Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[VC-28877] Publish venafi kubernetes agent chart #471

Merged
merged 17 commits into from
Nov 24, 2023
Merged

[VC-28877] Publish venafi kubernetes agent chart #471

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
17 commits
Select commit Hold shift + click to select a range
e9b95c2
Update venafi-kubernetes-agent chart version to 0.1.43-alpha.0
wallrj Nov 16, 2023
944563a
Make the two charts more consistent
wallrj Nov 21, 2023
d8534bf
Documenting the release process
wallrj Nov 22, 2023
0b72247
Revert changes to Helm chart sources
wallrj Nov 22, 2023
b0890c0
Update version to 0.1.43 to match appVersion
wallrj Nov 22, 2023
ee159f1
More documentation
wallrj Nov 22, 2023
82aafb9
Update chart README
wallrj Nov 22, 2023
0c73db4
Remove unresolved variable
wallrj Nov 22, 2023
d6a478b
make update-helm-docs
wallrj Nov 22, 2023
dc1efc4
Further README tweaks
wallrj Nov 23, 2023
e2b05e9
0.1.43-alpha.1
wallrj Nov 23, 2023
d3cefdb
Address code review comments
wallrj Nov 24, 2023
e938365
Use quay.io/jetstack/venafi-agent
wallrj Nov 24, 2023
f7a64fd
Explain how to do a pre-release
wallrj Nov 24, 2023
a7c8f62
Explain that the chart gets mirrored to venafi registries
wallrj Nov 24, 2023
e15eebf
make update-helm-docs
wallrj Nov 24, 2023
077953b
Update the Helm test to allow for venafi-agent image
wallrj Nov 24, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
81 changes: 81 additions & 0 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -45,3 +45,84 @@ go run main.go echo

The Jetstack-Secure agent exposes its metrics through a Prometheus server, on port 8081.
The Prometheus server is disabled by default but can be enabled by passing the `--enable-metrics` flag to the agent binary.

## Release Process

The release process is semi-automated.
It starts with the following manual steps:

1. Choose the next semver version number.
This project has only ever incremented the "patch" number (never the "minor" number) regardless of the scope of the changes.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Seems a bit counter intuitive to the preceding sentence, but is entirely accurate.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I considered just changing the version number to 1.0.0 and telling releasers to increment the minor version,
but decided that would require a wider discussion.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes, no need for action, I'm just arguing semantics 😂

1. Create a branch.
1. Increment version numbers in the `venafi-kubernetes-agent` Helm chart.
(the `jetstack-secure` Helm chart uses a different version scheme and is updated and released separately):
1. Increment the `version` value in [Chart.yaml](deploy/charts/venafi-kubernetes-agent/Chart.yaml).
DO NOT use a `v` prefix.
The `v` prefix [breaks Helm OCI operations](https://github.com/helm/helm/issues/11107).
1. Increment `appVersion` value in [Chart.yaml](deploy/charts/venafi-kubernetes-agent/Chart.yaml).
Use a `v` prefix, to match the Docker image tag.
1. Increment the `image.tag` value in [values.yaml](deploy/charts/venafi-kubernetes-agent/values.yaml).
Use a `v` prefix.
1. Commit the changes.
1. Create a pull request and wait for it to be approved.
1. Merge the branch.
1. Push a semver tag with a `v` prefix: `vX.Y.Z`.

This will trigger the following automated processes:

1. Two Docker images are built and pushed to a public `quay.io` registry, by the [release-master workflow](.github/workflows/release-master.yml):
* `quay.io/jetstack/preflight`: is pulled directly by tier 1 Jetstack Secure users, who do not have access to the Jetstack Enterprise Registry.
* `quay.io/jetstack/venafi-agent`: is mirrored to a public Venafi OCI registry for Venafi TLS Protect for Kubernetes users.

2. The Docker images are mirrored by private Venafi CI pipelines, to:
* [Jetstack Enterprise Registry](https://platform.jetstack.io/documentation/installation/agent#1-obtain-oci-registry-credentials):
for Tier 2 Jetstack Secure users. Tier 2 grants users access to this registry.
* [Venafi private Registry](https://docs.venafi.cloud/vaas/k8s-components/th-guide-confg-access-to-tlspk-enterprise-components/):
for Tier 2 Venafi TLS Protect for Kubernetes users. Tier 2 grants users access to this registry.
* [Venafi public Registry](https://registry.venafi.cloud/public/venafi-images/venafi-kubernetes-agent):
for Tier 1 Venafi TLS Protect for Kubernetes users. Tier 1 users do not have access to the private registry. (TODO)

### Helm Chart: venafi-kubernetes-agent

The [venafi-kubernetes-agent](deploy/charts/venafi-kubernetes-agent/README.md) chart
is released manually, as follows:

```sh
export VERSION=0.1.43
helm package deploy/charts/venafi-kubernetes-agent --version "${VERSION}"
helm push venafi-kubernetes-agent-${VERSION}.tgz oci://eu.gcr.io/jetstack-secure-enterprise/charts
```

> ℹ️ To test the Helm chart before releasing it, use a [pre-release suffix](https://semver.org/#spec-item-9). E.g.
> `export VERSION=0.1.43-alpha.0`.

The chart will be mirrored to:
* `registry.venafi.cloud/charts/venafi-kubernetes-agent` (Public)
* `private-registry.venafi.cloud/charts/venafi-kubernetes-agent` (Private, US)
* `private-registry.venafi.eu/charts/venafi-kubernetes-agent` (Private, EU)

### Helm Chart: jetstack-agent

The [jetstack-agent](deploy/charts/jetstack-agent/README.md) chart has a different version number to the agent.
This is because the first version of *this* chart was given version `0.1.0`,
while the app version at the time was `0.1.38`.
And this allows the chart to be updated and released more frequently than the Docker image if necessary.
This chart is for [Jetstack Secure](https://platform.jetstack.io/documentation/installation/agent#jetstack-agent-helm-chart-installation).

1. Create a branch
1. Increment version numbers.
1. Increment the `version` value in [Chart.yaml](deploy/charts/jetstack-agent/Chart.yaml).
DO NOT use a `v` prefix.
The `v` prefix [breaks Helm OCI operations](https://github.com/helm/helm/issues/11107).
1. Increment the `appVersion` value in [Chart.yaml](deploy/charts/jetstack-agent/Chart.yaml).
Use a `v` prefix, to match the Docker image tag.
1. Increment the `image.tag` value in [values.yaml](deploy/charts/jetstack-agent/values.yaml).
Use a `v` prefix, to match the Docker image tag.
1. Create a pull request and wait for it to be approved.
1. Merge the branch
1. Push a tag, using the format: `chart-vX.Y.Z`.
This unique tag format is recognized by the private CI pipeline that builds and publishes the chart.

The chart will be published to
the [Jetstack Enterprise Registry](https://platform.jetstack.io/documentation/installation/agent#1-obtain-oci-registry-credentials)
by a private CI pipeline managed by Venafi.
4 changes: 1 addition & 3 deletions deploy/charts/jetstack-agent/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@

TLS Protect for Kubernetes Agent

![Version: 0.3.0](https://img.shields.io/badge/Version-0.3.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v0.1.40](https://img.shields.io/badge/AppVersion-v0.1.40-informational?style=flat-square)
![Version: 0.3.1](https://img.shields.io/badge/Version-0.3.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v0.1.43](https://img.shields.io/badge/AppVersion-v0.1.43-informational?style=flat-square)

## Additional Information

Expand Down Expand Up @@ -175,5 +175,3 @@ kubectl logs -n jetstack-secure $(kubectl get pod -n jetstack-secure -l app.kube
| serviceAccount.name | string | `""` | |
| tolerations | list | `[]` | |

----------------------------------------------
Autogenerated from chart metadata using [helm-docs v1.11.3](https://github.com/norwoodj/helm-docs/releases/v1.11.3)
2 changes: 1 addition & 1 deletion deploy/charts/venafi-kubernetes-agent/Chart.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,5 +3,5 @@ name: venafi-kubernetes-agent
description: |-
The Venafi Kubernetes Agent connects your Kubernetes or Openshift cluster to the Venafi Control Plane.
type: application
version: 0.1.0
version: 0.1.43
appVersion: "v0.1.43"
Loading
Loading