Switch to VMware Harbor registry for Antrea Docker images

[antoninbas]

All "user-facing" images (antrea/antrea-ubuntu, antrea/antrea-windows,
antrea/octant-antrea-ubuntu) are now pulled from the VMware Harbor
distribution registry (projects.registry.vmware.com) to avoid Docker
pull rate limiting.

The YAML manifests (top-of-tree and releases) now refer to the new
registry.

This is not a complete transition from Dockerhub to Harbor. Images used
for build purposes (e.g. antrea/openvswitch) are still pulled from
Dockerhub by default. Rate limiting is not as much of an issue for these
(not user-facing, Github workflows are not subject to rate limiting, we
have workarounds for the Jenkins CI jobs). One thing to keep is mind is
that we cannot push to the VMware Harbor registry from outside of the
the VMware corporate network. This is why all images are pushed to
the Dockerhub registry, which is then mirrored by the distribution
Harbor registry.

See #1555

[antrea-bot]

Thanks for your PR.
Unit tests and code linters are run automatically every time the PR is updated.
E2e, conformance and network policy tests can only be triggered by a member of the vmware-tanzu organization. Regular contributors to the project should join the org.

The following commands are available:

• /test-e2e: to trigger e2e tests.
• /skip-e2e: to skip e2e tests.
• /test-conformance: to trigger conformance tests.
• /skip-conformance: to skip conformance tests.
• /test-all-features-conformance: to trigger conformance tests with all alpha features enabled.
• /skip-all-features-conformance: to skip conformance tests with all alpha features enabled.
• /test-whole-conformance: to trigger all conformance tests on linux.
• /skip-whole-conformance: to skip all conformance tests on linux.
• /test-networkpolicy: to trigger networkpolicy tests.
• /skip-networkpolicy: to skip networkpolicy tests.
• /test-windows-conformance: to trigger windows conformance tests.
• /skip-windows-conformance: to skip windows conformance tests.
• /test-windows-networkpolicy: to trigger windows networkpolicy tests.
• /skip-windows-networkpolicy: to skip windows networkpolicy tests.
• /test-hw-offload: to trigger ovs hardware offload test.
• /skip-hw-offload: to skip ovs hardware offload test.
• /test-all: to trigger all tests (except whole conformance).
• /skip-all: to skip all tests (except whole conformance).

[codecov-io]

Codecov Report

Merging #1617 (9a002c1) into master (9d3d10b) will increase coverage by 0.64%.
The diff coverage is 60.22%.

@@            Coverage Diff             @@
##           master    #1617      +/-   ##
==========================================
+ Coverage   63.31%   63.96%   +0.64%     
==========================================
  Files         170      181      +11     
  Lines       14250    15433    +1183     
==========================================
+ Hits         9023     9871     +848     
- Misses       4292     4527     +235     
- Partials      935     1035     +100     

Flag	Coverage Δ
e2e-tests	46.02% <39.23%> (?)
kind-e2e-tests	53.26% <53.25%> (-2.13%)	⬇️
unit-tests	40.53% <24.61%> (-0.75%)	⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

Impacted Files	Coverage Δ
cmd/antrea-agent/agent.go	0.00% <0.00%> (ø)
.../agent/apiserver/handlers/networkpolicy/handler.go	58.33% <ø> (ø)
...gent/controller/noderoute/node_route_controller.go	61.04% <ø> (+14.58%)	⬆️
pkg/agent/stats/collector.go	97.72% <ø> (ø)
pkg/antctl/antctl.go	100.00% <ø> (ø)
pkg/antctl/transform/controllerinfo/transform.go	0.00% <ø> (ø)
pkg/antctl/transform/version/transform.go	0.00% <ø> (ø)
pkg/controller/networkpolicy/tier.go	90.00% <ø> (ø)
pkg/features/antrea_features.go	16.66% <ø> (ø)
pkg/ovs/openflow/ofctrl_builder.go	59.85% <0.00%> (-2.32%)	⬇️
... and 91 more

[jianjuns]

Do you have any good way to define the registry URL once in a file and other code just read the URL?

[lzhecheng]

Or maybe have an update-image-name-with-registry.sh script to update all images' names in the repo? Then we don't need to add logic in the code.

[antoninbas]

I guess specifically for test / CI, we can have something like this:

images.yml

antrea/antrea-ubuntu: projects.registry.vmware.com/antrea/antrea-ubuntu

get_img.sh

function get_img {
    while read -r line; do
        IFS=':' read -ra ADDR <<< "$line"
        name=$(echo ${ADDR[0]} | xargs)
        img=$(echo ${ADDR[1]} | xargs)
        if [[ $name == $1 ]]; then echo $img; fi
    done < "images.yml"
}

[[ $_ != $0 ]] || get_img $1

for example, CI scripts can source get_img.sh and use "$(get_img antrea/antrea-ubuntu)"

I am not sure it's much better though. Maybe we can wait a bit and see how things evolve in the short term? Right now we have to push and pull from different registries which is making things a bit tricky.

[lzhecheng]

Good idea. Yes we can wait and see.

[lzhecheng]

LGTM

[antoninbas]

/test-all

[lzhecheng]

LGTM

[antoninbas]

/test-all

[antoninbas]

/test-e2e
/test-networkpolicy

[antoninbas]

/test-all

[antoninbas]

/test-all

[antoninbas]

@lzhecheng I need a new review & approval for this. I found a couple issues during testing that I had to address (see second and third commits)

[lzhecheng]

LGTM