Use the docker.io registry for "latest" antrea images

[antoninbas]

It has been observed that pulling
projects.registry.vmware.com/antrea/antrea-ubuntu:latest will often fail. This is because the Harbor registry uses a CDN for caching, which doesn't work well at all when tags are being re-used (in our case, we re-use the latest tag all the time). While most users should be installing a released version of antrea (with an immutable tag) and thus should not suffer from this issue, it can be frustrating for users who want to install the latest antrea built from the main branch.

As a result, we switch to the docker.io registry whenever the latest tag is used, and in particular for checked-in manifest files. The Harbor registry (projects.registry.vmware.com) is still used for all release assets, and more generally for all images with an immutable tag.

We are able to simplify some infrastructure code because of that, as built images no longer need to be tagged with
projects.registry.vmware.com.

[codecov]

Codecov Report

Merging #4235 (be38393) into main (4caa8c1) will decrease coverage by 1.28%.
The diff coverage is n/a.

@@            Coverage Diff             @@
##             main    #4235      +/-   ##
==========================================
- Coverage   64.29%   63.00%   -1.29%     
==========================================
  Files         361      396      +35     
  Lines       52203    54859    +2656     
==========================================
+ Hits        33563    34564    +1001     
- Misses      16186    17792    +1606     
- Partials     2454     2503      +49     

Flag	Coverage Δ
e2e-tests	41.29% <ø> (?)
integration-tests	34.91% <ø> (+0.08%)	⬆️
kind-e2e-tests	47.83% <ø> (-0.73%)	⬇️
unit-tests	43.81% <ø> (-1.20%)	⬇️

Impacted Files	Coverage Δ
pkg/agent/cniserver/ipam/ipam_service.go	76.40% <0.00%> (-12.36%)	⬇️
pkg/agent/controller/trafficcontrol/controller.go	77.52% <0.00%> (-5.98%)	⬇️
pkg/ovs/openflow/ofctrl_builder.go	77.06% <0.00%> (-3.61%)	⬇️
pkg/agent/memberlist/cluster.go	72.29% <0.00%> (-3.19%)	⬇️
pkg/util/k8s/node.go	86.36% <0.00%> (-1.82%)	⬇️
...gent/controller/networkpolicy/status_controller.go	79.83% <0.00%> (-1.69%)	⬇️
pkg/agent/flowexporter/exporter/exporter.go	80.44% <0.00%> (-1.24%)	⬇️
pkg/agent/util/net_linux.go	32.25% <0.00%> (-1.21%)	⬇️
pkg/agent/controller/networkpolicy/reconciler.go	70.27% <0.00%> (-1.14%)	⬇️
...g/agent/cniserver/interface_configuration_linux.go	26.45% <0.00%> (-0.98%)	⬇️
... and 79 more

[XinShuYang]

/test-all
/test-windows-all

[luolanzone]

The default registry is DOCKER_REGISTRY=$(head -n1 "${WORKSPACE}/ci/docker-registry"), there are quite a few scripts are using this default registry to build images. I feel you may need to double check it.
Another usage I see is DOCKER_REGISTRY="projects.registry.vmware.com".

[antoninbas]

could you clarify your concern? Tagged images, and in particular images used for testing (e.g., nginx) or tagged base images (e.g. antrea/openvswitch) should still be pulled from projects.registry.vmware.com. The Jenkins test scripts build the antrea image (antrea/antrea-ubuntu:latest) as part of the test (image is not pulled) and there is no reason to tag it with the registry (projects.registry.vmware.com/antrea/antrea-ubuntu:latest) any more.

[luolanzone]

I mean there are some images' prefix is ${DOCKER_REGISTRY} instead of projects.registry.vmware.com directly. E.g: https://github.com/antrea-io/antrea/blob/main/ci/jenkins/test-mc.sh#L268-L273.

[antoninbas]

Thanks. As far as I can tell, only test-mc.sh needs to be updated.

[antoninbas]

/test-multicluster-e2e

[antoninbas]

/test-all
/test-multicluster-e2e

[antoninbas]

/test-all

[XinShuYang]

/test-all
/test-multicluster-e2e

[tnqn]

LGTM

[antoninbas]

@XinShuYang the tests are still not running, I'll try again

[antoninbas]

/test-all
/test-multicluster-e2e

[XinShuYang]

/test-windows-all
/test-ipv6-e2e
/test-ipv6-only-e2e

[XinShuYang]

LGTM

[antoninbas]

/test-e2e

[antoninbas]

@luolanzone any further comment?

[luolanzone]

LGTM, thanks.