[Windows] Use hpc base image and buildx to build Agent Windows image #6325
Conversation
wenyingd
force-pushed
the
issue_6311
branch
2 times, most recently
from
0171270
to
f442340
Compare
|
/test-windows-all |
|
/test-windows-e2e |
wenyingd
force-pushed
the
issue_6311
branch
2 times, most recently
from
6a539a9
to
928082a
Compare
|
/test-windows-e2e |
|
/test-windows-all |
luolanzone
added
the
area/OS/windows
|
/test-windows-all |
|
/test-windows-all |
|
/test-windows-all |
| RUN --mount=type=cache,target=/go/pkg/mod/ \ | ||
| --mount=type=bind,source=go.sum,target=go.sum \ | ||
| --mount=type=bind,source=go.mod,target=go.mod \ | ||
| go mod download | ||
|
|
||
| COPY . /antrea | ||
|
|
||
| RUN sh -c 'make windows-bin' | ||
|
|
||
| FROM antrea/windows-ovs:${WIN_BUILD_OVS_TAG} as windows-ovs | ||
|
|
||
| FROM mcr.microsoft.com/powershell:lts-nanoserver-${NANOSERVER_VERSION} | ||
| SHELL ["pwsh", "-NoLogo", "-Command", "$ErrorActionPreference = 'Stop'; $ProgressPreference = 'SilentlyContinue';"] | ||
|
|
||
| LABEL maintainer="Antrea <[email protected]>" | ||
| LABEL description="A Docker image to deploy the Antrea CNI." | ||
| RUN --mount=type=cache,target=/go/pkg/mod/ \ | ||
| --mount=type=cache,target=/root/.cache/go-build/ \ | ||
| make windows-bin |
There was a problem hiding this comment.
IMO, it is better to do the steps that are more likely to have changes last in the Dockerfile, for better caching.
Shouldn't we do this after installing the CNI plugin binaries?
There was a problem hiding this comment.
Good suggestion, I will update accordingly.
wenyingd
force-pushed
the
issue_6311
branch
3 times, most recently
from
169bd82
to
8697723
Compare
|
/test-windows-containerd-conformance |
|
/test-windows-all |
|
Windows CI tests have passed. |
|
/test-windows-all |
|
/test-windows-all |
|
|
||
| # Check if the VC redistributable is already installed. | ||
| $OVSRedistDir="$mountPath\openvswitch\redist" | ||
| if (Test-Path $OVSRedistDir) { |
There was a problem hiding this comment.
Why do we need that check (it feels like the directory is guaranteed to exist), and what should be the behavior if it doesn't exist (should we fail the initContainer instead)?.
There was a problem hiding this comment.
This is because when we are using Windows nanoserver as the base image, we didn't deliver the vc_runtime.exe in the images. Instead, we install it in the middle stage, and copy the extracted vcruntime.dll files into nanoserver path "C:\windows\system32", finally we add the container image's system path into environment Path. So when running containers based on the image, the dll (vcruntime.dll) are accessible. If we directly access the directory "openvswitch\redist" in the init-container, it may fail if somebody manually update image tag with the new manifest.
But for hpc based image, there is no system path like "c:\system\windows" exist in the container image, and we can't extract the dll files during the building stages because we can't run .exe file based on a Ubuntu iamge. So we have to copy the exe file into the container image, and install it in init-container stage to extract the dll files on the target Windows Node (host).
If the dll files doesn't exist on the target Windows Node, Windows OVS binary may fail to run.
There was a problem hiding this comment.
Adding a comment for the if (Test-Path $OVSRedistDir) check would be good, but you can do it in your next PR since you want to improve this logic anyway (as discussed in the other comment).
|
/test-windows-all |
1. Use Windows hpc as the base image to store Antrea binary and OVS files 2. Use doocker buildx to build Windows image on Linux base environment 3. Modify OVS init container to install redist files 4. Place openssl dll files into OVS binary directory instead of Windows system path 5. Remove original windows-base image, and download CNI file in agent image Using the hpc base image and buildx on a fresh env, the time to build Windows related images and push to remote registry is as follows, 1. windows-ovs: 31.6s 2. antrea-windows: 232s Signed-off-by: Wenying Dong <[email protected]>
|
/skip-all |
|
@antoninbas Can we move this change forward or we shall wait for another round of review? |
|
/test-windows-e2e |
|
|
||
| # Check if the VC redistributable is already installed. | ||
| $OVSRedistDir="$mountPath\openvswitch\redist" | ||
| if (Test-Path $OVSRedistDir) { |
There was a problem hiding this comment.
Adding a comment for the if (Test-Path $OVSRedistDir) check would be good, but you can do it in your next PR since you want to improve this logic anyway (as discussed in the other comment).
antoninbas
added
the
action/release-note
The changes in this patch include,
path
Using the hpc base image and buildx on a fresh env, the time to build Windows
related images and push to remote registry is as follows,
Fix #6311