Keep all binaries in a single container (#244)

Until now, each binary was kept in its own container image. That is expensive on resource and also introduces non-negligible maintenance cost. All these containers are always deployed under a single DaemonSet and they only serve to deliver basic binaries, thus there is no reason to keep them split. With this patch, all four container images get merged into one. Signed-off-by: Petr Horáček <[email protected]> Signed-off-by: Petr Horáček <[email protected]>
k8snetworkplumbingwg · Sep 27, 2022 · a8fd7ed · a8fd7ed
1 parent 2bebb80
commit a8fd7ed
Show file tree

Hide file tree

Showing 13 changed files with 47 additions and 106 deletions.
diff --git a/.gitignore b/.gitignore
@@ -1,17 +1,14 @@
 # built binaries
-cmd/marker/marker
-cmd/plugin/plugin
-cmd/mirror/consumer/consumer
-cmd/mirror/producer/producer
+cmd/marker
+cmd/plugin
+cmd/mirror-consumer
+cmd/mirror-producer
 
 # Temporary build files
 build/_output
 
 # used in build
-cmd/marker/.version
-cmd/plugin/.version
-cmd/mirror/consumer/.version
-cmd/mirror/producer/.version
+cmd/.version
 
 # local cluster
 _kubevirtci/

diff --git a/Makefile b/Makefile
@@ -46,8 +46,8 @@ lint: | $(GO) $(BASE) $(GOLINT) ; $(info  running golint...) @ ## Run golint
 	 done ; exit $$ret
 
 build-%: $(GO)
-	hack/version.sh > ./cmd/$(subst -,/,$*)/.version
-	cd cmd/$(subst -,/,$*) && $(GO) fmt && $(GO) vet && GOOS=linux GOARCH=amd64 CGO_ENABLED=0 GO111MODULE=on $(GO) build -tags no_openssl -mod vendor
+	hack/version.sh > ./cmd/.version
+	cd cmd/$* && $(GO) fmt && $(GO) vet && GOOS=linux GOARCH=amd64 CGO_ENABLED=0 GO111MODULE=on $(GO) build -tags no_openssl -mod vendor
 
 format: $(GO)
 	$(GO) fmt ./pkg/... ./cmd/...
@@ -75,17 +75,13 @@ test-%: $(GO) build-host-local-plugin
 functest: $(GO)
 	GO=$(GO) hack/functests.sh
 
-docker-build: $(patsubst %, docker-build-%, $(COMPONENTS))
+docker-build:
+	$(OCI_BIN) build -t ${REGISTRY}/ovs-cni-plugin:${IMAGE_TAG} ./cmd
 
-docker-build-%: build-%
-	$(OCI_BIN) build -t ${REGISTRY}/ovs-cni-$*:${IMAGE_TAG} ./cmd/$(subst -,/,$*)
-
-docker-push: $(patsubst %, docker-push-%, $(COMPONENTS))
-
-docker-push-%:
-	$(OCI_BIN) push ${TLS_SETTING} ${REGISTRY}/ovs-cni-$*:${IMAGE_TAG}
-	$(OCI_BIN) tag ${REGISTRY}/ovs-cni-$*:${IMAGE_TAG} ${REGISTRY}/ovs-cni-$*:${IMAGE_GIT_TAG}
-	$(OCI_BIN) push ${TLS_SETTING} ${REGISTRY}/ovs-cni-$*:${IMAGE_GIT_TAG}
+docker-push:
+	$(OCI_BIN) push ${TLS_SETTING} ${REGISTRY}/ovs-cni-plugin:${IMAGE_TAG}
+	$(OCI_BIN) tag ${REGISTRY}/ovs-cni-plugin:${IMAGE_TAG} ${REGISTRY}/ovs-cni-plugin:${IMAGE_GIT_TAG}
+	$(OCI_BIN) push ${TLS_SETTING} ${REGISTRY}/ovs-cni-plugin:${IMAGE_GIT_TAG}
 
