Skip to content

Commit

Permalink
Modify workflows, ci and manifest scripts for split images (#5903)
Browse files Browse the repository at this point in the history 
Signed-off-by: Pulkit Jain <[email protected]>
  • Loading branch information
@jainpulkit22
jainpulkit22 authored Jan 26, 2024
1 parent f3ffa7b commit 7880d78
Show file tree
Hide file tree
Showing 33 changed files with 221 additions and 111 deletions.
3 changes: 2 additions & 1 deletion .github/workflows/conformance.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -65,7 +65,8 @@ jobs:
sudo mv kind /usr/local/bin
- name: Create K8s cluster
run: |
# The command also loads local antrea/antrea-ubuntu:latest into Nodes if it exists.
# The command also loads local antrea/antrea-agent-ubuntu:latest and antrea/antrea-controller-ubuntu:latest
# into Nodes if they exist.
./ci/kind/kind-setup.sh create kind \
--k8s-version "${{ inputs.k8s-version }}"
- name: Install Antrea
Expand Down
20 changes: 13 additions & 7 deletions .github/workflows/kind.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -41,7 +41,7 @@ jobs:
run: |
./hack/build-antrea-linux-all.sh --pull --coverage
- name: Save Antrea image to tarball
run: docker save -o antrea-ubuntu.tar antrea/antrea-ubuntu-coverage:latest
run: docker save -o antrea-ubuntu.tar antrea/antrea-agent-ubuntu-coverage:latest antrea/antrea-controller-ubuntu-coverage:latest
- name: Upload Antrea image for subsequent jobs
uses: actions/upload-artifact@v4
with:
Expand Down Expand Up @@ -488,7 +488,8 @@ jobs:
- name: Load Antrea image
run: |
docker load -i antrea-ubuntu.tar
docker tag antrea/antrea-ubuntu-coverage:latest antrea/antrea-ubuntu:latest
docker tag antrea/antrea-agent-ubuntu-coverage:latest antrea/antrea-agent-ubuntu:latest
docker tag antrea/antrea-controller-ubuntu-coverage:latest antrea/antrea-controller-ubuntu:latest
- name: Install Kind
run: |
KIND_VERSION=$(head -n1 ./ci/kind/version)
Expand Down Expand Up @@ -533,7 +534,8 @@ jobs:
- name: Load Antrea image
run: |
docker load -i antrea-ubuntu.tar
docker tag antrea/antrea-ubuntu-coverage:latest antrea/antrea-ubuntu:latest
docker tag antrea/antrea-agent-ubuntu-coverage:latest antrea/antrea-agent-ubuntu:latest
docker tag antrea/antrea-controller-ubuntu-coverage:latest antrea/antrea-controller-ubuntu:latest
- name: Install Kind
run: |
KIND_VERSION=$(head -n1 ./ci/kind/version)
Expand Down Expand Up @@ -578,7 +580,8 @@ jobs:
- name: Load Antrea image
run: |
docker load -i antrea-ubuntu.tar
docker tag antrea/antrea-ubuntu-coverage:latest antrea/antrea-ubuntu:latest
docker tag antrea/antrea-agent-ubuntu-coverage:latest antrea/antrea-agent-ubuntu:latest
docker tag antrea/antrea-controller-ubuntu-coverage:latest antrea/antrea-controller-ubuntu:latest
- name: Install Kind
run: |
KIND_VERSION=$(head -n1 ./ci/kind/version)
Expand Down Expand Up @@ -623,7 +626,8 @@ jobs:
- name: Load Antrea image
run: |
docker load -i antrea-ubuntu.tar
docker tag antrea/antrea-ubuntu-coverage:latest antrea/antrea-ubuntu:latest
docker tag antrea/antrea-agent-ubuntu-coverage:latest antrea/antrea-agent-ubuntu:latest
docker tag antrea/antrea-controller-ubuntu-coverage:latest antrea/antrea-controller-ubuntu:latest
- name: Install Kind
run: |
KIND_VERSION=$(head -n1 ./ci/kind/version)
Expand Down Expand Up @@ -668,7 +672,8 @@ jobs:
- name: Load Antrea image
run: |
docker load -i antrea-ubuntu.tar
docker tag antrea/antrea-ubuntu-coverage:latest antrea/antrea-ubuntu:latest
docker tag antrea/antrea-agent-ubuntu-coverage:latest antrea/antrea-agent-ubuntu:latest
docker tag antrea/antrea-controller-ubuntu-coverage:latest antrea/antrea-controller-ubuntu:latest
- name: Install Kind
run: |
KIND_VERSION=$(head -n1 ./ci/kind/version)
Expand Down Expand Up @@ -710,7 +715,8 @@ jobs:
- name: Load Antrea image
run: |
docker load -i antrea-ubuntu.tar
docker tag antrea/antrea-ubuntu-coverage:latest antrea/antrea-ubuntu:latest
docker tag antrea/antrea-agent-ubuntu-coverage:latest antrea/antrea-agent-ubuntu:latest
docker tag antrea/antrea-controller-ubuntu-coverage:latest antrea/antrea-controller-ubuntu:latest
- name: Install Kind
run: |
KIND_VERSION=$(head -n1 ./ci/kind/version)
Expand Down
14 changes: 13 additions & 1 deletion .github/workflows/trivy_scan_before_release.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,9 +14,21 @@ jobs:
- name: Build Antrea Docker image
run: |
./hack/build-antrea-linux-all.sh --pull
- name: Run Trivy vulnerability scanner on Antrea Docker image
- name: Run Trivy vulnerability scanner on Antrea unified Docker image
uses: aquasecurity/[email protected]
with:
scan-type: 'image'
image-ref: 'antrea/antrea-ubuntu:latest'
