move to a pluggable architecture

golang modules are not easy to work with as the modules need to match
the dependencies, creating a tightly coupling.

Since the feature set is not big and we just want to get a minimal
decoupling to be able to develop the new features in the Network Policy
Working Group withoutbreaking the existing consumers and user of the
project, we just create multiple binaries with the features required.
Unstable features will live under the plugins/ folder and moved once
they are stable and GA to the main binary.

Author: aojea

.github/workflows/e2e.yml

@@ -14,7 +14,6 @@ env:
   GO_VERSION: "1.24"
   K8S_VERSION: "v1.33.1"
   KIND_VERSION: "v0.29.0"
-  IMAGE_NAME: registry.k8s.io/networking/kube-network-policies
   KIND_CLUSTER_NAME: kind
 
 permissions: write-all
@@ -35,7 +34,7 @@ jobs:
 
     - name: Build
       run: |
-        docker build -t registry.k8s.io/networking/kube-network-policies:test -f Dockerfile .
+        REGISTRY="registry.k8s.io/networking" IMAGE_NAME="kube-network-policies" TAG="test" make image-build-standard
         mkdir _output
         docker save registry.k8s.io/networking/kube-network-policies:test  > _output/kube-network-policies-image.tar
 

.github/workflows/npa.yml

@@ -15,7 +15,6 @@ env:
   GO_VERSION: "1.24"
   K8S_VERSION: "v1.33.1"
   KIND_VERSION: "v0.29.0"
-  IMAGE_NAME: registry.k8s.io/networking/kube-network-policies
   KIND_CLUSTER_NAME: kind
 
 permissions: write-all
@@ -36,9 +35,9 @@ jobs:
 
     - name: Build
       run: |
-        docker build -t registry.k8s.io/networking/kube-network-policies:test -f Dockerfile .
+        REGISTRY="registry.k8s.io/networking" IMAGE_NAME="kube-network-policies" TAG="test" make image-build-npa-v1alpha1
         mkdir _output
-        docker save registry.k8s.io/networking/kube-network-policies:test  > _output/kube-network-policies-image.tar
+        docker save registry.k8s.io/networking/kube-network-policies:test-npa-v1alpha1 > _output/kube-network-policies-image.tar
 
     - uses: actions/upload-artifact@v4
       with:
@@ -115,8 +114,8 @@ jobs:
         /usr/local/bin/kubectl apply -f https://raw.githubusercontent.com/kubernetes-sigs/network-policy-api/main/config/crd/experimental/policy.networking.k8s.io_baselineadminnetworkpolicies.yaml
         # preload kube-network-policies image
         docker load --input kube-network-policies-image.tar
-        /usr/local/bin/kind load docker-image registry.k8s.io/networking/kube-network-policies:test --name ${{ env.KIND_CLUSTER_NAME}}
-        sed -i s#registry.k8s.io/networking/kube-network-policies.*#registry.k8s.io/networking/kube-network-policies:test# install-anp.yaml
+        /usr/local/bin/kind load docker-image registry.k8s.io/networking/kube-network-policies:test-npa-v1alpha1 --name ${{ env.KIND_CLUSTER_NAME}}
+        sed -i s#registry.k8s.io/networking/kube-network-policies.*#registry.k8s.io/networking/kube-network-policies:test-npa-v1alpha1# install-anp.yaml
         /usr/local/bin/kubectl apply -f ./install-anp.yaml
 
     - name: Get Cluster status

Dockerfile

@@ -1,18 +1,22 @@
-FROM --platform=$BUILDPLATFORM golang:1.24 AS builder
+# Use an ARG to select which build target to compile and use
+ARG TARGET_BUILD=standard
+ARG BINARY_NAME=kube-network-policies-${TARGET_BUILD}
 
+FROM --platform=$BUILDPLATFORM golang:1.24 AS builder
 WORKDIR /src
-
-COPY go.mod go.sum .
+COPY go.mod go.sum ./
 RUN go mod download
-
 COPY . .
 
