +++ b/ci/kind/test-upgrade-antrea.sh @@ -158,7 +158,8 @@ for img in "${DOCKER_IMAGES[@]}"; do done done -DOCKER_IMAGES+=("antrea/antrea-ubuntu:latest") +DOCKER_IMAGES+=("antrea/antrea-agent-ubuntu:latest" \ + "antrea/antrea-controller-ubuntu:latest") echo "Creating Kind cluster" IMAGES="${DOCKER_IMAGES[@]}" diff --git a/hack/build-antrea-linux-all.sh b/hack/build-antrea-linux-all.sh index 9cf787bc1be..433a9c6e60c 100755 --- a/hack/build-antrea-linux-all.sh +++ b/hack/build-antrea-linux-all.sh @@ -161,8 +161,12 @@ cd - export NO_PULL=1 if [ "$DISTRO" == "ubuntu" ]; then if $COVERAGE; then + make build-controller-ubuntu-coverage + make build-agent-ubuntu-coverage make build-ubuntu-coverage else + make build-controller-ubuntu + make build-agent-ubuntu make fi elif [ "$DISTRO" == "ubi" ]; then diff --git a/hack/generate-helm-release.sh b/hack/generate-helm-release.sh index f82fb8dfe47..2eb4b5f2fc9 100755 --- a/hack/generate-helm-release.sh +++ b/hack/generate-helm-release.sh @@ -95,6 +95,8 @@ ANTREA_CHART="$THIS_DIR/../build/charts/antrea" cp "$ANTREA_CHART/Chart.yaml" "$ANTREA_CHART/Chart.yaml.bak" yq -i '.annotations."artifacthub.io/prerelease" = strenv(PRERELEASE)' "$ANTREA_CHART/Chart.yaml" sed -i.bak 's=antrea/antrea-ubuntu=projects.registry.vmware.com/antrea/antrea-ubuntu=g' "$ANTREA_CHART/values.yaml" +sed -i.bak 's=antrea/antrea-agent-ubuntu=projects.registry.vmware.com/antrea/antrea-agent-ubuntu=g' "$ANTREA_CHART/values.yaml" +sed -i.bak 's=antrea/antrea-controller-ubuntu=projects.registry.vmware.com/antrea/antrea-controller-ubuntu=g' "$ANTREA_CHART/values.yaml" $HELM package --app-version $VERSION --version $VERSION $ANTREA_CHART mv "antrea-$VERSION.tgz" "$OUT/antrea-chart.tgz" mv "$ANTREA_CHART/Chart.yaml.bak" "$ANTREA_CHART/Chart.yaml" diff --git a/hack/generate-manifest.sh b/hack/generate-manifest.sh index 8a35cfc8ed0..194e807e97d 100755 --- a/hack/generate-manifest.sh +++ b/hack/generate-manifest.sh @@ -325,7 +325,8 @@ fi if [ "$MODE" == "dev" ]; then if [[ -z "$IMG_NAME" ]]; then if $COVERAGE; then - HELM_VALUES+=("image.repository=antrea/antrea-ubuntu-coverage") + HELM_VALUES+=("controllerImage.repository=antrea/antrea-controller-ubuntu-coverage" \ + "agentImage.repository=antrea/antrea-agent-ubuntu-coverage") fi else HELM_VALUES+=("image.repository=$IMG_NAME") diff --git a/hack/generate-standard-manifests.sh b/hack/generate-standard-manifests.sh index 8fc80e0d3a3..80ca157da7a 100755 --- a/hack/generate-standard-manifests.sh +++ b/hack/generate-standard-manifests.sh @@ -26,7 +26,8 @@ Generate standard YAML manifests for Antrea using Helm and writes them to output --out Output directory for generated manifests --help, -h Print this message and exit -In 'release' mode, environment variables IMG_NAME and IMG_TAG must be set. +In 'release' mode, either environement variable IMG_NAME(for using unified image) or AGENT_IMAGE and +CONTROLLER_IMAGE must be set. Along with this the environment variable IMG_TAG should also be set. In 'dev' mode, environment variable IMG_NAME can be set to use a custom image. @@ -81,9 +82,12 @@ if [ "$MODE" != "dev" ] && [ "$MODE" != "release" ]; then fi if [ "$MODE" == "release" ] && [ -z "$IMG_NAME" ]; then - echoerr "In 'release' mode, environment variable IMG_NAME must be set" - print_help - exit 1 + if [ -z "$AGENT_IMAGE" ] || [ -z "$CONTROLLER_IMAGE" ]; then + echoerr "In 'release' mode, either the environment variable IMG_NAME or the \ + environment variables AGENT_IMAGE & CONTROLLER_IMAGE must be set" + print_help + exit 1 + fi fi if [ "$MODE" == "release" ] && [ -z "$IMG_TAG" ]; then @@ -112,7 +116,12 @@ fi EXTRA_VALUES="" if [ "$MODE" == "release" ]; then - EXTRA_VALUES="--set image.repository=$IMG_NAME,image.tag=$IMG_TAG" + if [ -z "$IMG_NAME" ]; then + EXTRA_VALUES="--set image.repository=$IMG_NAME,image.tag=$IMG_TAG" + else + EXTRA_VALUES="--set agentImage.repository=$AGENT_IMAGE,agentImage.tag=$IMG_TAG, \ + controllerImage.repository=$CONTROLLER_IMAGE,controllerImag.tag=$IMG_TAG" + fi fi ANTREA_CHART="$THIS_DIR/../build/charts/antrea" diff --git a/hack/release/prepare-assets.sh b/hack/release/prepare-assets.sh index bcd537ec356..a9b7f697c2f 100755 --- a/hack/release/prepare-assets.sh +++ b/hack/release/prepare-assets.sh @@ -104,7 +104,8 @@ cp ./hack/externalnode/install-vm.ps1 "$OUTPUT_DIR/" export IMG_TAG=$VERSION -export IMG_NAME=projects.registry.vmware.com/antrea/antrea-ubuntu +export AGENT_IMAGE=projects.registry.vmware.com/antrea/antrea-agent-ubuntu +export CONTROLLER_IMAGE=projects.registry.vmware.com/antrea/antrea-controller-ubuntu ./hack/generate-standard-manifests.sh --mode release --out "$OUTPUT_DIR" export IMG_NAME=projects.registry.vmware.com/antrea/antrea-windows diff --git a/test/e2e/tls_test.go b/test/e2e/tls_test.go index 9a2dab35626..2bbc60416ce 100644 --- a/test/e2e/tls_test.go +++ b/test/e2e/tls_test.go @@ -51,9 +51,6 @@ func TestAntreaApiserverTLSConfig(t *testing.T) { data.configureTLS(t, cipherSuites, "VersionTLS12") - controllerPod, err := data.getAntreaController() - assert.NoError(t, err, "failed to get Antrea Controller Pod") - controllerPodName := controllerPod.Name controlPlaneNode := controlPlaneNodeName() agentPodName, err := data.getAntreaPodOnNode(controlPlaneNode) assert.NoError(t, err, "failed to get Antrea Agent Pod Name on Control Plane Node") @@ -65,7 +62,7 @@ func TestAntreaApiserverTLSConfig(t *testing.T) { apiserver int apiserverStr string }{ - {"ControllerApiserver", controllerPodName, controllerContainerName, apis.AntreaControllerAPIPort, "Controller"}, + {"ControllerApiserver", agentPodName, agentContainerName, apis.AntreaControllerAPIPort, "Controller"}, {"AgentApiserver", agentPodName, agentContainerName, apis.AntreaAgentAPIPort, "Agent"}, } for _, tc := range tests {