Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Automated cherry pick of #5988: Disable cgo for all Antrea binaries (#5988) #6126

Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
26 changes: 15 additions & 11 deletions Makefile
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,10 @@ SHELL := /bin/bash
GO ?= go
LDFLAGS :=
GOFLAGS :=
# By default, disable cgo for all Go binaries.
# For binaries meant to be published as release assets or copied to a different host, cgo should
# always be disabled.
CGO_ENABLED ?= 0
BINDIR ?= $(CURDIR)/bin
GO_FILES := $(shell find . -type d -name '.cache' -prune -o -type f -name '*.go' -print)
GOPATH ?= $$($(GO) env GOPATH)
Expand Down Expand Up @@ -33,6 +37,8 @@ WIN_BUILD_ARGS += --build-arg NANOSERVER_VERSION=$(NANOSERVER_VERSION)
WIN_BUILD_ARGS += --build-arg WIN_BUILD_TAG=$(WIN_BUILD_TAG)
WIN_BUILD_ARGS += --build-arg WIN_BUILD_OVS_TAG=$(WIN_BUILD_OVS_TAG)

export CGO_ENABLED

.PHONY: all
all: build

Expand Down Expand Up @@ -78,7 +84,7 @@ antrea-agent:
.PHONY: antrea-agent-release
antrea-agent-release:
@mkdir -p $(BINDIR)
@CGO_ENABLED=0 $(GO) build -o $(BINDIR)/$(ANTREA_AGENT_BINARY_NAME) $(GOFLAGS) -ldflags '$(LDFLAGS)' antrea.io/antrea/cmd/antrea-agent
$(GO) build -o $(BINDIR)/$(ANTREA_AGENT_BINARY_NAME) $(GOFLAGS) -ldflags '$(LDFLAGS)' antrea.io/antrea/cmd/antrea-agent

.PHONY: antrea-agent-simulator
antrea-agent-simulator:
Expand All @@ -104,29 +110,25 @@ antrea-controller-instr-binary:
@mkdir -p $(BINDIR)
GOOS=linux $(GO) test -tags testbincover -covermode count -coverpkg=antrea.io/antrea/pkg/... -c -o $(BINDIR)/antrea-controller-coverage $(GOFLAGS) -ldflags '$(LDFLAGS)' antrea.io/antrea/cmd/antrea-controller

# diable cgo for antrea-cni since it can be installed on some systems with
# incompatible or missing system libraries.
.PHONY: antrea-cni
antrea-cni:
@mkdir -p $(BINDIR)
GOOS=linux CGO_ENABLED=0 $(GO) build -o $(BINDIR) $(GOFLAGS) -ldflags '$(LDFLAGS)' antrea.io/antrea/cmd/antrea-cni
GOOS=linux $(GO) build -o $(BINDIR) $(GOFLAGS) -ldflags '$(LDFLAGS)' antrea.io/antrea/cmd/antrea-cni

.PHONY: antrea-cni
antrea-cni-release:
@mkdir -p $(BINDIR)
@CGO_ENABLED=0 $(GO) build -o $(BINDIR)/$(ANTREA_CNI_BINARY_NAME) $(GOFLAGS) -ldflags '$(LDFLAGS)' antrea.io/antrea/cmd/antrea-cni
$(GO) build -o $(BINDIR)/$(ANTREA_CNI_BINARY_NAME) $(GOFLAGS) -ldflags '$(LDFLAGS)' antrea.io/antrea/cmd/antrea-cni

.PHONY: antctl-instr-binary
antctl-instr-binary:
@mkdir -p $(BINDIR)
GOOS=linux $(GO) test -tags testbincover -covermode count -coverpkg=antrea.io/antrea/pkg/... -c -o $(BINDIR)/antctl-coverage $(GOFLAGS) -ldflags '$(LDFLAGS)' antrea.io/antrea/cmd/antctl

