Support antrea-agent UBI8 based image (antrea-io#3273)

Add the required code to build an Antrea image based on Red Hat UBI (Universal Base Image), which is in used by Red Hat platforms. Signed-off-by: Kobi Samoray <ksamoray@vmware.com>
bangqipropel · Feb 25, 2022 · 43d41bb · 43d41bb
1 parent 0e4bf90
commit 43d41bb
Show file tree

Hide file tree

Showing 20 changed files with 337 additions and 68 deletions.
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
@@ -34,15 +34,15 @@ jobs:
     - name: Build Antrea amd64 Docker image without pushing to registry
       if: ${{ github.repository != 'antrea-io/antrea' || github.event_name != 'push' || github.ref != 'refs/heads/main' }}
       run: |
-        ./hack/build-antrea-ubuntu-all.sh --pull
+        ./hack/build-antrea-linux-all.sh --pull
     - name: Build and push Antrea amd64 Docker image to registry
       if: ${{ github.repository == 'antrea-io/antrea' && github.event_name == 'push' && github.ref == 'refs/heads/main' }}
       env:
         DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }}
         DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }}
       run: |
         echo "$DOCKER_PASSWORD" | docker login -u "$DOCKER_USERNAME" --password-stdin
-        ./hack/build-antrea-ubuntu-all.sh --pull --push-base-images
+        ./hack/build-antrea-linux-all.sh --pull --push-base-images
         docker tag antrea/antrea-ubuntu:latest antrea/antrea-ubuntu-amd64:latest
         docker push antrea/antrea-ubuntu-amd64:latest
     - name: Trigger Antrea arm builds and multi-arch manifest update
@@ -55,6 +55,22 @@ jobs:
         token: ${{ secrets.ANTREA_BUILD_INFRA_WORKFLOW_DISPATCH_PAT }}
         inputs: ${{ format('{{ "antrea-repository":"antrea-io/antrea", "antrea-ref":"{0}", "docker-tag":"{1}" }}', github.ref, 'latest') }}
 
+  build-ubi:
+    needs: check-changes
+    if: ${{ needs.check-changes.outputs.has_changes == 'yes' || github.event_name == 'push' }}
+    runs-on: [ubuntu-latest]
+    steps:
+    - uses: actions/checkout@v2
+    - name: Build and push Antrea UBI8 Docker image to registry
+      if: ${{ github.repository == 'antrea-io/antrea' && github.event_name == 'push' && github.ref == 'refs/heads/main' }}
+      env:
+        DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }}
+        DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }}
+      run: |
+        echo "$DOCKER_PASSWORD" | docker login -u "$DOCKER_USERNAME" --password-stdin
+        ./hack/build-antrea-linux-all.sh --pull --push-base-images --distro ubi
+        docker push antrea/antrea-ubi:latest
+
   build-scale:
     needs: check-changes
     if: ${{ needs.check-changes.outputs.has_changes == 'yes' || github.event_name == 'push' }}

diff --git a/.github/workflows/build_tag.yml b/.github/workflows/build_tag.yml
@@ -24,13 +24,13 @@ jobs:
     needs: get-version
     steps:
     - uses: actions/checkout@v2
-    - name: Build and push Antrea amd64 Docker image to registry
+    - name: Build and push Antrea Ubuntu amd64 Docker image to registry
       env:
         DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }}
         DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }}
         VERSION: ${{ needs.get-version.outputs.version }}
       run: |
-        ./hack/build-antrea-ubuntu-all.sh --pull
+        ./hack/build-antrea-linux-all.sh --pull
         echo "$DOCKER_PASSWORD" | docker login -u "$DOCKER_USERNAME" --password-stdin
         docker tag antrea/antrea-ubuntu:"${VERSION}" antrea/antrea-ubuntu-amd64:"${VERSION}"
         docker push antrea/antrea-ubuntu-amd64:"${VERSION}"
@@ -43,6 +43,21 @@ jobs:
         token: ${{ secrets.ANTREA_BUILD_INFRA_WORKFLOW_DISPATCH_PAT }}
         inputs: ${{ format('{{ "antrea-repository":"antrea-io/antrea", "antrea-ref":"{0}", "docker-tag":"{1}" }}', github.ref, needs.get-version.outputs.version) }}
 