trivy-config: '.trivy.yml'
- name: Run Trivy vulnerability scanner on the antrea-agent Docker image
uses: aquasecurity/[email protected]
with:
scan-type: 'image'
image-ref: 'antrea/antrea-agent-ubuntu:latest'
trivy-config: '.trivy.yml'
- name: Run Trivy vulnerability scanner on the antrea-controller Docker image
uses: aquasecurity/[email protected]
with:
scan-type: 'image'
image-ref: 'antrea/antrea-controller-ubuntu:latest'
trivy-config: '.trivy.yml'
4 changes: 3 additions & 1 deletion build/charts/antrea/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -52,6 +52,7 @@ Kubernetes: `>= 1.16.0-0`
| agent.priorityClassName | string | `"system-node-critical"` | Prority class to use for the antrea-agent Pods. |
| agent.tolerations | list | `[{"key":"CriticalAddonsOnly","operator":"Exists"},{"effect":"NoSchedule","operator":"Exists"},{"effect":"NoExecute","operator":"Exists"}]` | Tolerations for the antrea-agent Pods. |
| agent.updateStrategy | object | `{"type":"RollingUpdate"}` | Update strategy for the antrea-agent DaemonSet. |
| agentImage | object | `{"pullPolicy":"IfNotPresent","repository":"antrea/antrea-agent-ubuntu","tag":""}` | Container image to use for the antrea-agent component. |
| antreaProxy.defaultLoadBalancerMode | string | `"nat"` | Determines how external traffic is processed when it's load balanced across Nodes by default. It must be one of "nat" or "dsr". |
| antreaProxy.enable | bool | `true` | To disable AntreaProxy, set this to false. |
| antreaProxy.nodePortAddresses | list | `[]` | String array of values which specifies the host IPv4/IPv6 addresses for NodePort. By default, all host addresses are used. |
Expand Down Expand Up @@ -82,6 +83,7 @@ Kubernetes: `>= 1.16.0-0`
| controller.priorityClassName | string | `"system-cluster-critical"` | Prority class to use for the antrea-controller Pod. |
| controller.selfSignedCert | bool | `true` | Indicates whether to use auto-generated self-signed TLS certificates. If false, a Secret named "antrea-controller-tls" must be provided with the following keys: ca.crt, tls.crt, tls.key. |
| controller.tolerations | list | `[{"key":"CriticalAddonsOnly","operator":"Exists"},{"effect":"NoSchedule","key":"node-role.kubernetes.io/master"},{"effect":"NoSchedule","key":"node-role.kubernetes.io/control-plane"},{"effect":"NoExecute","key":"node.kubernetes.io/unreachable","operator":"Exists","tolerationSeconds":0}]` | Tolerations for the antrea-controller Pod. |
| controllerImage | object | `{"pullPolicy":"IfNotPresent","repository":"antrea/antrea-controller-ubuntu","tag":""}` | Container image to use for the antrea-controller component. |
| defaultMTU | int | `0` | Default MTU to use for the host gateway interface and the network interface of each Pod. By default, antrea-agent will discover the MTU of the Node's primary interface and adjust it to accommodate for tunnel encapsulation overhead if applicable. |
| disableTXChecksumOffload | bool | `false` | Disable TX checksum offloading for container network interfaces. It's supposed to be set to true when the datapath doesn't support TX checksum offloading, which causes packets to be dropped due to bad checksum. It affects Pods running on Linux Nodes only. |
| dnsServerOverride | string | `""` | Address of DNS server, to override the kube-dns Service. It's used to resolve hostnames in a FQDN policy. |
Expand All @@ -95,7 +97,7 @@ Kubernetes: `>= 1.16.0-0`
| flowExporter.flowPollInterval | string | `"5s"` | Determines how often the flow exporter polls for new connections. |
| flowExporter.idleFlowExportTimeout | string | `"15s"` | timeout after which a flow record is sent to the collector for idle flows. |
| hostGateway | string | `"antrea-gw0"` | Name of the interface antrea-agent will create and use for host <-> Pod communication. |
| image | object | `{"pullPolicy":"IfNotPresent","repository":"antrea/antrea-ubuntu","tag":""}` | Container image to use for Antrea components. |
| image | object | `{}` | Container image to use for Antrea components. DEPRECATED: use agentImage and controllerImage instead. |
| ipsec.authenticationMode | string | `"psk"` | The authentication mode to use for IPsec. Must be one of "psk" or "cert". |
| ipsec.csrSigner.autoApprove | bool | `true` | Enable auto approval of Antrea signer for IPsec certificates. |
| ipsec.csrSigner.selfSignedCA | bool | `true` | Whether or not to use auto-generated self-signed CA. |
Expand Down
50 changes: 49 additions & 1 deletion build/charts/antrea/templates/_helpers.tpl
View file
Original file line number Diff line number Diff line change
Expand Up @@ -18,8 +18,56 @@
{{- end }}
{{- end -}}

