diff --git a/docs/Release-Process.md b/docs/Release-Process.md index edd7e860d..9c09f5613 100644 --- a/docs/Release-Process.md +++ b/docs/Release-Process.md @@ -46,17 +46,7 @@ and trustee versions were updated when their components released as listed above As the [CoCo operator](https://github.com/confidential-containers/operator/) doesn't release until after peer pods, the [current plan](https://github.com/confidential-containers/confidential-containers/pull/201#discussion_r1570606331), is to pick the latest operator commit to pin that in our released version's instructions of deploying the operator. -To do this, we should edit the [Makefile](../src/cloud-api-adaptor/Makefile) to replace the -*github.com/confidential-containers/operator/config/default* and -*github.com/confidential-containers/operator/config/samples/ccruntime/peer-pods* URLs: -``` -operator_commit= -sed -i "s#\(github.com/confidential-containers/operator/config/default\)#\1?ref=${operator_commit}#" Makefile -sed -i "s#\(github.com/confidential-containers/operator/config/samples/ccruntime/peer-pods\)#\1?ref=${operator_commit}#" Makefile -``` - - +To do this, we should update the `git.coco-operator.reference` value in [versions.yaml](../src/cloud-api-adaptor/versions.yaml). When this change is merged, it triggers the [project images publish workflow](../.github/workflows/publish_images_on_push.yaml) to create a new container image in @@ -221,7 +211,7 @@ confidential-containers release team to let them know it has completed successfu If the `main` branch was not already unlocked, then ask an admin to do this now. -The CoCo operator URLs on the [Makefile](../src/cloud-api-adaptor/Makefile) should be reverted to use the latest version. +The CoCo operator reference commit in the [versions.yaml](../src/cloud-api-adaptor/versions.yaml) should be reverted to use the latest version. The changes on the overlay kustomization files should be reverted to start using the latest cloud-api-adaptor images again: ``` diff --git a/src/cloud-api-adaptor/Makefile b/src/cloud-api-adaptor/Makefile index 8739b794c..27cf19cca 100644 --- a/src/cloud-api-adaptor/Makefile +++ b/src/cloud-api-adaptor/Makefile @@ -124,8 +124,8 @@ image-with-arch: .git-commit ## Build the per arch image .PHONY: deploy deploy: ## Deploy cloud-api-adaptor using the operator, according to install/overlays/$(CLOUD_PROVIDER)/kustomization.yaml file. ifneq ($(CLOUD_PROVIDER),) - kubectl apply -k "github.com/confidential-containers/operator/config/default" - kubectl apply -k "github.com/confidential-containers/operator/config/samples/ccruntime/peer-pods" + kubectl apply -k "$(COCO_OPERATOR_REPO)/config/default?ref=$(COCO_OPERATOR_REF)" + kubectl apply -k "$(COCO_OPERATOR_REPO)/config/samples/ccruntime/peer-pods?ref=$(COCO_OPERATOR_REF)" kubectl apply -k install/overlays/$(CLOUD_PROVIDER) else $(error CLOUD_PROVIDER is not set) diff --git a/src/cloud-api-adaptor/Makefile.defaults b/src/cloud-api-adaptor/Makefile.defaults index af77cf4aa..b12a5c8f3 100644 --- a/src/cloud-api-adaptor/Makefile.defaults +++ b/src/cloud-api-adaptor/Makefile.defaults @@ -28,6 +28,8 @@ rhel_amd64_IMAGE_CHECKSUM := $(call query,cloudimg.rhel.$(rhel_RELEASE).amd64.ch rhel_s390x_IMAGE_URL := $(call query,cloudimg.rhel.$(rhel_RELEASE).s390x.url) rhel_s390x_IMAGE_CHECKSUM := $(call query,cloudimg.rhel.