Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Upgrade Antrea base image to ubuntu:22.04 #4459

Merged
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 4 additions & 2 deletions Makefile
Original file line number Diff line number Diff line change
Expand Up @@ -12,14 +12,16 @@ OVS_VERSION := $(shell head -n 1 build/images/deps/ovs-version)
GO_VERSION := $(shell head -n 1 build/images/deps/go-version)
CNI_BINARIES_VERSION := $(shell head -n 1 build/images/deps/cni-binaries-version)
NANOSERVER_VERSION := $(shell head -n 1 build/images/deps/nanoserver-version)
BUILD_TAG := $(shell build/images/build-tag.sh)
WIN_BUILD_TAG := $(shell echo $(GO_VERSION) $(CNI_BINARIES_VERSION) $(NANOSERVER_VERSION)|md5sum|head -c 10)
GIT_HOOKS := $(shell find hack/git_client_side_hooks -type f -print)
DOCKER_NETWORK ?= default
TRIVY_TARGET_IMAGE ?=

DOCKER_BUILD_ARGS = --build-arg OVS_VERSION=$(OVS_VERSION)
DOCKER_BUILD_ARGS := --build-arg OVS_VERSION=$(OVS_VERSION)
DOCKER_BUILD_ARGS += --build-arg GO_VERSION=$(GO_VERSION)
WIN_BUILD_ARGS = --build-arg GO_VERSION=$(GO_VERSION)
DOCKER_BUILD_ARGS += --build-arg BUILD_TAG=$(BUILD_TAG)
WIN_BUILD_ARGS := --build-arg GO_VERSION=$(GO_VERSION)
WIN_BUILD_ARGS += --build-arg CNI_BINARIES_VERSION=$(CNI_BINARIES_VERSION)
WIN_BUILD_ARGS += --build-arg NANOSERVER_VERSION=$(NANOSERVER_VERSION)
WIN_BUILD_ARGS += --build-arg WIN_BUILD_TAG=$(WIN_BUILD_TAG)
Expand Down
4 changes: 2 additions & 2 deletions build/images/Dockerfile.build.coverage
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,7 @@
# limitations under the License.

ARG GO_VERSION
ARG OVS_VERSION
ARG BUILD_TAG
FROM golang:${GO_VERSION} as antrea-build

WORKDIR /antrea
Expand All @@ -27,7 +27,7 @@ COPY . /antrea
RUN make antrea-agent antrea-controller antrea-cni antctl-linux antrea-controller-instr-binary antrea-agent-instr-binary antctl-instr-binary
RUN mv bin/antctl-linux bin/antctl

FROM antrea/base-ubuntu:${OVS_VERSION}
FROM antrea/base-ubuntu:${BUILD_TAG}

LABEL maintainer="Antrea <[email protected]>"
LABEL description="The Docker image to deploy the Antrea CNI with code coverage measurement enabled (used for testing)."
Expand Down
4 changes: 2 additions & 2 deletions build/images/Dockerfile.build.ubi
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,7 @@
# limitations under the License.

ARG GO_VERSION
ARG OVS_VERSION
ARG BUILD_TAG
FROM golang:${GO_VERSION} as antrea-build

WORKDIR /antrea
Expand All @@ -27,7 +27,7 @@ COPY . /antrea
RUN make antrea-agent antrea-controller antrea-cni antctl-linux
RUN mv bin/antctl-linux bin/antctl

FROM antrea/base-ubi:${OVS_VERSION}
FROM antrea/base-ubi:${BUILD_TAG}

LABEL maintainer="Antrea <[email protected]>"
LABEL description="The Docker image to deploy the Antrea CNI. "
Expand Down
4 changes: 2 additions & 2 deletions build/images/Dockerfile.build.ubuntu
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,7 @@
# limitations under the License.

ARG GO_VERSION
ARG OVS_VERSION
ARG BUILD_TAG
FROM golang:${GO_VERSION} as antrea-build

WORKDIR /antrea
Expand All @@ -27,7 +27,7 @@ COPY . /antrea
RUN make antrea-agent antrea-controller antrea-cni antctl-linux
RUN mv bin/antctl-linux bin/antctl

FROM antrea/base-ubuntu:${OVS_VERSION}
FROM antrea/base-ubuntu:${BUILD_TAG}

LABEL maintainer="Antrea <[email protected]>"
LABEL description="The Docker image to deploy the Antrea CNI."
Expand Down
4 changes: 2 additions & 2 deletions build/images/Dockerfile.ubuntu
Original file line number Diff line number Diff line change
Expand Up @@ -12,8 +12,8 @@
# See the License for the specific language governing permissions and
# limitations under the License.