{{- define "antreaImage" -}}
{{- define "antreaAgentImageTag" -}}
{{- if .Values.agentImage.tag }}
{{- .Values.agentImage.tag -}}
{{- else if eq .Chart.AppVersion "latest" }}
{{- print "latest" -}}
{{- else }}
{{- print "v" .Chart.AppVersion -}}
{{- end }}
{{- end -}}

{{- define "antreaControllerImageTag" -}}
{{- if .Values.controllerImage.tag }}
{{- .Values.controllerImage.tag -}}
{{- else if eq .Chart.AppVersion "latest" }}
{{- print "latest" -}}
{{- else }}
{{- print "v" .Chart.AppVersion -}}
{{- end }}
{{- end -}}

{{- define "antreaControllerImage" -}}
{{- if .Values.image }}
{{- print .Values.image.repository ":" (include "antreaImageTag" .) -}}
{{- else }}
{{- print .Values.controllerImage.repository ":" (include "antreaControllerImageTag" .) -}}
{{- end }}
{{- end -}}

{{- define "antreaAgentImage" -}}
{{- if .Values.image }}
{{- print .Values.image.repository ":" (include "antreaImageTag" .) -}}
{{- else }}
{{- print .Values.agentImage.repository ":" (include "antreaAgentImageTag" .) -}}
{{- end }}
{{- end -}}

{{- define "antreaAgentImagePullPolicy" -}}
{{- if .Values.image }}
{{- print .Values.image.pullPolicy -}}
{{- else }}
{{- print .Values.agentImage.pullPolicy -}}
{{- end }}
{{- end -}}

{{- define "antreaControllerImagePullPolicy" -}}
{{- if .Values.image }}
{{- print .Values.image.pullPolicy -}}
{{- else }}
{{- print .Values.controllerImage.pullPolicy -}}
{{- end }}
{{- end -}}