$(rhel_RELEASE).s390x.checksum) +COCO_OPERATOR_REF := $(or $(COCO_OPERATOR_REF),$(call query,git.coco-operator.reference)) +COCO_OPERATOR_REPO := $(or $(COCO_OPERATOR_REPO),$(call query,git.coco-operator.url)) KATA_SRC := $(or $(KATA_SRC),$(call query,git.kata-containers.url)) KATA_SRC_REF := $(or $(KATA_SRC_REF),$(call query,git.kata-containers.reference)) GO_VERSION := $(or $(GO_VERSION),$(call query,tools.golang)) diff --git a/src/cloud-api-adaptor/install/README.md b/src/cloud-api-adaptor/install/README.md index 0f799da1d..50bcf3af3 100644 --- a/src/cloud-api-adaptor/install/README.md +++ b/src/cloud-api-adaptor/install/README.md @@ -47,6 +47,7 @@ You can deploy the CoCo operator and cloud-api-adaptor with the `Makefile` by ru * `make deploy` deploys operator, runtime and cloud-api-adaptor pod in the configured cluster * validate kubectl is available in your `$PATH` and `$KUBECONFIG` is set + * `yq` tool is available in your `$PATH` > **Note:** `make delete` deletes the cloud-api-adaptor daemonset from the configured cluster (and peerpod-ctrl if RESOURCE_CTRL=true is set) diff --git a/src/cloud-api-adaptor/test/provisioner/provision.go b/src/cloud-api-adaptor/test/provisioner/provision.go index 1e5b7c7b2..4ad5054cf 100644 --- a/src/cloud-api-adaptor/test/provisioner/provision.go +++ b/src/cloud-api-adaptor/test/provisioner/provision.go @@ -16,6 +16,7 @@ import ( "time" "github.com/BurntSushi/toml" + "github.com/confidential-containers/cloud-api-adaptor/src/cloud-api-adaptor/test/utils" log "github.com/sirupsen/logrus" appsv1 "k8s.io/api/apps/v1" corev1 "k8s.io/api/core/v1" @@ -51,6 +52,8 @@ var NewProvisionerFunctions = make(map[string]NewProvisionerFunc) type CloudAPIAdaptor struct { caaDaemonSet *appsv1.DaemonSet // Represents the cloud-api-adaptor daemonset ccDaemonSet *appsv1.DaemonSet // Represents the CoCo installer daemonset + ccOpGitRepo string // CoCo operator's repository URL + ccOpGitRef string // CoCo operator's repository reference cloudProvider string // Cloud provider controllerDeployment *appsv1.Deployment // Represents the controller manager deployment namespace string // The CoCo namespace @@ -203,9 +206,17 @@ func NewCloudAPIAdaptor(provider string, installDir string) (*CloudAPIAdaptor, e return nil, err } + versions, err := utils.GetVersions() + if err != nil { + return nil, err + } + ccOperator := versions.Git["coco-operator"] + return &CloudAPIAdaptor{ caaDaemonSet: &appsv1.DaemonSet{ObjectMeta: metav1.ObjectMeta{Name: "cloud-api-adaptor-daemonset", Namespace: namespace}}, ccDaemonSet: &appsv1.DaemonSet{ObjectMeta: metav1.ObjectMeta{Name: "cc-operator-daemon-install", Namespace: namespace}}, + ccOpGitRepo: ccOperator.Url, + ccOpGitRef: ccOperator.Ref, cloudProvider: provider, controllerDeployment: &appsv1.Deployment{ObjectMeta: metav1.ObjectMeta{Name: "cc-operator-controller-manager", Namespace: namespace}}, namespace: namespace, @@ -455,7 +466,7 @@ func (p *CloudAPIAdaptor) Delete(ctx context.Context, cfg *envconf.Config) error } log.Info("Uninstall CCRuntime CRD") - cmd := exec.Command("kubectl", "delete", "-k", "github.com/confidential-containers/operator/config/samples/ccruntime/peer-pods") + cmd := exec.Command("kubectl", "delete", "-k", p.ccOpGitRepo+"/config/samples/ccruntime/peer-pods?ref="+p.ccOpGitRef) cmd.Env = append(os.Environ(), fmt.Sprintf("KUBECONFIG="+cfg.KubeconfigFile())) stdoutStderr, err := cmd.CombinedOutput() log.Tracef("%v, output: %s", cmd, stdoutStderr) @@ -475,7 +486,7 @@ func (p *CloudAPIAdaptor) Delete(ctx context.Context, cfg *envconf.Config) error deployments := &appsv1.DeploymentList{Items: []appsv1.Deployment{*p.controllerDeployment}} log.Info("Uninstall the controller manager") - cmd = exec.Command("kubectl", "delete", "-k", "github.com/confidential-containers/operator/config/default") + cmd = exec.Command("kubectl", "delete", "-k", p.ccOpGitRepo+"/operator/config/default?ref="+p.ccOpGitRef) cmd.Env = append(os.Environ(), fmt.Sprintf("KUBECONFIG="+cfg.KubeconfigFile())) stdoutStderr, err = cmd.CombinedOutput() log.Tracef("%v, output: %s", cmd, stdoutStderr) @@ -522,7 +533,7 @@ func (p *CloudAPIAdaptor) Deploy(ctx context.Context, cfg *envconf.Config, props log.Info("Install the controller manager") // TODO - find go idiomatic way to apply/delete remote kustomize and apply to this file - cmd := exec.Command("kubectl", "apply", "-k", "github.com/confidential-containers/operator/config/default") + cmd := exec.Command("kubectl", "apply", "-k", p.ccOpGitRepo+"/config/default?ref="+p.ccOpGitRef) cmd.Env = append(os.Environ(), fmt.Sprintf("KUBECONFIG="+cfg.KubeconfigFile())) stdoutStderr, err := cmd.CombinedOutput() log.Tracef("%v, output: %s", cmd, stdoutStderr) @@ -541,7 +552,7 @@ func (p *CloudAPIAdaptor) Deploy(ctx context.Context, cfg *envconf.Config, props return err } - cmd = exec.Command("kubectl", "apply", "-k", "github.com/confidential-containers/operator/config/samples/ccruntime/peer-pods") + cmd = exec.Command("kubectl", "apply", "-k", p.ccOpGitRepo+"/config/samples/ccruntime/peer-pods?ref="+p.ccOpGitRef) cmd.Env = append(os.Environ(), fmt.Sprintf("KUBECONFIG="+cfg.KubeconfigFile())) stdoutStderr, err = cmd.CombinedOutput() log.Tracef("%v, output: %s", cmd, stdoutStderr) diff --git a/src/cloud-api-adaptor/test/utils/versions.go b/src/cloud-api-adaptor/test/utils/versions.go new file mode 100644 index 000000000..54722ee0a --- /dev/null +++ b/src/cloud-api-adaptor/test/utils/versions.go @@ -0,0 +1,37 @@ +// (C) Copyright Confidential Containers Contributors +// SPDX-License-Identifier: Apache-2.0 + +package utils + +import ( + "os" + + "gopkg.in/yaml.v2" +) + +// Relative to test/e2e +const VersionsFile = "../../versions.yaml" + +// Versions represents the project's versions.yaml +type Versions struct { + Git map[string]struct { + Url string `yaml:"url"` + Ref string `yaml:"reference"` + } +} + +// GetVersions unmarshals the project's versions.yaml +func GetVersions() (*Versions, error) { + var versions Versions + + yamlFile, err := os.ReadFile(VersionsFile) + if err != nil { + return nil, err + } + + if err := yaml.Unmarshal(yamlFile, &versions); err != nil { + return nil, err + } + + return &versions, nil +} diff --git a/src/cloud-api-adaptor/versions.yaml b/src/cloud-api-adaptor/versions.yaml index 5aa1a3414..a89f66548 100644 --- a/src/cloud-api-adaptor/versions.yaml +++ b/src/cloud-api-adaptor/versions.yaml @@ -27,6 +27,9 @@ tools: kcli: 99.0.202407031308 # Referenced Git repositories git: + coco-operator: + url: https://github.com/confidential-containers/operator + reference: main guest-components: url: https://github.com/confidential-containers/guest-components reference: df60725afe0ba452a25a740cf460c2855442c49a