# diable cgo for antrea-cni and antrea-agent: antrea-cni is meant to be
# installed on the host and the antrea-agent is run as a process on Windows.
.PHONY: windows-bin
windows-bin:
@mkdir -p $(BINDIR)
GOOS=windows CGO_ENABLED=0 $(GO) build -o $(BINDIR) $(GOFLAGS) -ldflags '$(LDFLAGS)' antrea.io/antrea/cmd/antrea-cni antrea.io/antrea/cmd/antrea-agent antrea.io/antrea/cmd/antctl
GOOS=windows $(GO) build -o $(BINDIR) $(GOFLAGS) -ldflags '$(LDFLAGS)' antrea.io/antrea/cmd/antrea-cni antrea.io/antrea/cmd/antrea-agent antrea.io/antrea/cmd/antctl

.PHONY: flow-aggregator
flow-aggregator:
Expand Down Expand Up @@ -234,7 +236,7 @@ antctl: $(ANTCTL_BINARIES)

.PHONY: antctl-release
antctl-release:
@CGO_ENABLED=0 $(GO) build -o $(BINDIR)/$(ANTCTL_BINARY_NAME) $(GOFLAGS) -ldflags '-s -w $(LDFLAGS)' antrea.io/antrea/cmd/antctl
$(GO) build -o $(BINDIR)/$(ANTCTL_BINARY_NAME) $(GOFLAGS) -ldflags '-s -w $(LDFLAGS)' antrea.io/antrea/cmd/antctl

.PHONY: check-copyright
check-copyright:
Expand All @@ -244,19 +246,21 @@ check-copyright:
add-copyright:
@GO=$(GO) $(CURDIR)/hack/add-license.sh --add

# Cgo is required to run the race detector.

.PHONY: .linux-test-unit
.linux-test-unit: .coverage
@echo
@echo "==> Running unit tests <=="
$(GO) test -race -coverpkg=antrea.io/antrea/cmd/...,antrea.io/antrea/pkg/...,antrea.io/antrea/multicluster/cmd/...,antrea.io/antrea/multicluster/controllers/... \
CGO_ENABLED=1 $(GO) test -race -coverpkg=antrea.io/antrea/cmd/...,antrea.io/antrea/pkg/...,antrea.io/antrea/multicluster/cmd/...,antrea.io/antrea/multicluster/controllers/... \
-coverprofile=.coverage/coverage-unit.txt -covermode=atomic \
antrea.io/antrea/cmd/... antrea.io/antrea/pkg/... antrea.io/antrea/multicluster/cmd/... antrea.io/antrea/multicluster/controllers/...

.PHONY: .windows-test-unit
.windows-test-unit: .coverage
@echo
@echo "==> Running unit tests <=="
$(GO) test -race -coverpkg=antrea.io/antrea/cmd/...,antrea.io/antrea/pkg/... \
CGO_ENABLED=1 $(GO) test -race -coverpkg=antrea.io/antrea/cmd/...,antrea.io/antrea/pkg/... \
-coverprofile=.coverage/coverage-unit.txt -covermode=atomic \
antrea.io/antrea/cmd/... antrea.io/antrea/pkg/...

Expand Down
7 changes: 2 additions & 5 deletions build/images/Dockerfile.build.agent.coverage
Original file line number Diff line number Diff line change
Expand Up @@ -24,12 +24,9 @@ RUN go mod download

COPY . /antrea

RUN make antctl-linux antctl-instr-binary && mv bin/antctl-linux bin/antctl

RUN make antrea-agent antrea-cni antrea-agent-instr-binary
# Disable CGO for antctl in case it is copied outside of the container image. It
# also reduces the size of the binary and aligns with how we distribute antctl
# in release assets.
RUN CGO_ENABLED=0 make antctl-linux antctl-instr-binary
RUN mv bin/antctl-linux bin/antctl

FROM antrea/base-ubuntu:${BUILD_TAG}

Expand Down
8 changes: 3 additions & 5 deletions build/images/Dockerfile.build.agent.ubi
Original file line number Diff line number Diff line change
Expand Up @@ -48,13 +48,11 @@ COPY . /antrea

