1.6.1-gcm.0

To install this version, please follow the instructions on the README.md (1.6).

Changelog since 1.5.4-gcm.0

• Updated cert-manager from v1.5.4 to v1.6.1
• Updated jetstack-secure agent from v0.1.27 to v0.1.32
• Updated google-cas-issuer from v0.5.3 to v0.5.3

Upgrade instructions

• Upgrading from cert-manager 1.5 to 1.6

Notes

Information about this release:

README.md	https://github.com/jetstack/jetstack-secure-gcm/blob/release-1.6/README.md
deployer image	gcr.io/jetstack-public/jetstack-secure-for-cert-manager/deployer:1.6.1-gcm.0
deployer digest	9c0dbccbaaf7
git tag	1.6.1-gcm.0
git commit	8fb3bc5
retag logs	https://console.cloud.google.com/cloud-build/builds/bad9c1ff-35f7-4c19-9277-3195c76463eb?project=885059085598
deployer logs	https://console.cloud.google.com/cloud-build/builds/39d03e90-6301-4bc5-b798-dbe10fea6415?project=885059085598

📦 Recording of the manual steps of the release process

Since we do not have yet a CD pipeline that would do the work, we prefer documenting every step of the manual process on every single release in order to (1) have a record of what has been done, and (2) be able to remember how to release for the next time.

Step-by-step process followed:

• Set the following variables in your shell session. The PREV_APP_VERSION corresponds to the content of the publishedVersion field that is currently set in schema.yaml. The APP_VERSION corresponds to the release of GCM that you plan on doing. For the other _TAG variables, pick the latest git tag of each project.

  PREV_APP_VERSION="1.6.0-gcm.0"
  APP_VERSION="1.6.1-gcm.0"
  BRANCH=release-1.6
  CERT_MANAGER_TAG="v1.6.1"
  JETSTACK_AGENT_TAG="v0.1.32"
  GOOGLE_CAS_ISSUER_TAG="v0.5.3"
  GOOGLE_CAS_ISSUER_TAG_DOCKER="0.5.3" # same as above, but without the 'v'

• Update the above table with the README.md link.

• ⚠️ Update the cert-manager chart:

  # From the jetstack-secure-gcm repo.
  cd chart/jetstack-secure-gcm/charts/
  rm -rf cert-manager
  helm pull jetstack/cert-manager --version "${APP_VERSION/-gcm*/}" --untar

  Then, run the following:

  find cert-manager -type f -print0 | xargs -0 perl -pi -e 's/app\.kubernetes\.io\/name:(.*\")[a-z-._]+\.name(\".*)/app.kubernetes.io\/name:$1cert-manager.name$2/g'
  find cert-manager -type f -print0 | xargs -0 perl -nli -e 'print if !/^ *app:/'

  Explanation:

  1. The first command makes sure all the app.kubernetes.io/name are set to
     cert-manager. This is a "bug" in the cert-manager chart that we need to
     fix in the GCM chart to avoid seeing missing resources in GKE's
     Application UI.
  2. The second command removes all app: ... labels since these aren't used
     in GCM.

  Finally, add patches that make sense:

  git add -p

  Check that you haven't removed important things (like the GCM-specific Helm
  stuff added for the ubbagent).

• Add any Role and ClusterRole that were added in the previous step into the
  file schema.yaml.

• Make sure to be logged in with gcloud and to have the "Editor" role on
  the jetstack-public repo:

  gcloud config set project jetstack-public

• Create the smoke-test cluster. When not using it, we remove the cluster.

  gcloud container clusters create smoke-test --project=jetstack-public --zone=europe-west2-b --workload-pool=jetstack-public.svc.id.goog --num-nodes=2 --async

• Retag the images with the correct licenses using Cloud Build:

  gcloud builds submit --project jetstack-public --config cloudbuild-retag-with-licenses.yaml --substitutions \
      _APP_VERSION=$APP_VERSION,_CERT_MANAGER_TAG=$CERT_MANAGER_TAG,_JETSTACK_AGENT_TAG=$JETSTACK_AGENT_TAG,_GOOGLE_CAS_ISSUER_TAG=$GOOGLE_CAS_ISSUER_TAG,_GOOGLE_CAS_ISSUER_TAG_DOCKER=$GOOGLE_CAS_ISSUER_TAG_DOCKER

• Copy the link to the Cloud Build logs into the table above (row "retag logs").

• Run the following command that will update the app version in shema.yaml, Chart.yaml and README.md:

  # You must be in the jetstack/jetstack-secure-gcm repo folder.
  PREV_DOT_ESCAPED="${PREV_APP_VERSION//./\\.}"
  find . -type f -not -path '*/\.git*' -and -not -name 'go.sum' -and -not -name 'go.mod' -exec perl -pi -e "s/${PREV_DOT_ESCAPED}/${APP_VERSION}/g" '{}' \;
  find . -type f -not -path '*/\.git*' -and -not -name 'go.sum' -and -not -name 'go.mod' -exec perl -pi -e "s/${PREV_DOT_ESCAPED//-gcm*/}/${APP_VERSION//-gcm*/}/g" '{}' \;

  Check that the diff looks OK and that all the versions in shema.yaml, Chart.yaml and README.md are correct:

  git diff

  Finally, commit it:

  git add .
  git commit -m "bump version to $APP_VERSION" --edit
  git rev-parse HEAD

• Copy and paste that commit hash into the above table. You will create the tag later on.

• Build the deployer image:

  gcloud builds submit --project jetstack-public --timeout 1800s --config cloudbuild.yaml \
    --substitutions _CLUSTER_NAME=smoke-test,_CLUSTER_LOCATION=europe-west2-b,_APP_MINOR_VERSION=$(awk 'BEGIN {FS="."}; {print $1 "." $2}' <<<$APP_VERSION),_APP_VERSION=$APP_VERSION

• Copy the link to the Cloud Build logs into the table above (row "deployer logs").

• Tag the commit you created above:

  git tag $APP_VERSION
  git push --tags

• Delete the smoke-test cluster.

  gcloud container clusters delete smoke-test --zone=europe-west2-b --async --project jetstack-public

• Add the image digest to the table above by running:

  gcloud container images list-tags gcr.io/jetstack-public/jetstack-secure-for-cert-manager/deployer --limit=1

• Go to the GitHub Tags,
  click on the tag you just pushed, and click "Create release from tag", and then:

  1. Set the "Release title" to the name of the tag,
  2. Add this current Markdown <details> block _+ the release notes to the release description,
  3. Click "Save Draft"
  4. Don't forget to update the <details> block with any change or addition to the release process.

• Go to the solution admin UI, click "Update the image" and "Save". After saving, go to the solution page and click "Submit for review" (you must be "Editor" of the jetstack-public project):
  
  
  

• Finally, when the solution is reviewed, open the GitHub release and click
  "Publish".