ARG OVS_VERSION
FROM antrea/base-ubuntu:${OVS_VERSION}
ARG BUILD_TAG
FROM antrea/base-ubuntu:${BUILD_TAG}

LABEL maintainer="Antrea <[email protected]>"
LABEL description="The Docker image to deploy the Antrea CNI."
Expand Down
6 changes: 3 additions & 3 deletions build/images/base/Dockerfile
Original file line number Diff line number Diff line change
Expand Up @@ -12,8 +12,8 @@
# See the License for the specific language governing permissions and
# limitations under the License.

ARG OVS_VERSION
FROM ubuntu:20.04 as cni-binaries
ARG BUILD_TAG
FROM ubuntu:22.04 as cni-binaries

ARG CNI_BINARIES_VERSION
ARG WHEREABOUTS_VERSION=v0.5.4
Expand All @@ -37,7 +37,7 @@ RUN set -eux; \
wget -q -O - https://github.com/containernetworking/plugins/releases/download/$CNI_BINARIES_VERSION/cni-plugins-linux-${pluginsArch}-$CNI_BINARIES_VERSION.tgz | tar xz -C /opt/cni/bin $CNI_PLUGINS; \
wget -q -O /opt/cni/bin/whereabouts https://github.com/k8snetworkplumbingwg/whereabouts/releases/download/$WHEREABOUTS_VERSION/whereabouts-${pluginsArch} && chmod +x /opt/cni/bin/whereabouts

FROM antrea/openvswitch:${OVS_VERSION}
FROM antrea/openvswitch:${BUILD_TAG}

LABEL maintainer="Antrea <[email protected]>"
LABEL description="An Ubuntu based Docker base image for Antrea."
Expand Down
6 changes: 3 additions & 3 deletions build/images/base/Dockerfile.ubi
Original file line number Diff line number Diff line change
Expand Up @@ -12,8 +12,8 @@
# See the License for the specific language governing permissions and
# limitations under the License.

ARG OVS_VERSION
FROM ubuntu:20.04 as cni-binaries
ARG BUILD_TAG
FROM ubuntu:22.04 as cni-binaries

ARG CNI_BINARIES_VERSION
ARG WHEREABOUTS_VERSION=v0.5.1
Expand All @@ -37,7 +37,7 @@ RUN set -eux; \
wget -q -O - https://github.com/containernetworking/plugins/releases/download/$CNI_BINARIES_VERSION/cni-plugins-linux-${pluginsArch}-$CNI_BINARIES_VERSION.tgz | tar xz -C /opt/cni/bin $CNI_PLUGINS; \
wget -q -O /opt/cni/bin/whereabouts https://github.com/k8snetworkplumbingwg/whereabouts/releases/download/$WHEREABOUTS_VERSION/whereabouts-${pluginsArch} && chmod +x /opt/cni/bin/whereabouts

FROM antrea/openvswitch-ubi:${OVS_VERSION}
FROM antrea/openvswitch-ubi:${BUILD_TAG}

LABEL maintainer="Antrea <[email protected]>"
LABEL description="An UBI8 based Docker base image for Antrea."
Expand Down
35 changes: 18 additions & 17 deletions build/images/base/build.sh
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,7 @@ function echoerr {
}

_usage="Usage: $0 [--pull] [--push] [--platform <PLATFORM>] [--distro [ubuntu|ubi]]
Build the antrea/base-ubuntu:<OVS_VERSION> image.
Build the antrea base image.
--pull Always attempt to pull a newer version of the base images
--push Push the built image to the registry
--platform <PLATFORM> Target platform for the image if server is multi-platform capable
Expand Down Expand Up @@ -90,28 +90,29 @@ THIS_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )"

pushd $THIS_DIR > /dev/null

OVS_VERSION=$(head -n 1 ../deps/ovs-version)
CNI_BINARIES_VERSION=$(head -n 1 ../deps/cni-binaries-version)