+  build-ubi:
+    runs-on: [ubuntu-latest]
+    needs: get-version
+    steps:
+      - uses: actions/checkout@v2
+      - name: Build and push Antrea UBI8 amd64 Docker image to registry
+        env:
+          DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }}
+          DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }}
+          VERSION: ${{ needs.get-version.outputs.version }}
+        run: |
+          ./hack/build-antrea-linux-all.sh --pull --distro ubi
+          echo "$DOCKER_PASSWORD" | docker login -u "$DOCKER_USERNAME" --password-stdin
+          docker push antrea/antrea-ubi:"${VERSION}"
+
   build-windows:
     runs-on: [windows-2019]
     needs: get-version

diff --git a/.github/workflows/kind.yml b/.github/workflows/kind.yml
@@ -36,7 +36,7 @@ jobs:
     - uses: actions/checkout@v2
     - name: Build Antrea Docker image with code coverage support
       run: |
-        ./hack/build-antrea-ubuntu-all.sh --pull --coverage
+        ./hack/build-antrea-linux-all.sh --pull --coverage
     - name: Save Antrea image to tarball
       run:  docker save -o antrea-ubuntu.tar antrea/antrea-ubuntu-coverage:latest
     - name: Upload Antrea image for subsequent jobs

diff --git a/.github/workflows/kind_upgrade.yml b/.github/workflows/kind_upgrade.yml
@@ -36,7 +36,7 @@ jobs:
     - uses: actions/checkout@v2
     - name: Build Antrea Docker image
       run: |
-        ./hack/build-antrea-ubuntu-all.sh --pull
+        ./hack/build-antrea-linux-all.sh --pull
     - name: Save Antrea image to tarball
       run:  docker save -o antrea-ubuntu.tar projects.registry.vmware.com/antrea/antrea-ubuntu:latest
     - name: Upload Antrea image for subsequent jobs

diff --git a/Makefile b/Makefile
@@ -66,11 +66,6 @@ antrea-cni:
 	@mkdir -p $(BINDIR)
 	GOOS=linux CGO_ENABLED=0 $(GO) build -o $(BINDIR) $(GOFLAGS) -ldflags '$(LDFLAGS)' antrea.io/antrea/cmd/antrea-cni
 
-.PHONY: antctl-ubuntu
-antctl-ubuntu:
-	@mkdir -p $(BINDIR)
-	GOOS=linux $(GO) build -o $(BINDIR) $(GOFLAGS) -ldflags '$(LDFLAGS)' antrea.io/antrea/cmd/antctl
-
 .PHONY: antctl-instr-binary
 antctl-instr-binary:
 	@mkdir -p $(BINDIR)
@@ -307,6 +302,19 @@ endif
 	docker tag antrea/antrea-ubuntu:$(DOCKER_IMG_VERSION) projects.registry.vmware.com/antrea/antrea-ubuntu
 	docker tag antrea/antrea-ubuntu:$(DOCKER_IMG_VERSION) projects.registry.vmware.com/antrea/antrea-ubuntu:$(DOCKER_IMG_VERSION)
 
+# Build bins in a golang container, and build the antrea-ubi Docker image.
+.PHONY: build-ubi
+build-ubi:
+	@echo "===> Building Antrea bins and antrea/antrea-ubi Docker image <==="
+ifneq ($(NO_PULL),"")
+	docker build -t antrea/antrea-ubi:$(DOCKER_IMG_VERSION) -f build/images/Dockerfile.build.ubi $(DOCKER_BUILD_ARGS) .
+else
+	docker build --pull -t antrea/antrea-ubi:$(DOCKER_IMG_VERSION) -f build/images/Dockerfile.build.ubi $(DOCKER_BUILD_ARGS) .
+endif
+	docker tag antrea/antrea-ubi:$(DOCKER_IMG_VERSION) antrea/antrea-ubi
+	docker tag antrea/antrea-ubi:$(DOCKER_IMG_VERSION) projects.registry.vmware.com/antrea/antrea-ubi
+	docker tag antrea/antrea-ubi:$(DOCKER_IMG_VERSION) projects.registry.vmware.com/antrea/antrea-ubi:$(DOCKER_IMG_VERSION)
+
 .PHONY: build-windows
 build-windows:
 	@echo "===> Building Antrea bins and antrea/antrea-windows Docker image <==="

diff --git a/build/images/Dockerfile.build.coverage b/build/images/Dockerfile.build.coverage
@@ -10,7 +10,8 @@ RUN go mod download
 