-ARG TARGETOS TARGETARCH
-RUN CGO_ENABLED=0 GOOS=$TARGETOS GOARCH=$TARGETARCH \
-    go build -o /go/bin/netpol ./cmd
+# Build the specific binary based on the build argument
+ARG TARGET_BUILD
+RUN make build-${TARGET_BUILD}
 
-# STEP 2: Build small image
 FROM gcr.io/distroless/static-debian12
-COPY --from=builder --chown=root:root /go/bin/netpol /bin/netpol
 
-CMD ["/bin/netpol"]
+# Copy the correct, compiled binary and give it a generic name inside the container
+ARG BINARY_NAME
+COPY --from=builder /src/bin/${BINARY_NAME} /bin/netpol
+
+# The entrypoint is always the same, regardless of the build
+CMD ["/bin/netpol"]

Makefile

@@ -1,60 +1,84 @@
 REPO_ROOT:=${CURDIR}
 OUT_DIR=$(REPO_ROOT)/bin
-BINARY_NAME?=kube-network-policies
 
-# go1.9+ can autodetect GOROOT, but if some other tool sets it ...
-GOROOT:=
-# enable modules
+# Go build settings
 GO111MODULE=on
-# disable CGO by default for static binaries
 CGO_ENABLED=0
-export GOROOT GO111MODULE CGO_ENABLED
+export GO111MODULE CGO_ENABLED
 
+# Docker image settings
+IMAGE_NAME?=kube-network-policies
+REGISTRY?=gcr.io/k8s-staging-networking
+TAG?=$(shell echo "$$(date +v%Y%m%d)-$$(git describe --always --dirty)")
+PLATFORMS?=linux/amd64,linux/arm64
+
+.PHONY: all build build-standard build-npa-v1alpha1
+all: build
+build: build-standard build-npa-v1alpha1
+
+build-standard:
+	@echo "Building standard binary..."
+	go build -o ./bin/kube-network-policies-standard ./cmd/standard
 
-build:
-	go build -v -o "$(OUT_DIR)/$(BINARY_NAME)" $(KIND_CLOUD_BUILD_FLAGS) cmd/main.go
+build-npa-v1alpha1:
+	@echo "Building npa-v1alpha1 binary..."
+	go build -o ./bin/kube-network-policies-npa-v1alpha1 ./cmd/npa-v1alpha1
 
 clean:
 	rm -rf "$(OUT_DIR)/"
 
 test:
 	CGO_ENABLED=1 go test -v -race -count 1 ./...
 
-# code linters
 lint:
 	hack/lint.sh
 
 update:
 	go mod tidy
 
-# Generate Go code from the proto definition
 proto:
 	hack/generate-proto.sh
 
-# get image name from directory we're building
-IMAGE_NAME=kube-network-policies
-# docker image registry, default to upstream
-REGISTRY?=gcr.io/k8s-staging-networking
-# tag based on date-sha
-TAG?=$(shell echo "$$(date +v%Y%m%d)-$$(git describe --always --dirty)")
-# the full image tag
-KNP_IMAGE?=$(REGISTRY)/$(IMAGE_NAME):$(TAG)
-PLATFORMS?=linux/amd64,linux/arm64
-
 .PHONY: ensure-buildx
 ensure-buildx:
 	./hack/init-buildx.sh
-	
-image-build:
+
+# Individual image build targets (load into local docker)
+image-build-standard: build-standard
 	docker buildx build . \
-		--tag="${KNP_IMAGE}" \
+		--build-arg TARGET_BUILD=standard \
+		--tag="${REGISTRY}/$(IMAGE_NAME):$(TAG)" \
 		--load
 
-image-push:
+image-build-npa-v1alpha1: build-npa-v1alpha1
 	docker buildx build . \
+		--build-arg TARGET_BUILD=npa-v1alpha1 \
+		--tag="${REGISTRY}/$(IMAGE_NAME):$(TAG)-npa-v1alpha1" \
+		--load
+
+# Individual image push targets (multi-platform)
+image-push-standard: build-standard
+	docker buildx build . \
+		--build-arg TARGET_BUILD=standard \
+		--platform="${PLATFORMS}" \
+		--tag="${REGISTRY}/$(IMAGE_NAME):$(TAG)" \
+		--push
+
+image-push-npa-v1alpha1: build-npa-v1alpha1
+	docker buildx build . \
+		--build-arg TARGET_BUILD=npa-v1alpha1 \
 		--platform="${PLATFORMS}" \
-		--tag="${KNP_IMAGE}" \
+		--tag="${REGISTRY}/$(IMAGE_NAME):$(TAG)-npa-v1alpha1" \
 		--push
 
-.PHONY: release # Build a multi-arch docker image
-release: ensure-buildx image-push
+# --- Aggregate Targets ---
+.PHONY: images-build images-push release
+
+# Build all image variants and load them into the local Docker daemon
+images-build: ensure-buildx image-build-standard image-build-npa-v1alpha1
+
+# Build and push all multi-platform image variants to the registry
+images-push: ensure-buildx image-push-standard image-push-npa-v1alpha1
+
+# The main release target, which pushes all images
+release: images-push