BUILD_TAG=$(../build-tag.sh)

if $PULL; then
if [[ ${DOCKER_REGISTRY} == "" ]]; then
docker pull $PLATFORM_ARG ubuntu:20.04
docker pull $PLATFORM_ARG ubuntu:22.04
else
docker pull ${DOCKER_REGISTRY}/antrea/ubuntu:20.04
docker tag ${DOCKER_REGISTRY}/antrea/ubuntu:20.04 ubuntu:20.04
docker pull ${DOCKER_REGISTRY}/antrea/ubuntu:22.04
docker tag ${DOCKER_REGISTRY}/antrea/ubuntu:22.04 ubuntu:22.04
fi

if [ "$DISTRO" == "ubuntu" ]; then
IMAGES_LIST=(
"antrea/openvswitch:$OVS_VERSION"
"antrea/openvswitch:$BUILD_TAG"
"antrea/cni-binaries:$CNI_BINARIES_VERSION"
"antrea/base-ubuntu:$OVS_VERSION"
"antrea/base-ubuntu:$BUILD_TAG"
)
elif [ "$DISTRO" == "ubi" ]; then
IMAGES_LIST=(
"antrea/openvswitch-ubi:$OVS_VERSION"
"antrea/openvswitch-ubi:$BUILD_TAG"
"antrea/cni-binaries:$CNI_BINARIES_VERSION"
"antrea/base-ubi:$OVS_VERSION"
"antrea/base-ubi:$BUILD_TAG"
)
fi
for image in "${IMAGES_LIST[@]}"; do
Expand All @@ -131,28 +132,28 @@ docker build $PLATFORM_ARG --target cni-binaries \
--cache-from antrea/cni-binaries:$CNI_BINARIES_VERSION \
-t antrea/cni-binaries:$CNI_BINARIES_VERSION \
--build-arg CNI_BINARIES_VERSION=$CNI_BINARIES_VERSION \
--build-arg OVS_VERSION=$OVS_VERSION .
--build-arg BUILD_TAG=$BUILD_TAG .

if [ "$DISTRO" == "ubuntu" ]; then
docker build $PLATFORM_ARG \
--cache-from antrea/cni-binaries:$CNI_BINARIES_VERSION \
--cache-from antrea/base-ubuntu:$OVS_VERSION \
-t antrea/base-ubuntu:$OVS_VERSION \
--cache-from antrea/base-ubuntu:$BUILD_TAG \
-t antrea/base-ubuntu:$BUILD_TAG \
--build-arg CNI_BINARIES_VERSION=$CNI_BINARIES_VERSION \
--build-arg OVS_VERSION=$OVS_VERSION .
--build-arg BUILD_TAG=$BUILD_TAG .
elif [ "$DISTRO" == "ubi" ]; then
docker build $PLATFORM_ARG \
--cache-from antrea/cni-binaries:$CNI_BINARIES_VERSION \
--cache-from antrea/base-ubuntu:$OVS_VERSION \
-t antrea/base-ubi:$OVS_VERSION \
--cache-from antrea/base-ubi:$BUILD_TAG \
-t antrea/base-ubi:$BUILD_TAG \
-f Dockerfile.ubi \
--build-arg CNI_BINARIES_VERSION=$CNI_BINARIES_VERSION \
--build-arg OVS_VERSION=$OVS_VERSION .
--build-arg BUILD_TAG=$BUILD_TAG .
fi

if $PUSH; then
docker push antrea/cni-binaries:$CNI_BINARIES_VERSION
docker push antrea/base-$DISTRO:$OVS_VERSION
docker push antrea/base-$DISTRO:$BUILD_TAG
fi

popd > /dev/null
27 changes: 27 additions & 0 deletions build/images/build-tag.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,27 @@
#!/usr/bin/env bash

# Copyright 2022 Antrea Authors
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

# build_tag is used to generate the tag for all the base images
# (e.g. antrea/openvswitch) used as part of the build chain to produce the
# Antrea (Linux) images.
function build_tag() {
local this_dir="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )"
local antrea_version=$(head -n 1 $this_dir/../../VERSION | cut -f1,2 -d'.')
local tag="antrea-${antrea_version}"
echo "$tag"
}

echo "$(build_tag "$@")"
6 changes: 3 additions & 3 deletions build/images/ovs/Dockerfile
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@
# See the License for the specific language governing permissions and
# limitations under the License.

