-
Notifications
You must be signed in to change notification settings - Fork 431
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
c3438b4
commit bd6f1bb
Showing
2 changed files
with
153 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,149 @@ | ||
# syntax = docker/dockerfile:experimental | ||
FROM ubuntu:22.04 as ovs-builder | ||
|
||
ARG ARCH | ||
ARG DEBIAN_FRONTEND=noninteractive | ||
ENV SRC_DIR='/usr/src' | ||
|
||
RUN apt update && apt install build-essential git libnuma-dev autoconf curl \ | ||
python3 libmnl-dev libpcap-dev libtool libcap-ng-dev libssl-dev pkg-config \ | ||
python3-six libunbound-dev libunwind-dev dh-make fakeroot debhelper dh-python \ | ||
flake8 python3-sphinx graphviz groff wget -y | ||
|
||
RUN cd /usr/src/ && \ | ||
git clone -b branch-2.16 --depth=1 https://github.com/openvswitch/ovs.git && \ | ||
cd ovs && \ | ||
# do not strip the binary | ||
sed -i 89d debian/rules && \ | ||
sed -i s/--enable-shared//g debian/rules && \ | ||
sed -i 10d debian/automake.mk && \ | ||
sed -i 10d debian/automake.mk && \ | ||
rm debian/libopenvswitch.install debian/libopenvswitch-dev.install && \ | ||
# ofproto: Fix re-creation of tunnel backing interfaces on restart. | ||
curl -s https://github.com/openvswitch/ovs/commit/8661abd4c41a89116fbd4e4d210e73165cedd323.patch | git apply && \ | ||
# dpif-netlink.: fix ofpbuf memory leak | ||
curl -s https://github.com/kubeovn/ovs/commit/c57d7a24cf72a55193aee9bcc2d0425e9477a45b.patch | git apply && \ | ||
# fix memleak | ||
curl -s https://github.com/kubeovn/ovs/commit/2dc8e7aa202818952b2fa80b47298604530c9de0.patch | git apply && \ | ||
# fix log file descriptor leak in monitor process | ||
curl -s https://github.com/kubeovn/ovs/commit/918d6dc79634bec760054ee53f7628186315bcfb.patch | git apply && \ | ||
# increase election timer | ||
curl -s https://github.com/kubeovn/ovs/commit/22ea22c40b46ee5adeae977ff6cfca81b3ff25d7.patch | git apply && \ | ||
# add fdb update logging | ||
curl -s https://github.com/kubeovn/ovs/commit/8c2f28b778129161bbf8f0738fa41d385860d5bc.patch | git apply && \ | ||
# fdb: fix mac learning in environments with hairpin enabled | ||
curl -s https://github.com/kubeovn/ovs/commit/1cb138aaf2fdf922d75a587e4e9cf610d38f9fee.patch | git apply && \ | ||
# ovsdb-tool: add optional server id parameter for "join-cluster" command | ||
curl -s https://github.com/kubeovn/ovs/commit/2e2ec1161cadbec79786d63fde9475053d996586.patch | git apply && \ | ||
./boot.sh && \ | ||
rm -rf .git && \ | ||
CONFIGURE_OPTS='' && \ | ||
if [ "$ARCH" = "amd64" ]; then CONFIGURE_OPTS='CFLAGS="-fno-omit-frame-pointer -fno-common"'; fi && \ | ||
DATAPATH_CONFIGURE_OPTS='--prefix=/usr --with-debug' EXTRA_CONFIGURE_OPTS=$CONFIGURE_OPTS DEB_BUILD_OPTIONS='parallel=8 nocheck' fakeroot debian/rules binary | ||
|
||
RUN dpkg -i /usr/src/python3-openvswitch*.deb /usr/src/libopenvswitch*.deb | ||