RUN --mount=type=cache,target=/go/pkg/mod/ \
--mount=type=cache,target=/root/.cache/go-build/ \
make antrea-agent antrea-cni
# Disable CGO for antctl in case it is copied outside of the container image. It
# also reduces the size of the binary and aligns with how we distribute antctl
# in release assets.
make antctl-linux && mv bin/antctl-linux bin/antctl

RUN --mount=type=cache,target=/go/pkg/mod/ \
--mount=type=cache,target=/root/.cache/go-build/ \
CGO_ENABLED=0 make antctl-linux && mv bin/antctl-linux bin/antctl
make antrea-agent antrea-cni

FROM antrea/base-ubi:${BUILD_TAG}

Expand Down
8 changes: 3 additions & 5 deletions build/images/Dockerfile.build.agent.ubuntu
Original file line number Diff line number Diff line change
Expand Up @@ -27,13 +27,11 @@ COPY . /antrea

RUN --mount=type=cache,target=/go/pkg/mod/ \
--mount=type=cache,target=/root/.cache/go-build/ \
make antrea-agent antrea-cni
# Disable CGO for antctl in case it is copied outside of the container image. It
# also reduces the size of the binary and aligns with how we distribute antctl
# in release assets.
make antctl-linux && mv bin/antctl-linux bin/antctl

RUN --mount=type=cache,target=/go/pkg/mod/ \
--mount=type=cache,target=/root/.cache/go-build/ \
CGO_ENABLED=0 make antctl-linux && mv bin/antctl-linux bin/antctl
make antrea-agent antrea-cni

FROM antrea/base-ubuntu:${BUILD_TAG}

Expand Down
7 changes: 2 additions & 5 deletions build/images/Dockerfile.build.controller.coverage
Original file line number Diff line number Diff line change
Expand Up @@ -24,12 +24,9 @@ RUN go mod download

COPY . /antrea

RUN make antctl-linux antctl-instr-binary && mv bin/antctl-linux bin/antctl

RUN make antrea-controller antrea-controller-instr-binary
# Disable CGO for antctl in case it is copied outside of the container image. It
# also reduces the size of the binary and aligns with how we distribute antctl
# in release assets.
RUN CGO_ENABLED=0 make antctl-linux antctl-instr-binary
RUN mv bin/antctl-linux bin/antctl

FROM ubuntu:22.04

Expand Down
8 changes: 3 additions & 5 deletions build/images/Dockerfile.build.controller.ubi
Original file line number Diff line number Diff line change
Expand Up @@ -48,13 +48,11 @@ COPY . /antrea

RUN --mount=type=cache,target=/go/pkg/mod/ \
--mount=type=cache,target=/root/.cache/go-build/ \
make antrea-controller
# Disable CGO for antctl in case it is copied outside of the container image. It
# also reduces the size of the binary and aligns with how we distribute antctl
# in release assets.
make antctl-linux && mv bin/antctl-linux bin/antctl

RUN --mount=type=cache,target=/go/pkg/mod/ \
--mount=type=cache,target=/root/.cache/go-build/ \
CGO_ENABLED=0 make antctl-linux && mv bin/antctl-linux bin/antctl
make antrea-controller

FROM ubuntu:22.04

Expand Down
8 changes: 3 additions & 5 deletions build/images/Dockerfile.build.controller.ubuntu
Original file line number Diff line number Diff line change
Expand Up @@ -27,13 +27,11 @@ COPY . /antrea

RUN --mount=type=cache,target=/go/pkg/mod/ \
--mount=type=cache,target=/root/.cache/go-build/ \
make antrea-controller
# Disable CGO for antctl in case it is copied outside of the container image. It
# also reduces the size of the binary and aligns with how we distribute antctl
# in release assets.
make antctl-linux && mv bin/antctl-linux bin/antctl

RUN --mount=type=cache,target=/go/pkg/mod/ \
--mount=type=cache,target=/root/.cache/go-build/ \
CGO_ENABLED=0 make antctl-linux && mv bin/antctl-linux bin/antctl
make antrea-controller

FROM ubuntu:22.04

Expand Down
15 changes: 9 additions & 6 deletions build/images/Dockerfile.build.coverage
Original file line number Diff line number Diff line change
Expand Up @@ -24,12 +24,15 @@ RUN go mod download