 COPY . /antrea
 
-RUN make antrea-agent antrea-controller antrea-cni antctl-ubuntu antrea-controller-instr-binary antrea-agent-instr-binary antctl-instr-binary
+RUN make antrea-agent antrea-controller antrea-cni antctl-linux antrea-controller-instr-binary antrea-agent-instr-binary antctl-instr-binary
+RUN mv bin/antctl-linux bin/antctl
 
 FROM antrea/base-ubuntu:${OVS_VERSION}
 

diff --git a/build/images/Dockerfile.build.ubi b/build/images/Dockerfile.build.ubi
@@ -0,0 +1,24 @@
+ARG GO_VERSION
+ARG OVS_VERSION
+FROM golang:${GO_VERSION} as antrea-build
+
+WORKDIR /antrea
+
+COPY go.mod /antrea/go.mod
+
+RUN go mod download
+
+COPY . /antrea
+
+RUN make antrea-agent antrea-controller antrea-cni antctl-linux
+RUN mv bin/antctl-linux bin/antctl
+
+FROM antrea/base-ubi:${OVS_VERSION}
+
+LABEL maintainer="Antrea <projectantrea-dev@googlegroups.com>"
+LABEL description="The Docker image to deploy the Antrea CNI. "
+
+USER root
+
+COPY build/images/scripts/* /usr/local/bin/
+COPY --from=antrea-build /antrea/bin/* /usr/local/bin/
diff --git a/build/images/Dockerfile.build.ubuntu b/build/images/Dockerfile.build.ubuntu
@@ -10,7 +10,8 @@ RUN go mod download
 
 COPY . /antrea
 
-RUN make antrea-agent antrea-controller antrea-cni antctl-ubuntu
+RUN make antrea-agent antrea-controller antrea-cni antctl-linux
+RUN mv bin/antctl-linux bin/antctl
 
 FROM antrea/base-ubuntu:${OVS_VERSION}
 

diff --git a/build/images/base/Dockerfile b/build/images/base/Dockerfile
@@ -26,7 +26,7 @@ RUN set -eux; \
 FROM antrea/openvswitch:${OVS_VERSION}
 
 LABEL maintainer="Antrea <projectantrea-dev@googlegroups.com>"
-LABEL description="Takes care of building the Antrea binaries as part of building the image."
+LABEL description="An Ubuntu based Docker base image for Antrea."
 
 USER root
 

diff --git a/build/images/base/Dockerfile.ubi b/build/images/base/Dockerfile.ubi
@@ -0,0 +1,35 @@
+ARG OVS_VERSION
+FROM ubuntu:20.04 as cni-binaries
+
+ARG CNI_BINARIES_VERSION
+ARG WHEREABOUTS_VERSION=v0.4.2
+
+RUN apt-get update && \
+    apt-get install -y --no-install-recommends wget ca-certificates
+
+# Leading dot is required for the tar command below
+ENV CNI_PLUGINS="./host-local ./loopback ./portmap ./bandwidth"
+
+# Download containernetworking plugin binaries for the correct architecture
+RUN set -eux; \
+    dpkgArch="$(dpkg --print-architecture)"; \
+    case "${dpkgArch##*-}" in \
+         amd64) pluginsArch='amd64' ;; \
+	 armhf) pluginsArch='arm' ;; \
+	 arm64) pluginsArch='arm64' ;; \
+         *) pluginsArch=''; echo >&2; echo >&2 "unsupported architecture '$dpkgArch'"; echo >&2 ; exit 1 ;; \
+    esac; \
+    mkdir -p /opt/cni/bin; \
+    wget -q -O - https://github.com/containernetworking/plugins/releases/download/$CNI_BINARIES_VERSION/cni-plugins-linux-${pluginsArch}-$CNI_BINARIES_VERSION.tgz | tar xz -C /opt/cni/bin $CNI_PLUGINS; \
+    wget -q -O - https://downloads.antrea.io/whereabouts/$WHEREABOUTS_VERSION/whereabouts-linux-${pluginsArch}.tgz | tar xz -C /opt/cni/bin/ whereabouts-linux-${pluginsArch}/whereabouts --strip-components=1 --no-same-owner
+
+FROM antrea/openvswitch-ubi:${OVS_VERSION}
+
+LABEL maintainer="Antrea <projectantrea-dev@googlegroups.com>"
+LABEL description="An UBI8 based Docker base image for Antrea."
+
+USER root
+
+RUN yum install ipset jq -y && yum clean all 
+
+COPY --from=cni-binaries /opt/cni/bin /opt/cni/bin
diff --git a/build/images/base/build.sh b/build/images/base/build.sh
@@ -23,11 +23,12 @@ function echoerr {
     >&2 echo "$@"
 }
 