{{- define "validateValues" -}}
Expand Down
16 changes: 8 additions & 8 deletions build/charts/antrea/templates/agent/daemonset.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -71,8 +71,8 @@ spec:
containers:
{{- end }}
- name: install-cni
image: {{ include "antreaImage" . | quote }}
imagePullPolicy: {{ .Values.image.pullPolicy }}
image: {{ include "antreaAgentImage" . | quote }}
imagePullPolicy: {{ include "antreaAgentImagePullPolicy" . }}
resources: {{- .Values.agent.installCNI.resources | toYaml | nindent 12 }}
{{- if eq .Values.trafficEncapMode "networkPolicyOnly" }}
command: ["install_cni_chaining"]
Expand Down Expand Up @@ -127,8 +127,8 @@ spec:
containers:
{{- end }}
- name: antrea-agent
image: {{ include "antreaImage" . | quote }}
imagePullPolicy: {{ .Values.image.pullPolicy }}
image: {{ include "antreaAgentImage" . | quote }}
imagePullPolicy: {{ include "antreaAgentImagePullPolicy" . }}
{{- if ((.Values.testing).coverage) }}
command: ["/bin/sh"]
args: ["-c", "sleep 2; antrea-agent-coverage -test.run=TestBincoverRunMain -test.coverprofile=antrea-agent.cov.out -args-file=/agent-arg-file; while true; do sleep 5 & wait $!; done"]
Expand Down Expand Up @@ -257,8 +257,8 @@ spec:
{{- toYaml . | trim | nindent 10 }}
{{- end }}
- name: antrea-ovs
image: {{ include "antreaImage" . | quote }}
imagePullPolicy: {{ .Values.image.pullPolicy }}
image: {{ include "antreaAgentImage" . | quote }}
imagePullPolicy: {{ include "antreaAgentImagePullPolicy" . }}
resources: {{- .Values.agent.antreaOVS.resources | toYaml | nindent 12 }}
command: ["start_ovs"]
args:
Expand Down Expand Up @@ -313,8 +313,8 @@ spec:
subPath: openvswitch
{{- if eq .Values.trafficEncryptionMode "ipsec" }}
- name: antrea-ipsec
image: {{ include "antreaImage" . | quote }}
imagePullPolicy: {{ .Values.image.pullPolicy }}
image: {{ include "antreaAgentImage" . | quote }}
imagePullPolicy: {{ include "antreaAgentImagePullPolicy" . }}
resources: {{- .Values.agent.antreaIPsec.resources | toYaml | nindent 12 }}
command: ["start_ovs_ipsec"]
livenessProbe:
Expand Down
4 changes: 2 additions & 2 deletions build/charts/antrea/templates/controller/deployment.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -60,8 +60,8 @@ spec:
serviceAccountName: antrea-controller
containers:
- name: antrea-controller
image: {{ include "antreaImage" . | quote }}
imagePullPolicy: {{ .Values.image.pullPolicy }}
image: {{ include "antreaControllerImage" . | quote }}
imagePullPolicy: {{ include "antreaControllerImagePullPolicy" . }}
resources: {{- .Values.controller.antreaController.resources | toYaml | nindent 12 }}
{{- if ((.Values.testing).coverage) }}
command: ["/bin/sh"]
Expand Down
12 changes: 10 additions & 2 deletions build/charts/antrea/values.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,14 @@
# -- Container image to use for Antrea components.
image:
repository: "antrea/antrea-ubuntu"
# DEPRECATED: use agentImage and controllerImage instead.
image: {}
# -- Container image to use for the antrea-agent component.
agentImage:
repository: "antrea/antrea-agent-ubuntu"
pullPolicy: "IfNotPresent"
tag: ""
# -- Container image to use for the antrea-controller component.
controllerImage:
repository: "antrea/antrea-controller-ubuntu"
pullPolicy: "IfNotPresent"
tag: ""