COPY . /antrea

RUN make antrea-agent antrea-controller antrea-cni antrea-controller-instr-binary antrea-agent-instr-binary
# Disable CGO for antctl in case it is copied outside of the container image. It
# also reduces the size of the binary and aligns with how we distribute antctl
# in release assets.
RUN CGO_ENABLED=0 make antctl-linux antctl-instr-binary
RUN mv bin/antctl-linux bin/antctl
# Build antctl first in order to share an extra layer with
# build/images/Dockerfile.build.agent.coverage and build/images/Dockerfile.build.controller.coverage.
RUN make antctl-linux antctl-instr-binary && mv bin/antctl-linux bin/antctl

# Then build antrea-agent and antrea-cni, in order to share an extra layer with
# build/images/Dockerfile.build.agent.coverage.
RUN make antrea-agent antrea-cni antrea-agent-instr-binary

RUN make antrea-controller antrea-controller-instr-binary

FROM antrea/base-ubuntu:${BUILD_TAG}

Expand Down
41 changes: 13 additions & 28 deletions build/images/Dockerfile.build.ubi
Original file line number Diff line number Diff line change
Expand Up @@ -12,30 +12,9 @@
# See the License for the specific language governing permissions and
# limitations under the License.

ARG BUILD_TAG
FROM registry.access.redhat.com/ubi8 as antrea-build

ADD https://go.dev/dl/?mode=json&include=all go-versions.json

RUN yum install ca-certificates gcc git jq make wget -y

ARG GO_VERSION

# GO_VERSION is a Go minor version, we use the downloaded go-versions.json file
# to identify and install the latest patch release for this minor version.
RUN set -eux; \
arch="$(uname -m)"; \
case "${arch##*-}" in \
x86_64) goArch='amd64' ;; \
arm) goArch='armv6l' ;; \
aarch64) goArch='arm64' ;; \
*) goArch=''; echo >&2; echo >&2 "unsupported architecture '$arch'"; echo >&2 ; exit 1 ;; \
esac; \
GO_ARCHIVE=$(jq --arg version_prefix "go${GO_VERSION}." --arg arch "$goArch" -r '. | map(select(. | .version | startswith($version_prefix))) | first | .files[] | select(.os == "linux" and .arch == $arch and .kind == "archive").filename' go-versions.json); \
wget -q -O - https://go.dev/dl/${GO_ARCHIVE} | tar xz -C /usr/local/

# Using ENV makes the change persistent, but this is just a builder image.
ENV PATH /usr/local/go/bin:$PATH
ARG BUILD_TAG
FROM golang:${GO_VERSION} as antrea-build

WORKDIR /antrea

Expand All @@ -46,15 +25,21 @@ RUN --mount=type=cache,target=/go/pkg/mod/ \

COPY . /antrea

# Build antctl first in order to share an extra layer with
# build/images/Dockerfile.build.agent.ubi and build/images/Dockerfile.build.controller.ubi.
RUN --mount=type=cache,target=/go/pkg/mod/ \
--mount=type=cache,target=/root/.cache/go-build/ \
make antrea-agent antrea-controller antrea-cni
# Disable CGO for antctl in case it is copied outside of the container image. It
# also reduces the size of the binary and aligns with how we distribute antctl
# in release assets.
make antctl-linux && mv bin/antctl-linux bin/antctl

# Then build antrea-agent and antrea-cni, in order to share an extra layer with
# build/images/Dockerfile.build.agent.ubi.
RUN --mount=type=cache,target=/go/pkg/mod/ \
--mount=type=cache,target=/root/.cache/go-build/ \
make antrea-agent antrea-cni

RUN --mount=type=cache,target=/go/pkg/mod/ \
--mount=type=cache,target=/root/.cache/go-build/ \
CGO_ENABLED=0 make antctl-linux && mv bin/antctl-linux bin/antctl
make antrea-controller