-_usage="Usage: $0 [--pull] [--push] [--platform <PLATFORM>]
+_usage="Usage: $0 [--pull] [--push] [--platform <PLATFORM>] [--distro [ubuntu|ubi]]
 Build the antrea/base-ubuntu:<OVS_VERSION> image.
         --pull                  Always attempt to pull a newer version of the base images
         --push                  Push the built image to the registry
-        --platform <PLATFORM>   Target platform for the image if server is multi-platform capable"
+        --platform <PLATFORM>   Target platform for the image if server is multi-platform capable
+        --distro <distro>       Target Linux distribution"
 
 function print_usage {
     echoerr "$_usage"
@@ -36,6 +37,7 @@ function print_usage {
 PULL=false
 PUSH=false
 PLATFORM=""
+DISTRO="ubuntu"
 
 while [[ $# -gt 0 ]]
 do
@@ -54,6 +56,10 @@ case $key in
     PLATFORM="$2"
     shift 2
     ;;
+    --distro)
+    DISTRO="$2"
+    shift 2
+    ;;
     -h|--help)
     print_usage
     exit 0
@@ -75,6 +81,11 @@ if [ "$PLATFORM" != "" ]; then
     PLATFORM_ARG="--platform $PLATFORM"
 fi
 
+if [ "$DISTRO" != "ubuntu" ] && [ "$DISTRO" != "ubi" ]; then
+    echoerr "Invalid distribution $DISTRO"
+    exit 1
+fi
+
 THIS_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )"
 
 pushd $THIS_DIR > /dev/null
@@ -89,11 +100,20 @@ if $PULL; then
         docker pull ${DOCKER_REGISTRY}/antrea/ubuntu:20.04
         docker tag ${DOCKER_REGISTRY}/antrea/ubuntu:20.04 ubuntu:20.04
     fi
-    IMAGES_LIST=(
-        "antrea/openvswitch:$OVS_VERSION"
-        "antrea/cni-binaries:$CNI_BINARIES_VERSION"
-        "antrea/base-ubuntu:$OVS_VERSION"
-    )
+
+    if [ "$DISTRO" == "ubuntu" ]; then
+        IMAGES_LIST=(
+            "antrea/openvswitch:$OVS_VERSION"
+            "antrea/cni-binaries:$CNI_BINARIES_VERSION"
+            "antrea/base-ubuntu:$OVS_VERSION"
+        )
+    elif [ "$DISTRO" == "ubi" ]; then
+        IMAGES_LIST=(
+            "antrea/openvswitch-ubi:$OVS_VERSION"
+            "antrea/cni-binaries:$CNI_BINARIES_VERSION"
+            "antrea/base-ubi:$OVS_VERSION"
+        )
+    fi
     for image in "${IMAGES_LIST[@]}"; do
         if [[ ${DOCKER_REGISTRY} == "" ]]; then
             docker pull $PLATFORM_ARG "${image}" || true
@@ -113,16 +133,26 @@ docker build $PLATFORM_ARG --target cni-binaries \
        --build-arg CNI_BINARIES_VERSION=$CNI_BINARIES_VERSION \
        --build-arg OVS_VERSION=$OVS_VERSION .
 