|
||
RUN cd /usr/src/ && git clone -b branch-21.06 --depth=1 https://github.com/ovn-org/ovn.git && \ | ||
cd ovn && \ | ||
# do not strip the binary | ||
sed -i 67d debian/rules && \ | ||
sed -i 14d debian/ovn-common.install && \ | ||
# fix ssl listen address | ||
curl -s https://github.com/kubeovn/ovn/commit/62d4969877712c26fe425698d898b440f91b44bf.patch | git apply && \ | ||
# expr.c: Use expr_destroy and expr_clone instead of free and xmemdup. | ||
curl -s https://github.com/ovn-org/ovn/commit/4b4cadcfabbc79f7d69c213be2b37e5e8634201c.patch | git apply && \ | ||
# treewide: bump ovs and fix problematic loops | ||
curl -s https://github.com/kubeovn/ovn/commit/8146578592200c7b732bca8ab43be05a84e34269.patch | git apply && \ | ||
# ovn-controller: Add a generic way to check if the daemon started recently. | ||
curl -s https://github.com/kubeovn/ovn/commit/a8ebd69d8a759c06f49102226192174c32fbb15b.patch | git apply && \ | ||
# patch.c: Avoid patch interface deletion & recreation during restart. | ||
curl -s https://github.com/kubeovn/ovn/commit/e24734913d25c0bffdf1cfd79e14ef43d01e1019.patch | git apply && \ | ||
# do not send multicast packets to conntrack | ||
curl -s https://github.com/kubeovn/ovn/commit/8f4e4868377afb5e980856755b9f6394f8b649e2.patch | git apply && \ | ||
# do not send traffic that not designate to svc to conntrack | ||
curl -s https://github.com/kubeovn/ovn/commit/23a87cabb76fbdce5092a6b3d3b56f3fa8dd61f5.patch | git apply && \ | ||
# Add EXTRA_CONFIGURE_OPTS for debian build | ||
curl -s https://github.com/kubeovn/ovn/commit/89ca60989df4af9a96cc6024e04f99b9b77bad22.patch | git apply && \ | ||
# fix ipv6 svc | ||
curl -s https://github.com/kubeovn/ovn/commit/aeafa43fc51be8ea1c7abfbe779c69205c1c5aa4.patch | git apply && \ | ||
# change hash type from dp_hash to hash with field src_ip | ||
curl -s https://github.com/kubeovn/ovn/commit/71f831b9cc5a6dc923af4ca90286857e2cf8b1d3.patch | git apply && \ | ||
# fix reaching resubmit limit in underlay | ||
curl -s https://github.com/kubeovn/ovn/commit/0f6fe4202001c0950dc689179e7a4ad9554a51fa.patch | git apply && \ | ||
sed -i s/--enable-shared//g debian/rules && \ | ||
sed -i 's/OVN/ovn/g' debian/changelog && \ | ||
rm -rf .git && \ | ||
./boot.sh && \ | ||
CONFIGURE_OPTS='' && \ | ||
if [ "$ARCH" = "amd64" ]; then CONFIGURE_OPTS='--with-debug CFLAGS="-fno-omit-frame-pointer -fno-common"'; fi && \ | ||
OVSDIR=/usr/src/ovs EXTRA_CONFIGURE_OPTS=$CONFIGURE_OPTS DEB_BUILD_OPTIONS='parallel=8 nocheck' fakeroot debian/rules binary | ||
|
||
RUN mkdir /packages/ && \ | ||
cp /usr/src/libopenvswitch*.deb /packages && \ | ||
cp /usr/src/openvswitch-*.deb /packages && \ | ||
cp /usr/src/python3-openvswitch*.deb /packages && \ | ||
cp /usr/src/ovn-*.deb /packages && \ | ||
cd /packages && rm -f *dbg* *datapath* *docker* *vtep* *ipsec* *test* *dev* | ||
|
||