FROM ubuntu:20.04 as ovs-debs
FROM ubuntu:22.04 as ovs-debs

# Some patches may not apply cleanly if a non-default version is provided.
# See build/images/deps/ovs-version for the default version.
Expand All @@ -39,10 +39,10 @@ RUN wget -q -O - https://www.openvswitch.org/releases/openvswitch-$OVS_VERSION.t
cd / && rm -rf /tmp/openvswitch*


FROM ubuntu:20.04
FROM ubuntu:22.04

LABEL maintainer="Antrea <[email protected]>"
LABEL description="A Docker image based on Ubuntu 20.04 which includes Open vSwitch built from source."
LABEL description="A Docker image based on Ubuntu 22.04 which includes Open vSwitch built from source."

COPY --from=ovs-debs /tmp/ovs-debs/* /tmp/ovs-debs/
COPY charon-logging.conf /tmp
Expand Down
17 changes: 6 additions & 11 deletions build/images/ovs/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -2,14 +2,13 @@

This directory contains utilities to build a Docker image which includes Open
vSwitch (OVS) built from source. We build OVS from source because some features
of Antrea (such as IPsec) require a recent version of OVS, more recent than the
version included in Ubuntu 20.04. The built image is then used as the base image
for the Antrea main Docker image.
of Antrea (such as IPsec) may require a recent version of OVS, more recent than
the version included in the base distribution. The built image is then used as
the base image for the Antrea main Docker image.

The image is re-built and pushed to Dockerhub periodically (every 12 hours) by a
[Github workflow](/.github/workflows/update_ovs_image.yml). Therefore, there
should be no need to update the registry image manually. If it's needed for any
reason, you can follow the instructions below.
The image is re-built and pushed to Dockerhub every time the main branch is
updated. Therefore, there should be no need to update the registry image
manually. If it's needed for any reason, you can follow the instructions below.