 dep: $(GO)
 	$(GO) mod tidy

diff --git a/cmd/Dockerfile b/cmd/Dockerfile
@@ -0,0 +1,7 @@
+FROM registry.access.redhat.com/ubi8/ubi-minimal
+RUN microdnf install findutils
+COPY marker/marker /marker
+COPY plugin/plugin /ovs
+COPY mirror-consumer/mirror-consumer /ovs-mirror-consumer
+COPY mirror-producer/mirror-producer /ovs-mirror-producer
+COPY .version /.version
diff --git a/cmd/marker/.version b/cmd/marker/.version
diff --git a/cmd/marker/Dockerfile b/cmd/marker/Dockerfile
diff --git a/cmd/mirror/consumer/main.go → cmd/mirror-consumer/main.go b/cmd/mirror/consumer/main.go → cmd/mirror-consumer/main.go
diff --git a/cmd/mirror/producer/main.go → cmd/mirror-producer/main.go b/cmd/mirror/producer/main.go → cmd/mirror-producer/main.go
diff --git a/cmd/mirror/consumer/Dockerfile b/cmd/mirror/consumer/Dockerfile
diff --git a/cmd/mirror/producer/Dockerfile b/cmd/mirror/producer/Dockerfile
diff --git a/cmd/plugin/Dockerfile b/cmd/plugin/Dockerfile
diff --git a/examples/ovs-cni.yml b/examples/ovs-cni.yml
@@ -34,33 +34,13 @@ spec:
       initContainers:
       - name: ovs-cni-plugin
         image: quay.io/kubevirt/ovs-cni-plugin:latest
-        command: ['cp', '/ovs', '/host/opt/cni/bin/ovs']
-        imagePullPolicy: IfNotPresent
-        securityContext:
-          privileged: true
-        resources:
-          requests:
-            cpu: "10m"
-            memory: "15Mi"
-        volumeMounts:
-        - name: cnibin
-          mountPath: /host/opt/cni/bin
-      - name: ovs-mirror-producer
-        image: quay.io/kubevirt/ovs-cni-mirror-producer:latest
-        command: ['cp', '/ovs-mirror-producer', '/host/opt/cni/bin/ovs-mirror-producer']
-        imagePullPolicy: IfNotPresent
-        securityContext:
-          privileged: true
-        resources:
-          requests:
-            cpu: "10m"
-            memory: "15Mi"
-        volumeMounts:
-        - name: cnibin
-          mountPath: /host/opt/cni/bin
-      - name: ovs-mirror-consumer
-        image: quay.io/kubevirt/ovs-cni-mirror-consumer:latest
-        command: ['cp', '/ovs-mirror-consumer', '/host/opt/cni/bin/ovs-mirror-consumer']
+        command: ["/bin/sh","-c"]
+        args:
+        args:
+          - >
+            cp /ovs /host/opt/cni/bin/ovs &&
+            cp /ovs-mirror-producer /host/opt/cni/bin/ovs-mirror-producer &&
+            cp /ovs-mirror-consumer /host/opt/cni/bin/ovs-mirror-consumer
         imagePullPolicy: IfNotPresent
         securityContext:
           privileged: true
@@ -74,11 +54,16 @@ spec:
       priorityClassName: system-node-critical
       containers:
       - name: ovs-cni-marker
-        image: quay.io/kubevirt/ovs-cni-marker:latest
+        image: quay.io/kubevirt/ovs-cni-plugin:latest
         imagePullPolicy: IfNotPresent
         securityContext:
           privileged: true
+        command:
+          - /marker
         args:
+          - -v
+          - "3"
+          - -logtostderr
           - -node-name
           - $(NODE_NAME)
           - -ovs-socket

diff --git a/hack/build-manifests.sh b/hack/build-manifests.sh
@@ -23,23 +23,8 @@ export OVS_CNI_PLUGIN_IMAGE_NAME=${OVS_CNI_PLUGIN_IMAGE_NAME:-ovs-cni-plugin}
 export OVS_CNI_PLUGIN_IMAGE_VERSION=${OVS_CNI_PLUGIN_IMAGE_VERSION:-latest}
 export OVS_CNI_PLUGIN_IMAGE_PULL_POLICY=${OVS_CNI_PLUGIN_IMAGE_PULL_POLICY:-IfNotPresent}
 export CNI_MOUNT_PATH=${CNI_MOUNT_PATH:-/opt/cni/bin}
-
-export OVS_CNI_MARKER_IMAGE_REPO=${OVS_CNI_MARKER_IMAGE_REPO:-quay.io/kubevirt}
-export OVS_CNI_MARKER_IMAGE_NAME=${OVS_CNI_MARKER_IMAGE_NAME:-ovs-cni-marker}
-export OVS_CNI_MARKER_IMAGE_VERSION=${OVS_CNI_MARKER_IMAGE_VERSION:-latest}
-export OVS_CNI_MARKER_IMAGE_PULL_POLICY=${OVS_CNI_MARKER_IMAGE_PULL_POLICY:-IfNotPresent}
 export OVS_CNI_MARKER_HEALTHCHECK_INTERVAL=${OVS_CNI_MARKER_HEALTHCHECK_INTERVAL:-60}
 