-docker build $PLATFORM_ARG \
-       --cache-from antrea/cni-binaries:$CNI_BINARIES_VERSION \
-       --cache-from antrea/base-ubuntu:$OVS_VERSION \
-       -t antrea/base-ubuntu:$OVS_VERSION \
-       --build-arg CNI_BINARIES_VERSION=$CNI_BINARIES_VERSION \
-       --build-arg OVS_VERSION=$OVS_VERSION .
+if [ "$DISTRO" == "ubuntu" ]; then
+    docker build $PLATFORM_ARG \
+           --cache-from antrea/cni-binaries:$CNI_BINARIES_VERSION \
+           --cache-from antrea/base-ubuntu:$OVS_VERSION \
+           -t antrea/base-ubuntu:$OVS_VERSION \
+           --build-arg CNI_BINARIES_VERSION=$CNI_BINARIES_VERSION \
+           --build-arg OVS_VERSION=$OVS_VERSION .
+elif [ "$DISTRO" == "ubi" ]; then
+    docker build $PLATFORM_ARG \
+           --cache-from antrea/cni-binaries:$CNI_BINARIES_VERSION \
+           --cache-from antrea/base-ubuntu:$OVS_VERSION \
+           -t antrea/base-ubi:$OVS_VERSION \
+           -f Dockerfile.ubi \
+           --build-arg CNI_BINARIES_VERSION=$CNI_BINARIES_VERSION \
+           --build-arg OVS_VERSION=$OVS_VERSION .
+fi
 
 if $PUSH; then
     docker push antrea/cni-binaries:$CNI_BINARIES_VERSION
-    docker push antrea/base-ubuntu:$OVS_VERSION
+    docker push antrea/base-$DISTRO:$OVS_VERSION
 fi
 
 popd > /dev/null
diff --git a/build/images/flow-aggregator/Dockerfile b/build/images/flow-aggregator/Dockerfile
@@ -5,7 +5,8 @@ WORKDIR /antrea
 
 COPY . /antrea
 
-RUN make flow-aggregator antctl-ubuntu
+RUN make flow-aggregator antctl-linux
+RUN mv bin/antctl-linux bin/antctl
 
 # Chose this base image so that a shell is available for users to exec into the container, run antctl and run tools like pprof easily
 FROM ubuntu:20.04

diff --git a/build/images/flow-aggregator/Dockerfile.coverage b/build/images/flow-aggregator/Dockerfile.coverage
@@ -5,7 +5,8 @@ WORKDIR /antrea
 
 COPY . /antrea
 
-RUN make flow-aggregator antctl-ubuntu flow-aggregator-instr-binary antctl-instr-binary
+RUN make flow-aggregator antctl-linux flow-aggregator-instr-binary antctl-instr-binary
+RUN mv bin/antctl-linux bin/antctl
 
 FROM ubuntu:20.04
 

diff --git a/build/images/ovs/CentOS.repo b/build/images/ovs/CentOS.repo
@@ -0,0 +1,23 @@
+[AppStream]
+name=CentOS-8-stream - AppStream
+mirrorlist=http://mirrorlist.centos.org/?release=8-stream&arch=$basearch&repo=AppStream&infra=$infra
+#baseurl=http://mirror.centos.org/$contentdir/8-stream/AppStream/$basearch/os/
+gpgcheck=1
+enabled=1
+gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial
+
+[BaseOS]
+name=CentOS-8-stream - Base
+mirrorlist=http://mirrorlist.centos.org/?release=8-stream&arch=$basearch&repo=BaseOS&infra=$infra
+#baseurl=http://mirror.centos.org/$contentdir/8-stream/BaseOS/$basearch/os/
+gpgcheck=1
+enabled=1
+gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial
+
+[extras]
+name=CentOS-8-stream - Extras
+mirrorlist=http://mirrorlist.centos.org/?release=8-stream&arch=$basearch&repo=extras&infra=$infra
+#baseurl=http://mirror.centos.org/$contentdir/8-stream/extras/$basearch/os/
+gpgcheck=1
+enabled=1
+gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial