Skip to content

Latest commit

 

History

History
298 lines (183 loc) · 13.4 KB

RELEASE.md

File metadata and controls

298 lines (183 loc) · 13.4 KB

RELEASE PROCESS

1. BUILD the new Ingress-Nginx-Controller image

a. Make changes in codebase

  • Make changes as per issue

b. Make changes to appropriate files in images directory

  • Make changes in /images

c. Create Pull Request

  • Open a Pull Request for your changes considering the following steps to fire cloudbuild of a new image for the Ingress-Nginx-Controller:

    • In case of rare CVE fix or other reason to rebuild the nginx-base-image itself, look at the /images directory NGINX Base Image.

    • Example NGINX_VERSION, SHA256.

    • If you are updating any component in build.sh please also update the SHA256 checksum of that component as well, the cloud build will fail with an exit 10 if not.

d. Merge

e. Make sure cloudbuild is a success

  • Wait for cloud build. If you don't have access to cloudbuild, you can also have a look at this, to see the progress of the build.

  • Proceed only after cloud-build is successful in building a new Ingress-Nginx-Controller image.

2. If applicable, BUILD other images

  • If applicable, then build a new image of any other related component, ONLY IF APPLICABLE TO THE RELEASE

a. If applicable then make changes in relevant codebase

  • Change code as per issue

b. Make changes to appropriate files in images directory

c. Create PR

  • Open pull request(s) accordingly, to fire cloudbuild for rebuilding the component's image (if applicable).

d. Merge

e. Make sure cloudbuild is a success

  • Wait for cloud build. If you don't have access to cloudbuild, you can also have a look at this, to see the progress of the build.

  • Proceed only after cloud-build is successful in building a new Ingress-Nginx-Controller image.

3. PROMOTE the Image(s):

Promoting the images basically means that images, that were pushed to staging container registry in the steps above, now are also pushed to the public container registry. Thus are publicly available. Follow these steps to promote images:

a. Get the sha

  • Get the sha of the new image(s) of the controller, (and any other component image IF APPLICABLE to release), from the cloudbuild, from steps above

    ...
    pushing manifest for gcr.io/k8s-staging-ingress-nginx/controller:v1.0.2@sha256:e15fac6e8474d77e1f017edc33d804ce72a184e3c0a30963b2a0d7f0b89f6b16
    ...
    

b. Add the new image to k8s.io

  • The sha(s) from the step before (and the tag(s) for the new image(s) have to be added, as a new line, in a file, of the k8s.io project of Kubernetes organization.

  • Fork that other project (if you don't have a fork already).

  • Other project to fork Github repo kubernetes/k8s.io

  • Fetch --all and rebase to upstream if already forked.

  • Create a branch in your fork, named as the issue number for this release

  • In the related branch, of your fork, edit the file /k8s.gcr.io/images/k8s-staging-ingress-nginx/images.yaml.

  • For making it easier, you can edit your branch directly in the browser. But be careful about making any mistake.

  • Insert the sha(s) & the tag(s), in a new line, in this file Project kubernetes/k8s.io Ingress-Nginx-Controller Images Look at this example PR and the diff to see how it was done before

  • Save and commit

c. Create PR

  • Open pull request to promote the new controller image.

d. Merge

  • Merge success is required for next step

  • Proceed only after cloud-build is successful in building a new Ingress-Nginx-Controller image.

4. PREPARE for a new Release

  • Make sure to get the tag and sha of the promoted image from the step before, either from cloudbuild or from here.

  • This involves editing of several different files. So carefully follow the steps below and double check all changes with diff/grep etc., repeatedly. Mistakes here impact endusers.

a. Make sure your git workspace is ready

  • Get your git workspace ready

    • If not using a pre-existing fork, then Fork the repo kubernetes/ingress-nginx

    • Clone (to laptop or wherever)

    • Add upstream

    • Set upstream url to no_push

    • Checkout & switch to branch, named as per related new-release-issue-number

    • If already forked, and upstream already added, then git fetch --all and git rebase upstream/main (not origin)

    • Checkout a branch in your fork's clone

    • Perform any other diligence as needed

  • Prefer to edit only and only in your branch, in your Fork

b. Edit the semver tag

c. Edit the helm Chart

  • Change the below mentioned Fields in Chart.yaml
    • version
    • appVersion
    • kubeVersion (ONLY if applicable)
    • annotations
      • artifacthub.io/prerelease: "true"
      • artifacthub.io/changes: |
        • Add the titles of the PRs merged after previous release here. I used the github-cli to get that list like so gh pr list -s merged -L 38 -B main | cut -f1,2

d. Edit the values.yaml and run helm-docs

  • Fields to edit in values.yaml

    • tag
    • digest
  • helm-docs is a tool that generates the README.md for a helm-chart automatically. In the CI pipeline workflow of github actions (/.github/workflows/ci.yaml), you can see how helm-docs is used. But the CI pipeline is not designed to make commits back into the project. So we need to run helm-docs manually, and check in the resulting autogenerated README.md at the path /charts/ingress-nginx/README.md