FROM antrea/base-ubi:${BUILD_TAG}

Expand Down
16 changes: 11 additions & 5 deletions build/images/Dockerfile.build.ubuntu
Original file line number Diff line number Diff line change
Expand Up @@ -25,15 +25,21 @@ RUN --mount=type=cache,target=/go/pkg/mod/ \

COPY . /antrea

# Build antctl first in order to share an extra layer with
# build/images/Dockerfile.build.agent.ubuntu and build/images/Dockerfile.build.controller.ubuntu.
RUN --mount=type=cache,target=/go/pkg/mod/ \
--mount=type=cache,target=/root/.cache/go-build/ \
make antrea-agent antrea-controller antrea-cni
# Disable CGO for antctl in case it is copied outside of the container image. It
# also reduces the size of the binary and aligns with how we distribute antctl
# in release assets.
make antctl-linux && mv bin/antctl-linux bin/antctl

# Then build antrea-agent and antrea-cni, in order to share an extra layer with
# build/images/Dockerfile.build.agent.ubuntu.
RUN --mount=type=cache,target=/go/pkg/mod/ \
--mount=type=cache,target=/root/.cache/go-build/ \
make antrea-agent antrea-cni

RUN --mount=type=cache,target=/go/pkg/mod/ \
--mount=type=cache,target=/root/.cache/go-build/ \
CGO_ENABLED=0 make antctl-linux && mv bin/antctl-linux bin/antctl
make antrea-controller

FROM antrea/base-ubuntu:${BUILD_TAG}

Expand Down
5 changes: 3 additions & 2 deletions hack/release/prepare-assets.sh
Original file line number Diff line number Diff line change
Expand Up @@ -49,6 +49,9 @@ pushd $THIS_DIR/../.. > /dev/null
mkdir -p "$1"
OUTPUT_DIR=$(cd "$1" && pwd)

# Cgo should always be disabled for release assets.
export CGO_ENABLED=0

ANTREA_BUILDS=(
"linux amd64 linux-x86_64"
"linux arm64 linux-arm64"
Expand All @@ -63,8 +66,6 @@ for build in "${ANTREA_BUILDS[@]}"; do
arch="${args[1]}"
suffix="${args[2]}"

# all "*-release" targets disable cgo, which is appropriate when
# distributing release assets, for portability.
GOOS=$os GOARCH=$arch ANTCTL_BINARY_NAME="antctl-$suffix" BINDIR="$OUTPUT_DIR" make antctl-release
done

Expand Down
4 changes: 2 additions & 2 deletions test/e2e/vmagent_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -216,9 +216,9 @@ func testExternalNodeSupportBundleCollection(t *testing.T, data *TestData, vmLis
require.NoError(t, err)
var expectedInfoEntries []string
if vm.osType == linuxOS {
expectedInfoEntries = []string{"address", "addressgroups", "agentinfo", "appliedtogroups", "flows", "iptables", "link", "logs", "memprofile", "networkpolicies", "ovsports", "route"}
expectedInfoEntries = []string{"address", "addressgroups", "agentinfo", "appliedtogroups", "flows", "goroutinestacks", "iptables", "link", "logs", "memprofile", "networkpolicies", "ovsports", "route"}
} else if vm.osType == windowsOS {
expectedInfoEntries = []string{"addressgroups", "agentinfo", "appliedtogroups", "flows", "ipconfig", "logs\\ovs\\ovs-vswitchd.log", "logs\\ovs\\ovsdb-server.log", "memprofile", "network-adapters", "networkpolicies", "ovsports", "routes"}
expectedInfoEntries = []string{"addressgroups", "agentinfo", "appliedtogroups", "flows", "goroutinestacks", "ipconfig", "logs\\ovs\\ovs-vswitchd.log", "logs\\ovs\\ovsdb-server.log", "memprofile", "network-adapters", "networkpolicies", "ovsports", "routes"}
}
actualExpectedInfoEntries := strings.Split(strings.Trim(stdout, "\n"), "\n")
t.Logf("Actual files after extracting SupportBundleCollection tarball %s_%s: %v", vm.nodeName, bundleName, actualExpectedInfoEntries)
Expand Down
Loading