## Manually building the image and pushing it to Dockerhub

Expand All @@ -18,9 +17,5 @@ cd build/images/ovs
./build.sh --pull --push
```

The image will be pushed to Dockerhub as `antrea/openvswitch:<OVS_VERSION>`. The
OVS version used is determined by the contents of the
`build/images/deps/ovs-version` file.

The script will fail if you do not have permission to push to the `antrea`
Dockerhub repository.
6 changes: 3 additions & 3 deletions build/images/ovs/apply-patches.sh
Original file line number Diff line number Diff line change
Expand Up @@ -100,7 +100,7 @@ if version_lt "$OVS_VERSION" "2.18.0" ; then
fi

# OVS hardcodes the installation path to /usr/lib/python3.7/dist-packages/ but this location
# does not seem to be in the Python path in Ubuntu 20.04. There may be a better way to do this,
# does not seem to be in the Python path in Ubuntu 22.04. There may be a better way to do this,
# but this seems like an acceptable workaround.
sed -i 's/python3\.7/python3\.8/' debian/openvswitch-test.install
sed -i 's/python3\.7/python3\.8/' debian/python3-openvswitch.install
sed -i 's/python3\.7/python3\.10/' debian/openvswitch-test.install
sed -i 's/python3\.7/python3\.10/' debian/python3-openvswitch.install
46 changes: 24 additions & 22 deletions build/images/ovs/build.sh
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,7 @@ function echoerr {
}

_usage="Usage: $0 [--pull] [--push] [--platform <PLATFORM>] [--distro [ubuntu|ubi]]
Build the antrea/base-ubuntu:<OVS_VERSION> image.
Build the antrea openvswitch image.
--pull Always attempt to pull a newer version of the base images
--push Push the built image to the registry
--platform <PLATFORM> Target platform for the image if server is multi-platform capable
Expand Down Expand Up @@ -92,6 +92,8 @@ pushd $THIS_DIR > /dev/null

OVS_VERSION=$(head -n 1 ../deps/ovs-version)

BUILD_TAG=$(../build-tag.sh)

# This is a bit complicated but we make sure that we only build OVS if
# necessary, and at the moment --cache-from does not play nicely with multistage
# builds: we need to push the intermediate image to the registry. Note that the
Expand All @@ -101,20 +103,20 @@ OVS_VERSION=$(head -n 1 ../deps/ovs-version)

if $PULL; then
if [[ ${DOCKER_REGISTRY} == "" ]]; then
docker pull $PLATFORM_ARG ubuntu:20.04
docker pull $PLATFORM_ARG ubuntu:22.04
else
docker pull ${DOCKER_REGISTRY}/antrea/ubuntu:20.04
docker tag ${DOCKER_REGISTRY}/antrea/ubuntu:20.04 ubuntu:20.04
docker pull ${DOCKER_REGISTRY}/antrea/ubuntu:22.04
docker tag ${DOCKER_REGISTRY}/antrea/ubuntu:22.04 ubuntu:22.04
fi
if [ "$DISTRO" == "ubuntu" ]; then
IMAGES_LIST=(
"antrea/openvswitch-debs:$OVS_VERSION"
"antrea/openvswitch:$OVS_VERSION"
"antrea/openvswitch-debs:$BUILD_TAG"
"antrea/openvswitch:$BUILD_TAG"
)
elif [ "$DISTRO" == "ubi" ]; then
IMAGES_LIST=(
"antrea/openvswitch-rpms:$OVS_VERSION"
"antrea/openvswitch-ubi:$OVS_VERSION"
"antrea/openvswitch-rpms:$BUILD_TAG"
"antrea/openvswitch-ubi:$BUILD_TAG"
)
fi
for image in "${IMAGES_LIST[@]}"; do
Expand All @@ -132,37 +134,37 @@ fi

if [ "$DISTRO" == "ubuntu" ]; then
docker build $PLATFORM_ARG --target ovs-debs \
--cache-from antrea/openvswitch-debs:$OVS_VERSION \
-t antrea/openvswitch-debs:$OVS_VERSION \
--cache-from antrea/openvswitch-debs:$BUILD_TAG \
-t antrea/openvswitch-debs:$BUILD_TAG \
--build-arg OVS_VERSION=$OVS_VERSION .

docker build $PLATFORM_ARG \
--cache-from antrea/openvswitch-debs:$OVS_VERSION \
--cache-from antrea/openvswitch:$OVS_VERSION \
-t antrea/openvswitch:$OVS_VERSION \
--cache-from antrea/openvswitch-debs:$BUILD_TAG \
--cache-from antrea/openvswitch:$BUILD_TAG \
-t antrea/openvswitch:$BUILD_TAG \
--build-arg OVS_VERSION=$OVS_VERSION .
elif [ "$DISTRO" == "ubi" ]; then
docker build $PLATFORM_ARG --target ovs-rpms \
--cache-from antrea/openvswitch-rpms:$OVS_VERSION \
-t antrea/openvswitch-rpms:$OVS_VERSION \
--cache-from antrea/openvswitch-rpms:$BUILD_TAG \
-t antrea/openvswitch-rpms:$BUILD_TAG \
--build-arg OVS_VERSION=$OVS_VERSION \
-f Dockerfile.ubi .

docker build \
--cache-from antrea/openvswitch-rpms:$OVS_VERSION \
--cache-from antrea/openvswitch-ubi:$OVS_VERSION \
-t antrea/openvswitch-ubi:$OVS_VERSION \
--cache-from antrea/openvswitch-rpms:$BUILD_TAG \
--cache-from antrea/openvswitch-ubi:$BUILD_TAG \
-t antrea/openvswitch-ubi:$BUILD_TAG \
--build-arg OVS_VERSION=$OVS_VERSION \
-f Dockerfile.ubi .
fi

if $PUSH; then
if [ "$DISTRO" == "ubuntu" ]; then
docker push antrea/openvswitch-debs:$OVS_VERSION
docker push antrea/openvswitch:$OVS_VERSION
docker push antrea/openvswitch-debs:$BUILD_TAG
docker push antrea/openvswitch:$BUILD_TAG
elif [ "$DISTRO" == "ubi" ]; then
docker push antrea/openvswitch-rpms:$OVS_VERSION
docker push antrea/openvswitch-ubi:$OVS_VERSION
docker push antrea/openvswitch-rpms:$BUILD_TAG
docker push antrea/openvswitch-ubi:$BUILD_TAG
fi
fi

Expand Down
Loading