forked from antrea-io/antrea
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Upgrade base image of UBI to UBI9 (antrea-io#5737)
- Switch to centos:stream9 to build OVS - Use bind mount to reduce intermediate layers Signed-off-by: Xu Liu <[email protected]>
- Loading branch information
1 parent
d8555ea
commit ae572d8
Showing
8 changed files
with
50 additions
and
42 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -13,7 +13,7 @@ | |
# limitations under the License. | ||
|
||
ARG BUILD_TAG | ||
FROM registry.access.redhat.com/ubi8 as antrea-build | ||
FROM registry.access.redhat.com/ubi9 as antrea-build | ||
|
||
ADD https://go.dev/dl/?mode=json&include=all go-versions.json | ||
|
||
|
@@ -54,7 +54,7 @@ RUN --mount=type=cache,target=/go/pkg/mod/ \ | |
--mount=type=cache,target=/root/.cache/go-build/ \ | ||
make antrea-controller | ||
|
||
FROM registry.access.redhat.com/ubi8 | ||
FROM registry.access.redhat.com/ubi9 | ||
|
||
LABEL maintainer="Antrea <[email protected]>" | ||
LABEL description="The Docker image to deploy the antrea-controller." | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -40,7 +40,7 @@ FROM antrea/openvswitch-ubi:${BUILD_TAG} | |
ARG SURICATA_VERSION | ||
|
||
LABEL maintainer="Antrea <[email protected]>" | ||
LABEL description="An UBI8 based Docker base image for Antrea." | ||
LABEL description="An UBI9 based Docker base image for Antrea." | ||
|
||
USER root | ||
|
||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,23 +1,27 @@ | ||
[AppStream] | ||
name=CentOS-8-stream - AppStream | ||
mirrorlist=http://mirrorlist.centos.org/?release=8-stream&arch=$basearch&repo=AppStream&infra=$infra | ||
#baseurl=http://mirror.centos.org/$contentdir/8-stream/AppStream/$basearch/os/ | ||
[appstream] | ||
name=CentOS Stream $releasever - AppStream | ||
metalink=https://mirrors.centos.org/metalink?repo=centos-appstream-9-stream&arch=$basearch&protocol=https,http | ||
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial | ||
gpgcheck=1 | ||
enabled=1 | ||
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial | ||
|
||
[BaseOS] | ||
name=CentOS-8-stream - Base | ||
mirrorlist=http://mirrorlist.centos.org/?release=8-stream&arch=$basearch&repo=BaseOS&infra=$infra | ||
#baseurl=http://mirror.centos.org/$contentdir/8-stream/BaseOS/$basearch/os/ | ||
[baseos] | ||
name=CentOS Stream $releasever - BaseOS | ||
metalink=https://mirrors.centos.org/metalink?repo=centos-baseos-9-stream&arch=$basearch&protocol=https,http | ||
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial | ||
gpgcheck=1 | ||
enabled=1 | ||
|
||
[crb] | ||
name=CentOS Stream $releasever - CRB | ||
metalink=https://mirrors.centos.org/metalink?repo=centos-crb-9-stream&arch=$basearch&protocol=https,http | ||
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial | ||
gpgcheck=1 | ||
enabled=1 | ||
|
||
[extras] | ||
name=CentOS-8-stream - Extras | ||
mirrorlist=http://mirrorlist.centos.org/?release=8-stream&arch=$basearch&repo=extras&infra=$infra | ||
#baseurl=http://mirror.centos.org/$contentdir/8-stream/extras/$basearch/os/ | ||
[extras-common] | ||
name=CentOS Stream $releasever - Extras packages | ||
metalink=https://mirrors.centos.org/metalink?repo=centos-extras-sig-extras-common-9-stream&arch=$basearch&protocol=https,http | ||
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-SIG-Extras | ||
gpgcheck=1 | ||
enabled=1 | ||
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -12,21 +12,21 @@ | |
# See the License for the specific language governing permissions and | ||
# limitations under the License. | ||
|
||
# OVS build scripts are only applicable for RHEL 7.x: | ||
# https://docs.openvswitch.org/en/latest/intro/install/fedora/ | ||
FROM centos:centos7 as ovs-rpms | ||
|
||
FROM quay.io/centos/centos:stream9 as ovs-rpms | ||
# Some patches may not apply cleanly if a non-default version is provided. | ||
# See build/images/deps/ovs-version for the default version. | ||
ARG OVS_VERSION | ||
