diff --git a/.devcontainer.json b/.devcontainer.json index ce32da095f..aa62f6aa06 100644 --- a/.devcontainer.json +++ b/.devcontainer.json @@ -1,6 +1,6 @@ { "name": "Go for aks-engine", - "image": "mcr.microsoft.com/oss/azcu/go-dev:v1.31.0", + "image": "mcr.microsoft.com/oss/azcu/go-dev:v1.32.1", "extensions": [ "ms-vscode.go" ], diff --git a/.github/workflows/nightly-build.yaml b/.github/workflows/nightly-build.yaml index 6b194a5a4f..92c5c13a1d 100644 --- a/.github/workflows/nightly-build.yaml +++ b/.github/workflows/nightly-build.yaml @@ -21,7 +21,7 @@ jobs: docker run --rm \ -v ${GITHUB_WORKSPACE}:/go/src/github.com/Azure/aks-engine \ -w /go/src/github.com/Azure/aks-engine \ - mcr.microsoft.com/oss/azcu/go-dev:v1.31.0 make dist + mcr.microsoft.com/oss/azcu/go-dev:v1.32.1 make dist - name: Rename outputs run: | diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml new file mode 100644 index 0000000000..4d6bb4f0ab --- /dev/null +++ b/.github/workflows/release.yaml @@ -0,0 +1,124 @@ +name: Release + +on: + push: + tags: + - 'v*.*.*' + +jobs: + build: + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v2 + - name: Set env + run: echo "RELEASE_VERSION=${GITHUB_REF:10}" >> $GITHUB_ENV # refs/tags/v1.0.0 substring starting at v1.0.0 + - name: Validate CHANGELOG # We require a pre-existing CHANGELOG specific for this release in order to proceed + run: | + [ -s releases/CHANGELOG-${{ env.RELEASE_VERSION }}.md ] + - name: Install go + uses: actions/setup-go@v2 + with: + go-version: '^1.15' + - name: Install ginkgo + run: go get -u github.com/onsi/ginkgo/ginkgo + - name: Install helm + run: | + curl https://baltocdn.com/helm/signing.asc | sudo apt-key add - + sudo apt-get install apt-transport-https --yes + echo "deb https://baltocdn.com/helm/stable/debian/ all main" | sudo tee /etc/apt/sources.list.d/helm-stable-debian.list + sudo apt-get update + sudo apt-get install helm + - name: Install k + run: | + sudo curl -o /usr/local/bin/k https://raw.githubusercontent.com/jakepearson/k/master/k + sudo chmod +x /usr/local/bin/k + - name: Build aks-engine binary + run: make build-binary + - name: Validate 1.18 no-egress scenario + env: + ORCHESTRATOR_RELEASE: "1.18" + CLUSTER_DEFINITION: "examples/no_outbound.json" + SUBSCRIPTION_ID: ${{ secrets.TEST_AZURE_SUB_ID }} + CLIENT_ID: ${{ secrets.TEST_AZURE_SP_ID }} + CLIENT_SECRET: ${{ secrets.TEST_AZURE_SP_PW }} + LOCATION: "westus2" + TENANT_ID: ${{ secrets.TEST_AZURE_TENANT_ID }} + SKIP_LOGS_COLLECTION: true + SKIP_TEST: True + AZURE_CORE_ONLY_SHOW_ERRORS: True + run: make test-kubernetes + - name: Validate 1.19 no-egress scenario + env: + ORCHESTRATOR_RELEASE: "1.19" + CLUSTER_DEFINITION: "examples/no_outbound.json" + SUBSCRIPTION_ID: ${{ secrets.TEST_AZURE_SUB_ID }} + CLIENT_ID: ${{ secrets.TEST_AZURE_SP_ID }} + CLIENT_SECRET: ${{ secrets.TEST_AZURE_SP_PW }} + LOCATION: "westus2" + TENANT_ID: ${{ secrets.TEST_AZURE_TENANT_ID }} + SKIP_LOGS_COLLECTION: true + SKIP_TEST: True + AZURE_CORE_ONLY_SHOW_ERRORS: True + run: make test-kubernetes + - name: Validate 1.20 no-egress scenario + env: + ORCHESTRATOR_RELEASE: "1.20" + CLUSTER_DEFINITION: "examples/no_outbound.json" + SUBSCRIPTION_ID: ${{ secrets.TEST_AZURE_SUB_ID }} + CLIENT_ID: ${{ secrets.TEST_AZURE_SP_ID }} + CLIENT_SECRET: ${{ secrets.TEST_AZURE_SP_PW }} + LOCATION: "westus2" + TENANT_ID: ${{ secrets.TEST_AZURE_TENANT_ID }} + SKIP_LOGS_COLLECTION: true + SKIP_TEST: True + AZURE_CORE_ONLY_SHOW_ERRORS: True + run: make test-kubernetes + - name: Validate 1.21 