-export OVS_CNI_MIRROR_PRODUCER_IMAGE_REPO=${OVS_CNI_MIRROR_PRODUCER_IMAGE_REPO:-quay.io/kubevirt}
-export OVS_CNI_MIRROR_PRODUCER_IMAGE_NAME=${OVS_CNI_MIRROR_PRODUCER_IMAGE_NAME:-ovs-cni-mirror-producer}
-export OVS_CNI_MIRROR_PRODUCER_IMAGE_VERSION=${OVS_CNI_MIRROR_PRODUCER_IMAGE_VERSION:-latest}
-export OVS_CNI_MIRROR_PRODUCER_IMAGE_PULL_POLICY=${OVS_CNI_MIRROR_PRODUCER_IMAGE_PULL_POLICY:-IfNotPresent}
-
-export OVS_CNI_MIRROR_CONSUMER_IMAGE_REPO=${OVS_CNI_MIRROR_CONSUMER_IMAGE_REPO:-quay.io/kubevirt}
-export OVS_CNI_MIRROR_CONSUMER_IMAGE_NAME=${OVS_CNI_MIRROR_CONSUMER_IMAGE_NAME:-ovs-cni-mirror-consumer}
-export OVS_CNI_MIRROR_CONSUMER_IMAGE_VERSION=${OVS_CNI_MIRROR_CONSUMER_IMAGE_VERSION:-latest}
-export OVS_CNI_MIRROR_CONSUMER_IMAGE_PULL_POLICY=${OVS_CNI_MIRROR_CONSUMER_IMAGE_PULL_POLICY:-IfNotPresent}
-
 for template in manifests/*.in; do
     name=$(basename ${template%.in})
     envsubst < ${template} > examples/${name}

diff --git a/manifests/ovs-cni.yml.in b/manifests/ovs-cni.yml.in
@@ -34,7 +34,13 @@ spec:
       initContainers:
       - name: ovs-cni-plugin
         image: ${OVS_CNI_PLUGIN_IMAGE_REPO}/${OVS_CNI_PLUGIN_IMAGE_NAME}:${OVS_CNI_PLUGIN_IMAGE_VERSION}
-        command: ['cp', '/ovs', '/host${CNI_MOUNT_PATH}/ovs']
+        command: ["/bin/sh","-c"]
+        args:
+        args:
+          - >
+            cp /ovs /host${CNI_MOUNT_PATH}/ovs &&
+            cp /ovs-mirror-producer /host${CNI_MOUNT_PATH}/ovs-mirror-producer &&
+            cp /ovs-mirror-consumer /host${CNI_MOUNT_PATH}/ovs-mirror-consumer
         imagePullPolicy: ${OVS_CNI_PLUGIN_IMAGE_PULL_POLICY}
         securityContext:
           privileged: true
@@ -45,40 +51,19 @@ spec:
         volumeMounts:
         - name: cnibin
           mountPath: /host${CNI_MOUNT_PATH}
-      - name: ovs-mirror-producer
-        image: ${OVS_CNI_MIRROR_PRODUCER_IMAGE_REPO}/${OVS_CNI_MIRROR_PRODUCER_IMAGE_NAME}:${OVS_CNI_MIRROR_PRODUCER_IMAGE_VERSION}
-        command: ['cp', '/ovs-mirror-producer', '/host${CNI_MOUNT_PATH}/ovs-mirror-producer']
-        imagePullPolicy: ${OVS_CNI_MIRROR_PRODUCER_IMAGE_PULL_POLICY}
-        securityContext:
-          privileged: true
-        resources:
-          requests:
-            cpu: "10m"
-            memory: "15Mi"
-        volumeMounts:
-        - name: cnibin
-          mountPath: /host${CNI_MOUNT_PATH}
-      - name: ovs-mirror-consumer
-        image: ${OVS_CNI_MIRROR_CONSUMER_IMAGE_REPO}/${OVS_CNI_MIRROR_CONSUMER_IMAGE_NAME}:${OVS_CNI_MIRROR_CONSUMER_IMAGE_VERSION}
-        command: ['cp', '/ovs-mirror-consumer', '/host${CNI_MOUNT_PATH}/ovs-mirror-consumer']
-        imagePullPolicy: ${OVS_CNI_MIRROR_CONSUMER_IMAGE_PULL_POLICY}
-        securityContext:
-          privileged: true
-        resources:
-          requests:
-            cpu: "10m"
-            memory: "15Mi"
-        volumeMounts:
-        - name: cnibin
-          mountPath: /host${CNI_MOUNT_PATH}
       priorityClassName: system-node-critical
       containers:
       - name: ovs-cni-marker
-        image: ${OVS_CNI_MARKER_IMAGE_REPO}/${OVS_CNI_MARKER_IMAGE_NAME}:${OVS_CNI_MARKER_IMAGE_VERSION}
-        imagePullPolicy: ${OVS_CNI_MARKER_IMAGE_PULL_POLICY}
+        image: ${OVS_CNI_PLUGIN_IMAGE_REPO}/${OVS_CNI_PLUGIN_IMAGE_NAME}:${OVS_CNI_PLUGIN_IMAGE_VERSION}
+        imagePullPolicy: ${OVS_CNI_PLUGIN_IMAGE_PULL_POLICY}
         securityContext:
           privileged: true
+        command:
+          - /marker
         args:
+          - -v
+          - "3"
+          - -logtostderr
           - -node-name
           - $(NODE_NAME)
           - -ovs-socket