This document describes steps required to update the Sumo Logic Kubernetes Collection Helm Operator.
Access to redhat connect is required before proceeding with component images update step
- Join Redhat support slack channel #op-assist-sumologic. Post in #pd-priv-opensource-collection channel, someone from the team will add you.
- If you don't have access to https://connect.redhat.com, Raise a helpdesk ticket to get you added under Sumologic Org's account and also to assocaite your Github account to redhat.
We need to certify new component images for updated components(ex. otel collector image) on openshift platform
-
Identify modified/upgraded components using sumologic-kubernetes-collection changelog.
-
Build and certify components container images, make steps from this list.
-
Once components are certified in openshift, update the new image hash for modified components. [Ref PR][#173].
-
Generate new version of watches.yaml:
make generate-watches
It will generate
watches_new.yaml, generally watches.yaml won't be changed at all, so compare watches_new.yaml and watches.yaml and proceed with replace only when there is diff. -
Add new appropriate transformations of
RELATED_IMAGE_<COMPONENT>variables for new keys in thewatches_new.yaml. Configuration inwatches.yamlshould set image related keys fromvalues.yamlusing environmental variables containing image withsha256. -
Replace old version of watches.yaml with the new version:
mv watches_new.yaml watches.yaml
-
Prepare the commit with component images update.
-
Build and certify components container images, make steps from this list.
-
Save output of
make verifyfrom sumologic-openshift-images to the file, e.g.make verify > images.txt -
Check the content of
images.txtand make sure that all images are available - noMISSINGentries in theimages.txt, e.g.cat images.txt | grep 'MISSING'
-
Check the content of
images.txtand remove duplicated entries for single component (multiple versions of container images for single component). At this moment it is known that we have two versions forbusyboxandkube-rbac-proxy, remove one of the version leaving the only one.Example transformation: initial version:
registry.connect.redhat.com/sumologic/busybox:1.36.0-ubi registry.connect.redhat.com/sumologic/busybox:@sha256:ceace4beb7db070ae30589a7ef11d68b0435916d6220abccac9396618c2514ed registry.connect.redhat.com/sumologic/busybox:latest-ubi registry.connect.redhat.com/sumologic/busybox:@sha256:bc4b632a545fb8b797aa99d1e7cee8c042332c7cc849df30c945a8a7bd9f6c3a registry.connect.redhat.com/sumologic/kube-rbac-proxy:v0.11.0-ubi registry.connect.redhat.com/sumologic/kube-rbac-proxy:@sha256:57a1e908005bd7ba6007bdf08db5a14fc71a467f80ebfd7de22b83ae80d325e7 registry.connect.redhat.com/sumologic/kube-rbac-proxy:v0.15.0-ubi registry.connect.redhat.com/sumologic/kube-rbac-proxy:@sha256:1153a4592746b05e019bde4d818d176ff9350c013f84d49829032540de882841
transformed version:
registry.connect.redhat.com/sumologic/busybox:1.36.0-ubi registry.connect.redhat.com/sumologic/busybox:@sha256:ceace4beb7db070ae30589a7ef11d68b0435916d6220abccac9396618c2514ed registry.connect.redhat.com/sumologic/kube-rbac-proxy:v0.15.0-ubi registry.connect.redhat.com/sumologic/kube-rbac-proxy:@sha256:1153a4592746b05e019bde4d818d176ff9350c013f84d49829032540de882841
-
From the root directory of the Sumo Logic Kubernetes Collection Helm Operator repository run:
make update-components-images IMAGES_FILE=<PATH_TO_IMAGES.TXT>
This will create new version of following files containing references to components images:
bundle/manifests/operator.clusterserviceversion.yamlconfig/manager/manager.yamltests/replace_components_images.shtests/helm_install.sh
-
Verify content of newly created files and correct them if needed:
bundle/manifests/operator.clusterserviceversion_new.yamlconfig/manager/manager_new.yamltests/replace_components_images_new.shtests/helm_install_new.sh
-
Replace old version of files with newly generated files.
mv bundle/manifests/operator.clusterserviceversion_new.yaml bundle/manifests/operator.clusterserviceversion.yaml mv config/manager/manager_new.yaml config/manager/manager.yaml mv tests/replace_components_images_new.sh tests/replace_components_images.sh mv tests/helm_install_new.sh tests/helm_install.sh chmod +x tests/helm_install.sh
-
Generate new version of watches.yaml:
make generate-watches
It will generated
watches_new.yaml -
Add new appropriate transformations of
RELATED_IMAGE_<COMPONENT>variables for new keys in thewatches_new.yaml. Configuration inwatches.yamlshould set image related keys fromvalues.yamlusing environmental variables containing image withsha256. -
Replace old version of watches.yaml with the new version:
mv watches_new.yaml watches.yaml
-
Prepare the commit with component images update.
- Update submodule with the reference to Sumo Logic Kubernetes Collection Helm Chart use following commands:
cd helm-charts/sumologic-kubernetes-collection
git fetch --tags
git checkout <TAG FROM HELM CHART REPOSITORY>
cd ..
git add sumologic-kubernetes-collection
git commit -m "chore: update Sumologic Kubernetes Collection Helm Chart to <HELM CHART VERSION>"
git push origin <BRANCH NAME>-
Update Sumo Logic Kubernetes Collection Helm Chart version in tests.
-
Update command used in tests to install the Helm Chart and example configurations for the Helm Operator according to changes in the new version of the Helm Chart, update following files:
-
Update example configuration in bundle/manifests/operator.clusterserviceversion.yaml
cat config/samples/default_openshift.yaml | python3 -c 'import sys, yaml, json; json.dump([yaml.safe_load(sys.stdin)], sys.stdout, indent=4)' > config/samples/default_openshift.json EXAMPLE=$(cat config/samples/default_openshift.json) yq eval '.metadata.annotations.alm-examples |= strenv(EXAMPLE)' -P -i bundle/manifests/operator.clusterserviceversion.yaml
-
Test the Sumo Logic Kubernetes Collection Helm Chart with UBI based container images and fix issues. To test you can use:
make deploy-helm-chart
-
Build Helm Operator image and test the Sumo Logic Kubernetes Collection Helm Operator, fix occurring issues. To test you can use following commands:
echo $CR_PAT | docker login ghcr.io -u USERNAME --password-stdin export IMG=ghcr.io/<YOUR GITHUB ID>/sumologic-kubernetes-collection-helm-operator:<IMAGE TAG> make docker-build IMG="${IMG}" docker push "${IMG}" make deploy-helm-operator-using-public-images IMG="${IMG}"
To update bundle.yaml use following command:
make generate-bundle
mv generated_bundle.yaml bundle.yaml -
Update dependencies in Dockerfile
-
Update supported OpenShift versions, please see com.redhat.openshift.versions annotation.
-
Prepare new release, using the instruction below:
-
Prepare release pull request with changes necessary to create new version of Helm operator (update version, names, description, creation date), see example pull request for rc release, example for final release version.
-
Create the release tag for commit with Helm Chart version change, e.g.
git tag -a v2.1.1-0-rc.0 -m "Release v2.1.1-0-rc.0" -
Push the release tag, e.g.
git push origin v2.1.1-0-rc.0
-
For major and minor version change prepare release branch, e.g.
git checkout -b release-v2.1.0 git push origin release-v2.1.0
-
Cut the release
- Go to https://github.com/SumoLogic/sumologic-kubernetes-collection-helm-operator/releases and click "Draft a new release".
- Compare changes since the last release.
- Prepare release notes.
-
-
Submit Helm Operator image for certification in http://connect.redhat.com/. Please use the instructions here [https://connect.redhat.com/component/view/608aaab7ebd9cca472b09434/images/setup-preflight] to certify the image. Please note, you will need a Redhat (>8.0) or Fedora (>34.0) machine to undergo the steps.
-
Example commands upload the operator to redhat container registry(quay.io) and certify them using preflight. Below are just handy commands, refer redhat certification manual to get complete details and then use below commands for reference.
- Upload image to Container registry
docker login -u redhat-isv-containers+608aaab7ebd9cca472b09434-robot quay.io (Get login password from redhat component page) docker pull public.ecr.aws/sumologic/sumologic-kubernetes-collection-helm-operator:latest docker tag b22d52f29f8f quay.io/redhat-isv-containers/608aaab7ebd9cca472b09434:4.17.1-0 docker push quay.io/redhat-isv-containers/608aaab7ebd9cca472b09434:4.17.1-0
- Submit for certification using preflight
podman login --username redhat-isv-containers+608aaab7ebd9cca472b09434-robot --password ******* --authfile ./temp-authfile.json quay.io preflight check container quay.io/redhat-isv-containers/608aaab7ebd9cca472b09434:4.17.1-0 --submit --pyxis-api-token=****** --certification-component-id=608aaab7ebd9cca472b09434 --docker-config=./temp-authfile.json
-
-
Update Helm Operator image in ClusterServiceVersion, please see example pull request. Once above steps are done for release candidate version, You will be able to see the rc build in openshift components repo. Create PR for updating the release candidate image in ClusterServiceVersion. Once PR is merged, retag release candidate starting from step 1. Why we are doing this is because, only when updating the release candidate's certified component's image, we will be able to be do local testing.
-
Test new Helm Operator RC version, please use this instruction (please omit first step and use images created for the new Helm Operator version).
-
Once rc testing is completed, go back to step 1 and tag the actual release tag and certify it. Once it's certified proceed with further release steps below.
-
Prepare pull request to certified-operators, please see example pull request.
-
Prepare pull request to redhat-marketplace-operators, please see example pull request.
-
Make sure that new version of Helm Operator is available on the desired platforms.