          GOBIN=$PWD GO111MODULE=on go install github.com/norwoodj/helm-docs/cmd/[email protected]
          ./helm-docs --chart-search-root=${GITHUB_WORKSPACE}/charts
          git diff --exit-code
          rm -f ./helm-docs
    

    Watchout for mistakes like leaving the helm-docs executable in your clone workspace or not not checking the new README.md manually etc.

e. Edit the static manifests

  • Prepare to use a script to update the edit the static manifests and set the "image", "digest", "version" etc. fields to the desired value.

  • This script depends on python and a specific python package pip3 install ruamel.yaml

  • Execute the script to update static manifests using that script generate-deploy-scripts.sh

  • Open some of the manifests and check if the script worked properly

  • Use grep -ir to search for any misses by the script or undesired changes

  • The script should properly set the image and the digest fields to the desired tag and semver

  • Manually fix one problem that the script can not take care of.

    • This problem is wrong formatting of a snippet in the file deploy-tls-termination.yaml

    • In the configMap section, for the configMap named ingress-nginx-controller, the "configMap.data" spec has a snippet

    • This snippet becomes a single line, formatted with the newline character "\n"

    • That single line formatted with "\n" needs to be changed as it does not meet yaml requirements

    • At the time of writing this doc, the 'configMap.data' spec is at line number 39.

    • So editing begins at line 40 (at the time of writing this doc)

    • Make that snippet look like this ;

      data:
        http-snippet:|
          server{
            listen 2443;
            return 308 https://$host$request_uri;
          }
      

f. Edit the changelog

Changelog.md

  • Add the PRs merged after previous release
  • If you use the github cli https://cli.github.com/, then that is one useful command to get this list of PRs
  • One way of using gh cli and getting the list of PRs for changelog is described below
    • Install and configure github cli as per the docs of gh-cli

    • Change dir to your clone, of your fork, of the ingress-nginx project

    • Run the below command and save the output to a txt file

      gh pr list -s merged -L 38 -B main | cut -f1,2 > ~/tmp/prlist.txt
      
      • The -L 38 was used for 2 reasons.
        • Default number of results is 30 and there were more than 30 PRs merged while releasing v1.1.1.
        • The other reason to use -L 38 was to ommit the 39th, the 40th and the 41st line in the resulting list. These were non-relevant PRs.
    • Then use some easy automation in bash/python/whathaveyou to get the PR-List that can be used in the changelog

    • I save output of above command to a file called prlist.txt. It looks somewhat like this ;

      % cat ~/Downloads/prlist.txt 
      8129    fix syntax in docs for multi-tls example
      8120    Update go in runner and release v1.1.1
      8119    Update to go v1.17.6
      8118    Remove deprecated libraries, update other libs
      8117    Fix codegen errors
      8115    chart/ghaction: set the correct permission to have access to push a release 
      ....
      
    • Then I use the bash scripty way seen below to convert those PR numbers into links. If I saved the below content in a script called prlist_to_changelog.sh, then I run the command prlist_to_changelog.sh prlist.txt

      #!/usr/bin/bash
      
      file="$1"
      
      while read -r line; do
        pr_num=`echo "$line" | cut -f1`
        pr_title=`echo "$line" | cut -f2`
        echo "[$pr_num](https://github.com/kubernetes/ingress-nginx/pull/$pr_num) $pr_title"
      done <$file
      
      

g. Edit the Documentation:

  • Update the version in docs/deploy/index.md
  • Update Supported versions in the Support Versions table in the README.md

h. Edit stable.txt

  • Edit the stable.txt file(if applicable), in the root of the repo, to reflect the release to be created
  • Criteria is a release that has been GA for a while but reported issues are not bugs but mostly /kind support or feature

i. Update README.md

  • Update the table in README.md in the root of the projet to reflect the support matrix. Add the new release version and details in there.

5. RELEASE new version

a. Create PR

  • Open PR for releasing the new version of the Ingress-Nginx-Controller ;
    • Look at this PR for how it was done before example PR
    • Create a PR

b. Merge

  • Merge should produce manifests as well as chart
  • Check
  • helm repo update
  • helm search repo ingress-nginx

6. Github release

  • Release to github

  • Edit the ghpages file as needed