|
||
# Install RPM tools and generic build dependencies. | ||
RUN yum update -y && yum install wget git yum-utils python38 rpm-build epel-release -y | ||
RUN yum clean all -y && yum -y install wget git yum-utils python3 rpm-build && \ | ||
sed -i 's/enabled=.*/enabled=1/g' /etc/yum.repos.d/centos.repo | ||
|
||
COPY apply-patches.sh / | ||
COPY charon-logging.conf /tmp | ||
COPY CentOS.repo /tmp | ||
|
||
# Download OVS source code | ||
RUN wget -q -O - https://www.openvswitch.org/releases/openvswitch-$OVS_VERSION.tar.gz | tar xz -C /tmp | ||
RUN wget -q -O - https://www.openvswitch.org/releases/openvswitch-$OVS_VERSION.tar.gz | tar xz -C /tmp | ||
RUN cd /tmp/openvswitch* && \ | ||
/apply-patches.sh && \ | ||
sed -e "s/@VERSION@/$OVS_VERSION/" rhel/openvswitch-fedora.spec.in > /tmp/ovs.spec && \ | ||
|
@@ -39,30 +39,30 @@ RUN cd /tmp/openvswitch* && \ | |
mv /tmp/openvswitch-$OVS_VERSION/rpm/rpmbuild/RPMS/*/*.rpm /tmp/ovs-rpms && \ | ||
rm -rf /tmp/openvswitch* | ||
|
||
|
||
FROM registry.access.redhat.com/ubi8 | ||
FROM registry.access.redhat.com/ubi9 | ||
ARG OVS_VERSION | ||
|
||
LABEL maintainer="Antrea <[email protected]>" | ||
LABEL description="A Docker image based on UBI8 which includes Open vSwitch built from source." | ||
LABEL description="A Docker image based on UBI9 which includes Open vSwitch built from source." | ||
|
||
# Change Repository from UBI8’s to CentOS because UBI8's repository does not contain | ||
# enough packages required by OVS installation. | ||
# Using the official RHEL repository would be the best choice but it's not publicly accessible. | ||
COPY CentOS.repo /tmp/CentOS.repo | ||
COPY charon-logging.conf /tmp | ||
COPY --from=ovs-rpms /tmp/ovs-rpms/* /tmp/ovs-rpms/ | ||
RUN rm -f /etc/yum.repos.d/* && mv /tmp/CentOS.repo /etc/yum.repos.d/CentOS.repo && \ | ||
curl https://www.centos.org/keys/RPM-GPG-KEY-CentOS-Official -o /etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial && \ | ||
RUN --mount=type=bind,from=ovs-rpms,source=/tmp/,target=/tmp/build \ | ||
# Disable the default redhat.repo. This substitutes `subscription-manager config --rhsm.manage_repos=0` | ||
# as subscription-manager is not supported running in containers. | ||
sed -i.bak "s/^manage_repos = .$/manage_repos = 0/g" /etc/rhsm/rhsm.conf && \ | ||
yum install /tmp/ovs-rpms/* -y && yum install epel-release -y && \ | ||
yum install iptables logrotate -y && \ | ||
# Change Repository from UBI to CentOS because UBI repository does not contain | ||
# enough packages required by OVS installation. | ||
# Using the official RHEL repository would be the best choice but it's not publicly accessible. | ||
rm -f /etc/yum.repos.d/* && cp /tmp/build/CentOS.repo /etc/yum.repos.d/CentOS.repo && \ | ||
curl https://www.centos.org/keys/RPM-GPG-KEY-CentOS-Official -o /etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial && \ | ||
curl https://www.centos.org/keys/RPM-GPG-KEY-CentOS-SIG-Extras -o /etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-SIG-Extras && \ | ||
yum install iptables-nft logrotate epel-release -y && \ | ||
pushd /tmp/build/ovs-rpms && \ | ||
yum install openvswitch-${OVS_VERSION}-*.rpm openvswitch-ipsec-${OVS_VERSION}-*.rpm python3-openvswitch-${OVS_VERSION}-*.rpm -y && \ | ||
popd && \ | ||
mv /etc/logrotate.d/openvswitch /etc/logrotate.d/openvswitch-switch && \ | ||
sed -i "/rotate /a\ #size 100M" /etc/logrotate.d/openvswitch-switch && \ | ||
# https://github.com/libreswan/libreswan/blob/main/programs/setup/setup.in | ||
# The init system is configured to systemd by default. Change it to namespaces | ||
# to spawn the ipsec process directly. | ||
sed -i 's/^initsystem=.*$/initsystem="namespaces"/' /usr/libexec/ipsec/setup && \ | ||
rm /etc/rhsm/rhsm.conf.bak && \ | ||
rm -rf /tmp/* && yum clean all | ||
rm /etc/rhsm/rhsm.conf.bak && yum clean all |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters