-
Notifications
You must be signed in to change notification settings - Fork 430
/
Dockerfile.base
117 lines (99 loc) · 6.47 KB
/
Dockerfile.base
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
# syntax = docker/dockerfile:experimental
FROM ubuntu:22.04 as ovs-builder
ARG ARCH
ARG DEBIAN_FRONTEND=noninteractive
ENV SRC_DIR='/usr/src'
RUN apt update && apt install -y git curl
RUN cd /usr/src/ && \
git clone -b branch-3.1 --depth=1 https://github.com/openvswitch/ovs.git && \
cd ovs && \
# fix memory leak by ofport_usage and trim memory periodically
curl -s https://github.com/kubeovn/ovs/commit/25d71867370c9a44c66b973556338de7a4d9bad7.patch | git apply && \
# increase election timer
curl -s https://github.com/kubeovn/ovs/commit/31f736fb54cf00e893a23e396958883f54f4080f.patch | git apply && \
# add fdb update logging
curl -s https://github.com/kubeovn/ovs/commit/119ab5c7e104d25641cdf4506a359c5729acdd9a.patch | git apply && \
# fdb: fix mac learning in environments with hairpin enabled
curl -s https://github.com/kubeovn/ovs/commit/40d5597a9a3a09015dda2202f6aa81791c5c03f3.patch | git apply && \
# ovsdb-tool: add optional server id parameter for "join-cluster" command
curl -s https://github.com/kubeovn/ovs/commit/ebf61515da71fa2e23125a92859fbdb96dcbffe7.patch | git apply && \
# Add jitter parameter patch for netem qos
curl -s https://github.com/kubeovn/ovs/commit/2eaaf89fbf3ee2172719ed10d045fd79900edc8e.patch | git apply && \
# fix memory leak in qos
curl -s https://github.com/kubeovn/ovs/commit/6a4dd2f4b9311a227cc26fef7c398ae9b241311b.patch | git apply && \
# ovsdb-tool: add command fix-cluster
curl -s https://github.com/kubeovn/ovs/commit/f52c239f5ded40b503e4d217f916b46ca413da4c.patch | git apply
RUN cd /usr/src/ && git clone -b branch-22.12 --depth=1 https://github.com/ovn-org/ovn.git && \
cd ovn && \
# do not send direct traffic between lports to conntrack
curl -s https://github.com/kubeovn/ovn/commit/4124fb623183541b80a577846ce145c7faf8eb5d.patch | git apply && \
# change hash type from dp_hash to hash with field src_ip
curl -s https://github.com/kubeovn/ovn/commit/daa09e380eec61620d4ee317e3265c44366d1147.patch | git apply && \
# set ether dst addr for dnat on logical switch
curl -s https://github.com/kubeovn/ovn/commit/44875725ad6ce3cb38e4d471d540fe69ed204bff.patch | git apply && \
# modify src route priority
curl -s https://github.com/kubeovn/ovn/commit/da1388ece89b27012d081c31310fd577b036b071.patch | git apply && \
# fix reaching resubmit limit in underlay
curl -s https://github.com/kubeovn/ovn/commit/6934f1a1eb5986a904eefb560c0d6d57811453d9.patch | git apply && \
# ovn-controller: do not send GARP on localnet for Kube-OVN ports
curl -s https://github.com/kubeovn/ovn/commit/8af8751cdb55f582c675db921f2526b06fd3d8c0.patch | git apply && \
# ovn-ic blacklist function not work on ipv6
curl -s https://github.com/kubeovn/ovn/commit/78ab91005854532e7eb5c4fe6b2923ce292e3681.patch | git apply
RUN apt install -y build-essential fakeroot \
autoconf automake bzip2 debhelper-compat dh-exec dh-python dh-sequence-python3 dh-sequence-sphinxdoc \
graphviz iproute2 libcap-ng-dev libdbus-1-dev libnuma-dev libpcap-dev libssl-dev libtool libunbound-dev \