Expand Down
8 changes: 4 additions & 4 deletions build/yamls/antrea-aks.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6952,7 +6952,7 @@ spec:
initContainers:
containers:
- name: install-cni
image: "antrea/antrea-ubuntu:latest"
image: "antrea/antrea-agent-ubuntu:latest"
imagePullPolicy: IfNotPresent
resources:
requests:
Expand Down Expand Up @@ -6985,7 +6985,7 @@ spec:
- name: host-var-run-antrea
mountPath: /var/run/antrea
- name: antrea-agent
image: "antrea/antrea-ubuntu:latest"
image: "antrea/antrea-agent-ubuntu:latest"
imagePullPolicy: IfNotPresent
command: ["antrea-agent"]
# Log to both "/var/log/antrea/" and stderr (so "kubectl logs" can work).-
Expand Down Expand Up @@ -7076,7 +7076,7 @@ spec:
- name: xtables-lock
mountPath: /run/xtables.lock
- name: antrea-ovs
image: "antrea/antrea-ubuntu:latest"
image: "antrea/antrea-agent-ubuntu:latest"
imagePullPolicy: IfNotPresent
resources:
requests:
Expand Down Expand Up @@ -7192,7 +7192,7 @@ spec:
serviceAccountName: antrea-controller
containers:
- name: antrea-controller
image: "antrea/antrea-ubuntu:latest"
image: "antrea/antrea-controller-ubuntu:latest"
imagePullPolicy: IfNotPresent
resources:
requests:
Expand Down
8 changes: 4 additions & 4 deletions build/yamls/antrea-eks.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6951,7 +6951,7 @@ spec:
initContainers:
containers:
- name: install-cni
image: "antrea/antrea-ubuntu:latest"
image: "antrea/antrea-agent-ubuntu:latest"
imagePullPolicy: IfNotPresent
resources:
requests:
Expand Down Expand Up @@ -6984,7 +6984,7 @@ spec:
- name: host-var-run-antrea
mountPath: /var/run/antrea
- name: antrea-agent
image: "antrea/antrea-ubuntu:latest"
image: "antrea/antrea-agent-ubuntu:latest"
imagePullPolicy: IfNotPresent
command: ["antrea-agent"]
# Log to both "/var/log/antrea/" and stderr (so "kubectl logs" can work).-
Expand Down Expand Up @@ -7077,7 +7077,7 @@ spec:
- name: xtables-lock
mountPath: /run/xtables.lock
- name: antrea-ovs
image: "antrea/antrea-ubuntu:latest"
image: "antrea/antrea-agent-ubuntu:latest"
imagePullPolicy: IfNotPresent
resources:
requests:
Expand Down Expand Up @@ -7193,7 +7193,7 @@ spec:
serviceAccountName: antrea-controller
containers:
- name: antrea-controller
image: "antrea/antrea-ubuntu:latest"
image: "antrea/antrea-controller-ubuntu:latest"
imagePullPolicy: IfNotPresent
resources:
requests:
Expand Down
8 changes: 4 additions & 4 deletions build/yamls/antrea-gke.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6950,7 +6950,7 @@ spec:
serviceAccountName: antrea-agent
initContainers:
- name: install-cni
image: "antrea/antrea-ubuntu:latest"
image: "antrea/antrea-agent-ubuntu:latest"
imagePullPolicy: IfNotPresent
resources:
requests:
Expand Down Expand Up @@ -6983,7 +6983,7 @@ spec:
mountPath: /var/run/antrea
containers:
- name: antrea-agent
image: "antrea/antrea-ubuntu:latest"
image: "antrea/antrea-agent-ubuntu:latest"
imagePullPolicy: IfNotPresent
command: ["antrea-agent"]
# Log to both "/var/log/antrea/" and stderr (so "kubectl logs" can work).-
Expand Down Expand Up @@ -7074,7 +7074,7 @@ spec:
- name: xtables-lock
mountPath: /run/xtables.lock
- name: antrea-ovs
image: "antrea/antrea-ubuntu:latest"
image: "antrea/antrea-agent-ubuntu:latest"
imagePullPolicy: IfNotPresent
resources:
requests:
Expand Down Expand Up @@ -7190,7 +7190,7 @@ spec:
serviceAccountName: antrea-controller
containers:
- name: antrea-controller
image: "antrea/antrea-ubuntu:latest"
image: "antrea/antrea-controller-ubuntu:latest"
imagePullPolicy: IfNotPresent
resources:
requests:
Expand Down
Loading

0 comments on commit 7880d78

Please sign in to comment.