FROM ubuntu:22.04 | ||
|
||
ARG DEBIAN_FRONTEND=noninteractive | ||
RUN apt update && apt upgrade -y && apt install ca-certificates python3 hostname libunwind8 netbase \ | ||
ethtool iproute2 ncat libunbound-dev procps libatomic1 kmod iptables \ | ||
tcpdump ipset curl uuid-runtime openssl inetutils-ping arping ndisc6 \ | ||
logrotate dnsutils net-tools nmap valgrind -y --no-install-recommends && \ | ||
rm -rf /var/lib/apt/lists/* && \ | ||
cd /usr/sbin && \ | ||
ln -sf /usr/sbin/iptables-legacy iptables && \ | ||
ln -sf /usr/sbin/ip6tables-legacy ip6tables && \ | ||
rm -rf /etc/localtime | ||
|
||
RUN mkdir -p /var/run/openvswitch && \ | ||
mkdir -p /var/run/ovn && \ | ||
mkdir -p /etc/cni/net.d && \ | ||
mkdir -p /opt/cni/bin | ||
|
||
ARG ARCH | ||
ENV CNI_VERSION=v1.2.0 | ||
RUN curl -sSf -L --retry 5 https://github.com/containernetworking/plugins/releases/download/${CNI_VERSION}/cni-plugins-linux-${ARCH}-${CNI_VERSION}.tgz | tar -xz -C . ./loopback ./portmap ./macvlan | ||
|
||
ENV KUBE_VERSION="v1.24.12" | ||
|
||
RUN curl -L https://dl.k8s.io/${KUBE_VERSION}/kubernetes-client-linux-${ARCH}.tar.gz | tar -xz -C . && cp ./kubernetes/client/bin/kubectl /usr/bin/kubectl \ | ||
&& chmod +x /usr/bin/kubectl && rm -rf ./kubernetes | ||
|
||
RUN --mount=type=bind,target=/packages,from=ovs-builder,source=/packages \ | ||
dpkg -i /packages/libopenvswitch*.deb && \ | ||
dpkg -i /packages/openvswitch-*.deb && \ | ||
dpkg -i /packages/python3-openvswitch*.deb &&\ | ||
dpkg -i --ignore-depends=openvswitch-switch,openvswitch-common /packages/ovn-*.deb | ||
|
||
ARG ARCH | ||
ENV DUMB_INIT_VERSION="1.2.5" | ||
RUN dump_arch="x86_64"; \ | ||
if [ "$ARCH" = "arm64" ]; then dump_arch="aarch64"; fi; \ | ||
curl -sSf -L --retry 5 -o /usr/bin/dumb-init https://github.com/Yelp/dumb-init/releases/download/v${DUMB_INIT_VERSION}/dumb-init_${DUMB_INIT_VERSION}_${dump_arch} && \ | ||
chmod +x /usr/bin/dumb-init | ||
|
||
COPY *.sh /kube-ovn/ | ||
COPY kubectl-ko /kube-ovn/kubectl-ko | ||
COPY 01-kube-ovn.conflist /kube-ovn/01-kube-ovn.conflist | ||
COPY logrotate/* /etc/logrotate.d/ | ||
COPY grace_stop_ovn_controller /usr/share/ovn/scripts/grace_stop_ovn_controller | ||
|
||
WORKDIR /kube-ovn | ||
|
||
RUN rm -f /usr/bin/nc &&\ | ||
rm -f /usr/bin/netcat | ||
|
||
COPY kube-ovn /kube-ovn/kube-ovn | ||
COPY kube-ovn-cmd /kube-ovn/kube-ovn-cmd | ||
COPY kube-ovn-webhook /kube-ovn/kube-ovn-webhook | ||
RUN ln -s /kube-ovn/kube-ovn-cmd /kube-ovn/kube-ovn-controller && \ | ||
ln -s /kube-ovn/kube-ovn-cmd /kube-ovn/kube-ovn-daemon && \ | ||
ln -s /kube-ovn/kube-ovn-cmd /kube-ovn/kube-ovn-monitor && \ | ||
ln -s /kube-ovn/kube-ovn-cmd /kube-ovn/kube-ovn-pinger && \ | ||
ln -s /kube-ovn/kube-ovn-cmd /kube-ovn/kube-ovn-speaker && \ | ||
ln -s /kube-ovn/kube-ovn-cmd /kube-ovn/kube-ovn-controller-healthcheck | ||
|
||
ENTRYPOINT ["/usr/bin/dumb-init", "--"] |