antrea icon indicating copy to clipboard operation
antrea copied to clipboard

Published 20 hours ago verified publisher icon antrea-io

Use buildx and hpc image to build Antrea Windows images

Open wenyingd opened this issue 9 months ago • 12 comments

Describe the problem/challenge you have

As we already remove the support on Docker runtime on Windows since Antrea v2.0, we could assume that antrea-agent is running as a host process container on Windows Node using Containerd runtime ( we don't discuss the process mode here). Microsoft has provided a minimal base image whose size is 7.45KB to help build the host process container, which makes the container can run on any Windows host without dependency on the exact Window OS version. So we shall think about migrating our Antrea Windows image to leverage this feature.

The advantages include,

  1. The Antrea Windows image size can be reduced explicitly. The image size is ~260MB using hpc base according to my test, the container files includes antrea-agent.exe, antrea-cni.exe, antctl.exe, host-local.exe, and openvswitch. while the number is about 560MB using powershell:nanoserver-1809 (Server 2019), and 770MB using powershell:nanoserver-ltsc2022 (Server 2022)
  2. We don't need to bump up Antrea Agent image base after upgrading Windows host OS version in the future, as the image is independent from the OS versions.
  3. We can use buildx to build Windows image using a Linux env. Then we don't need to prepare additional Windows image building machine in CI setup, and we can share the build cache. All these can help reduce the build time.

The candidate changes include,

  1. We may need to modify Windows OVS preparations. In the existing code, we tried to install OVS dependent files in the middle layer then copy the required dll files to the final OVS images. If using hpc base image and use buildx to build on Linux machine, we can't run the Windows binary inside the container middle layer, so we may copy the files to final image, and run them on the Windows Node if necessary (e.g., vcredist, openssl)
  2. The delivered antrea-windows image can only be run as host-process container, which uses the Windows host file system and network to provide the capability. If we want to run the container in other ways, e.g., without dependency on the Windows host, we may need another docker file to copy the files from antrea-windows image to the corresponding image base according to the target Windows OS version, e.g., powershell-nanoserver or servercore.

Describe the solution you'd like

Using buildx and hpc base image to build Antrea Windows image.

Anything else you would like to add?

wenyingd avatar May 09 '24 06:05 wenyingd