no-egress scenario + env: + ORCHESTRATOR_RELEASE: "1.21" + CLUSTER_DEFINITION: "examples/no_outbound.json" + SUBSCRIPTION_ID: ${{ secrets.TEST_AZURE_SUB_ID }} + CLIENT_ID: ${{ secrets.TEST_AZURE_SP_ID }} + CLIENT_SECRET: ${{ secrets.TEST_AZURE_SP_PW }} + LOCATION: "westus2" + TENANT_ID: ${{ secrets.TEST_AZURE_TENANT_ID }} + SKIP_LOGS_COLLECTION: true + SKIP_TEST: True + AZURE_CORE_ONLY_SHOW_ERRORS: True + run: make test-kubernetes + - name: Validate 1.20 + containerd E2E + env: + ORCHESTRATOR_RELEASE: "1.20" + CLUSTER_DEFINITION: "examples/e2e-tests/kubernetes/release/default/definition.json" + SUBSCRIPTION_ID: ${{ secrets.TEST_AZURE_SUB_ID }} + CLIENT_ID: ${{ secrets.TEST_AZURE_SP_ID }} + CLIENT_SECRET: ${{ secrets.TEST_AZURE_SP_PW }} + LOCATION: "westus2" + TENANT_ID: ${{ secrets.TEST_AZURE_TENANT_ID }} + CREATE_VNET: true + CLEANUP_ON_EXIT: true + CLEANUP_IF_FAIL: false + GINKGO_SKIP: "" + STABILITY_ITERATIONS: "0" + RETAIN_SSH: false + CONTAINER_RUNTIME: "containerd" + RUN_VMSS_NODE_PROTOTYPE: true + BLOCK_SSH: false + SKIP_LOGS_COLLECTION: true + SKIP_TEST: true + AZURE_CORE_ONLY_SHOW_ERRORS: True + run: make test-kubernetes + - name: Build Artifacts + run: | + docker run --rm \ + -v ${GITHUB_WORKSPACE}:/go/src/github.com/Azure/aks-engine \ + -w /go/src/github.com/Azure/aks-engine \ + mcr.microsoft.com/oss/azcu/go-dev:v1.32.1 make dist + - name: Publish Release + uses: softprops/action-gh-release@v1 + with: + files: _dist/aks-engine*-*-*.* + body_path: releases/CHANGELOG-${{ env.RELEASE_VERSION }}.md + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} diff --git a/.pipelines/pr-e2e.yaml b/.pipelines/pr-e2e.yaml index cba9fec121..edecb6dc23 100644 --- a/.pipelines/pr-e2e.yaml +++ b/.pipelines/pr-e2e.yaml @@ -17,7 +17,7 @@ pr: resources: containers: - container: dev1 - image: mcr.microsoft.com/oss/azcu/go-dev:v1.31.0 + image: mcr.microsoft.com/oss/azcu/go-dev:v1.32.1 jobs: - job: unit_tests diff --git a/.pipelines/vhd-builder-ubuntu-gen2.yaml b/.pipelines/vhd-builder-ubuntu-gen2.yaml index c15cde89c5..154725ef2a 100644 --- a/.pipelines/vhd-builder-ubuntu-gen2.yaml +++ b/.pipelines/vhd-builder-ubuntu-gen2.yaml @@ -7,7 +7,7 @@ trigger: none # - POST a new SKU to azure marketplace variables: - CONTAINER_IMAGE: 'mcr.microsoft.com/oss/azcu/go-dev:v1.31.0' + CONTAINER_IMAGE: 'mcr.microsoft.com/oss/azcu/go-dev:v1.32.1' phases: - phase: build_vhd diff --git a/.pipelines/vhd-builder.yaml b/.pipelines/vhd-builder.yaml index 97acd4756c..619dc45a00 100644 --- a/.pipelines/vhd-builder.yaml +++ b/.pipelines/vhd-builder.yaml @@ -7,7 +7,7 @@ trigger: none # - POST a new SKU to azure marketplace variables: - CONTAINER_IMAGE: 'mcr.microsoft.com/oss/azcu/go-dev:v1.31.0' + CONTAINER_IMAGE: 'mcr.microsoft.com/oss/azcu/go-dev:v1.32.1' phases: - phase: build_vhd diff --git a/Makefile b/Makefile index c8303968df..15e65f61f1 100644 --- a/Makefile +++ b/Makefile @@ -27,7 +27,7 @@ ifeq ($(GITTAG),) GITTAG := $(VERSION_SHORT) endif -DEV_ENV_IMAGE := mcr.microsoft.com/oss/azcu/go-dev:v1.31.0 +DEV_ENV_IMAGE := mcr.microsoft.com/oss/azcu/go-dev:v1.32.1 DEV_ENV_WORK_DIR := /aks-engine DEV_ENV_OPTS := --rm -v $(GOPATH)/pkg/mod:/go/pkg/mod -v $(CURDIR):$(DEV_ENV_WORK_DIR) -w $(DEV_ENV_WORK_DIR) $(DEV_ENV_VARS) DEV_ENV_CMD := docker run $(DEV_ENV_OPTS) $(DEV_ENV_IMAGE) diff --git a/docs/community/release-checklist.md b/docs/community/release-checklist.md index 93ee1ab2f1..4a2a41b155 100644 --- a/docs/community/release-checklist.md +++ b/docs/community/release-checklist.md @@ -16,19 +16,15 @@ By releasing often, each release becomes a safe and routine event. This makes it and easier for users to obtain specific fixes. Continuous delivery also reduces the work necessary to release a product such as AKS Engine, which depends on several external projects. -"Components" applies not just to AKS projects, but also to development and release -tools, to orchestrator versions, to Docker base images, and to other Azure -projects that do [semantic version][] releases. - ## AKS Engine Releases As Needed AKS Engine releases new versions when the team of maintainers determine it is needed. This usually amounts to one or more releases each month. -Minor versions—for example, v0.**32**.0—are created from the master branch whenever +Minor versions—for example, v0.**64**.0—are created from the master branch whenever important features or changes have been merged and CI testing shows it to be stable over time. -Patch versions—for example, v0.32.**3**—are based on the previous release and created on demand +Patch versions—for example, v0.64.**1**—are based on the previous release and created on demand whenever important bug fixes arrive. See "[Creating a New Release](#creating-a-new-release)" for more detail. @@ -52,24 +48,11 @@ to a patch or to a minor release will not break anything. Let's go through the process of creating a new release of the [aks-engine][] binary. -We will use **v0.32.3** as an example herein. You should replace this with the new version you're releasing. - -``` -$ export TAG=v0.32.3 -``` - -### Prepare and Tag a Branch - -First ensure that all the commits to be included in the release are ready in your local repository. - -For a major or minor release, create a branch from master. For a patch, create a branch from the previous release tag and use `git cherry-pick` to apply specific commits. - -Tag the release commit and push it to GitHub: +We will use **v0.63.0** as an example herein. You should replace this with the new version you're releasing. ``` -$ git tag $TAG && git push upstream $TAG +$ export TAG=v0.63.0 ``` - ### Generate Release Notes Use the [`git-chglog`][git-chglog] tool to generate release notes: @@ -80,34 +63,27 @@ $ git-chglog $TAG Be sure to proofread the output and verify that the intended commits appear. If a commit made it to master that didn't have a [conventional commit message][conventional-commit], you'll need to add it to the appropriate section by hand. -Save the markdown that it prints so it can be pasted into the GitHub release. - -### Generate Download Artifacts - -Make sure your repository has no local changes, then build the aks-engine distribution archives: - -``` -$ make generate info # check that the git tree state is clean after a build, and that the tag is correct -$ make clean dist -``` +Save the markdown to a new file under the `releases/` directory, and name it `CHANGELOG-$TAG.md`. For example, for this release we would create a new file: -When this finishes, the `_dist` directory will be populated with three .zip and three .tar.gz archive files. +- `releases/CHANGELOG-v0.63.0.md` -### Make a GitHub Release +If it is helpful to manually curate the CHANGELOG with more human readable language, please do. This will be the first thing a user encounters when evaluating whether or not to use this release. Create a PR with just the new CHANGELOG file, get it reviewed by maintainers, and ensure it is merged to the master branch. -Now navigate to the aks-engine project on GitHub and start a [new release][new-release]: +### Prepare and Tag a Branch -![draft_new_release.png](../static/img/draft_new_release.png) +First ensure that all the commits to be included in the release are ready in your local repository. -Select the tag we pushed previously, and use that tag as the release title. Then paste the release notes from the previous step into the big text field: +For a major or minor release, create a branch from master. For a patch, create a branch from the previous release tag and use `git cherry-pick` to apply specific commits. Ensure that the CHANGELOG file that corresponds to this release is present in the release branch. -![release_notes.png](../static/img/release_notes.png) +Tag the release commit and push it to GitHub: -Finally, drag all six archive files we created with `make dist` into the "Attach binaries" field at the bottom of the release web form: +``` +$ git tag $TAG && git push upstream $TAG +``` -![attach_archives.png](../static/img/attach_archives.png) +### Automated Release CI -Proofread the release notes and satisfy yourself that everything is in order. Click the "Publish release" button when the new aks-engine release is ready for the world. +When you push a new tag that matches the pattern `v*.*.*`, a GitHub Actions job will run automatically and create a new release from that tag, build and publish release artifacts, and populate the release body with the CHANGELOG created earlier for this release. Before actually publishing the release a series of release-gating E2E scenarios will run. It will take 2-3 hours for the entire process to complete. ### Update Package Managers diff --git a/examples/no_outbound.json b/examples/no_outbound.json new file mode 100644 index 0000000000..0623b8d621 --- /dev/null +++ b/examples/no_outbound.json @@ -0,0 +1,45 @@ +{ + "apiVersion": "vlabs", + "properties": { + "masterProfile": { + "count": 1, + "dnsPrefix": "", + "vmSize": "Standard_D2_v3" + }, + "agentPoolProfiles": [ + { + "name": "pool1804vhd", + "count": 1, + "vmSize": "Standard_D2_v3", + "availabilityProfile": "VirtualMachineScaleSets", + "distro": "aks-ubuntu-18.04" + }, + { + "name": "poolwinvhd", + "count": 1, + "vmSize": "Standard_D2_v3", + "availabilityProfile": "VirtualMachineScaleSets", + "osType": "Windows" + } + ], + "linuxProfile": { + "adminUsername": "azureuser", + "ssh": { + "publicKeys": [ + { + "keyData": "" + } + ] + } + }, + "windowsProfile": { + "adminUsername": "azureuser", + "adminPassword": "replacepassword1234$", + "enableAutomaticUpdates": false, + "sshEnabled": true + }, + "featureFlags": { + "BlockOutboundInternet": true + } + } +} diff --git a/makedev.ps1 b/makedev.ps1 index 1b8bbc5e57..56d9bac03b 100644 --- a/makedev.ps1 +++ b/makedev.ps1 @@ -1,4 +1,4 @@ -$DEV_ENV_IMAGE = "mcr.microsoft.com/oss/azcu/go-dev:v1.31.0" +$DEV_ENV_IMAGE = "mcr.microsoft.com/oss/azcu/go-dev:v1.32.1" $DEV_ENV_WORK_DIR = "/aks-engine" # Ensure docker is configured for linux containers diff --git a/test/e2e/kubernetes/workloads/large-container-daemonset.yaml b/test/e2e/kubernetes/workloads/large-container-daemonset.yaml index 336c4880da..36323e6d77 100644 --- a/test/e2e/kubernetes/workloads/large-container-daemonset.yaml +++ b/test/e2e/kubernetes/workloads/large-container-daemonset.yaml @@ -25,7 +25,7 @@ spec: - linux containers: - name: large-container - image: mcr.microsoft.com/oss/azcu/go-dev:v1.31.0 + image: mcr.microsoft.com/oss/azcu/go-dev:v1.32.1 imagePullPolicy: IfNotPresent command: ["/bin/sh"] args: ["-c", "while true; do sleep 1000; done"]