openssl pkg-config procps python3-all-dev python3-setuptools python3-sortedcontainers python3-sphinx
RUN cd /usr/src/ovs && \
./boot.sh && \
./configure && \
rm -rf .git && \
CONFIGURE_OPTS='' && \
if [ "$ARCH" = "amd64" ]; then CONFIGURE_OPTS='CFLAGS="-O2 -g -msse4.2 -mpopcnt -fPIC"'; fi && \
DATAPATH_CONFIGURE_OPTS='--prefix=/usr' EXTRA_CONFIGURE_OPTS=$CONFIGURE_OPTS DEB_BUILD_OPTIONS='parallel=8 nocheck nodpdk' make debian-deb
RUN dpkg -i /usr/src/python3-openvswitch*.deb
RUN cd /usr/src/ovn && \
sed -i 's/OVN/ovn/g' debian/changelog && \
rm -rf .git && \
./boot.sh && \
CONFIGURE_OPTS='--with-ovs-build=/usr/src/ovs/_debian' && \
if [ "$ARCH" = "amd64" ]; then CONFIGURE_OPTS="$CONFIGURE_OPTS CFLAGS='-O2 -g -msse4.2 -mpopcnt -fPIC'"; fi && \
OVSDIR=/usr/src/ovs EXTRA_CONFIGURE_OPTS=$CONFIGURE_OPTS DEB_BUILD_OPTIONS='parallel=8 nocheck' fakeroot debian/rules binary
RUN mkdir /packages/ && \
cp /usr/src/openvswitch-*deb /packages && \
cp /usr/src/python3-openvswitch*deb /packages && \
cp /usr/src/ovn-*deb /packages && \
cd /packages && rm -f *source* *doc* *datapath* *docker* *vtep* *test* *dev*
FROM ubuntu:22.04
ARG DEBIAN_FRONTEND=noninteractive
RUN apt update && apt upgrade -y && apt install ca-certificates python3 hostname libunwind8 netbase \
ethtool iproute2 ncat libunbound-dev procps libatomic1 kmod iptables python3-netifaces python3-sortedcontainers \
tcpdump ipset curl uuid-runtime openssl inetutils-ping arping ndisc6 \
logrotate dnsutils net-tools strongswan strongswan-pki libcharon-extra-plugins \
libcharon-extauth-plugins libstrongswan-extra-plugins libstrongswan-standard-plugins -y --no-install-recommends && \
rm -rf /var/lib/apt/lists/* && \
rm -rf /etc/localtime
RUN mkdir -p /var/run/openvswitch && \
mkdir -p /var/run/ovn && \
mkdir -p /etc/cni/net.d && \
mkdir -p /opt/cni/bin
ARG ARCH
ENV CNI_VERSION=v1.3.0
RUN curl -sSf -L --retry 5 https://github.com/containernetworking/plugins/releases/download/${CNI_VERSION}/cni-plugins-linux-${ARCH}-${CNI_VERSION}.tgz | tar -xz -C . ./loopback ./portmap ./macvlan
ENV KUBE_VERSION="v1.27.4"
RUN curl -L https://dl.k8s.io/${KUBE_VERSION}/kubernetes-client-linux-${ARCH}.tar.gz | tar -xz -C . && cp ./kubernetes/client/bin/kubectl /usr/bin/kubectl \
&& chmod +x /usr/bin/kubectl && rm -rf ./kubernetes
ENV BFDD_VERSION="v0.5.4"
RUN curl -sSf -L --retry 3 -o /usr/local/bin/bfdd-control https://github.com/bobz965/bfd-binary-for-kube-ovn-cni/releases/download/${BFDD_VERSION}/bfdd-control && \
curl -sSf -L --retry 3 -o /usr/local/bin/bfdd-beacon https://github.com/bobz965/bfd-binary-for-kube-ovn-cni/releases/download/${BFDD_VERSION}/bfdd-beacon && \
chmod +x /usr/local/bin/bfdd-control /usr/local/bin/bfdd-beacon
RUN --mount=type=bind,target=/packages,from=ovs-builder,source=/packages \
dpkg -i /packages/openvswitch-*.deb /packages/python3-openvswitch*.deb && \
dpkg -i --ignore-depends=openvswitch-switch,openvswitch-common /packages/ovn-*.deb && \
rm -rf /var/lib/openvswitch/pki/
ARG DEBUG=false
RUN --mount=type=bind,target=/packages,from=ovs-builder,source=/packages \
if [ "${DEBUG}" = "true" ]; then \
apt update && apt install -y --no-install-recommends valgrind && \
rm -rf /var/lib/apt/lists/* && \
dpkg -i --ignore-depends=openvswitch-switch,openvswitch-common /packages/*.ddeb; \
fi