1.1.0-gcm.9

To install this version, please follow the instructions on the README.md (1.1).

Changelog

This Marketplace build release fixes the version 1.1 that had become uninstallable due to a breaking change introduced by Google.

Notes

📦 Recording of the manual steps of the release process

Since we do not have yet a CD pipeline that would do the work, we prefer documenting every step of the manual process on every single release in order to (1) have a record of what has been done, and (2) be able to remember how to release for the next time.

Information about this release:

(fill this table after you are done with the below steps)

README.md	https://github.com/jetstack/jetstack-secure-gcm/blob/release-1.1/README.md
deployer image	gcr.io/jetstack-public/jetstack-secure-for-cert-manager/deployer:1.1.0-gcm.9
deployer digest	e19eb224ad10
git tag	1.1.0-gcm.9
git commit	d208299
retag logs	https://console.cloud.google.com/cloud-build/builds/d60468af-2ad9-4ec3-bed2-1069fe8e37b6?project=885059085598
deployer logs	https://console.cloud.google.com/cloud-build/builds/deaf4cb1-cb36-40e7-a697-b266dd14edfe?project=885059085598

Step-by-step process followed:

• Set the following variables in your shell session. The APP_VERSION corresponds to the release of GCM that you plan on doing. For the other _TAG variables, pick the latest git tag of each project.

  APP_VERSION="1.1.0-gcm.9"
  BRANCH=release-1.1
  CERT_MANAGER_TAG="v1.1.0"
  JETSTACK_AGENT_TAG="v0.1.29"
  GOOGLE_CAS_ISSUER_TAG="v0.3.0"
  GOOGLE_CAS_ISSUER_TAG_DOCKER="0.3.0" # same as above, but without the 'v'

• Fast-forward (or create) the release branch:

  # If the release branch does not already exist:
  git fetch origin
  git checkout -b $BRANCH origin/main
  
  # If the release branch already exists:
  git checkout $BRANCH
  git fetch origin
  git merge --ff-only origin/main

• Update the above table with the README.md link.

• ⚠️ Copy any "new" Role or ClusterRole into the schema.yaml:

  # From the cert-manager repo:
  git fetch --tags
  git diff v1.3.1 v1.4.0 -- deploy/charts/cert-manager/templates
  
  # From google-cas-issuer repo:
  git fetch --tags
  git diff v0.3.0 v0.5.2 -- config/

• Make sure to be logged in with gcloud and to have the "Editor" role on
  the jetstack-public repo:

  gcloud config set project jetstack-public

• Create the smoke-test cluster. When not using it, we remove the cluster.

  gcloud container clusters create smoke-test --project=jetstack-public --zone=europe-west2-b --workload-pool=jetstack-public.svc.id.goog --num-nodes=2 --async

• Retag the images with the correct licenses using Cloud Build:

  gcloud builds submit --project jetstack-public --config cloudbuild-retag-with-licenses.yaml --substitutions \
      _APP_VERSION=$APP_VERSION,_CERT_MANAGER_TAG=$CERT_MANAGER_TAG,_JETSTACK_AGENT_TAG=$JETSTACK_AGENT_TAG,_GOOGLE_CAS_ISSUER_TAG=$GOOGLE_CAS_ISSUER_TAG,_GOOGLE_CAS_ISSUER_TAG_DOCKER=$GOOGLE_CAS_ISSUER_TAG_DOCKER

• Copy the link to the Cloud Build logs into the table above (row "retag logs").

• Run the following command that will update the app version in schema.yaml:

  # You must be in the jetstack/jetstack-secure-gcm repo folder.
  sed -i.bak "s/publishedVersion: .*/publishedVersion: $APP_VERSION/" schema.yaml
  git add schema.yaml
  git commit -m "bump version to $APP_VERSION" --edit

• Copy and paste that commit hash into the above table. You will create the tag later on.

• Build the deployer image:

  gcloud builds submit --project jetstack-public --timeout 1800s --config cloudbuild.yaml \
    --substitutions _CLUSTER_NAME=smoke-test,_CLUSTER_LOCATION=europe-west2-b,_APP_MINOR_VERSION=$(awk 'BEGIN {FS="."}; {print $1 "." $2}' <<<$APP_VERSION),_APP_VERSION=$APP_VERSION

• Copy the link to the Cloud Build logs into the table above (row "deployer logs").

• Tag the commit you created above:

  COMMIT=d2082991611dfa5ab265faaee040c5e861f564ee
  git tag $APP_VERSION $COMMIT
  git push --tags

• Delete the smoke-test cluster.

  gcloud container clusters delete smoke-test --zone=europe-west2-b --async

• Add the image digest to the table above by running:

  gcloud container images list-tags gcr.io/jetstack-public/jetstack-secure-for-cert-manager/deployer --limit=1

• Go to the GitHub Releases and click "Edit tag", and then:

  1. Set the "Release title" to the name of the tag,
  2. Add this current Markdown <details> block _+ the release notes to the release description,
  3. Click "Save Draft"
  4. Don't forget to update the <details> block with any change or addition to the release process.

• Go to the solution admin UI, click "Update the image" and "Save". After saving, go to the solution page and click "Submit for review" (you must be "Editor" of the jetstack-public project):
  

• Finally, when the solution is reviewed, open the GitHub release and click
  "Publish".

1.3.1-gcm.0

For fresh installs, install 1.3.1-gcm.1 instead (breaking change in CRD validation).

The versions 1.1 and 1.3 are deprecated since 24 June 2021 and will be removed on 14 January 2022. We invite users to upgrade to the latest version of the application.

Changelog

In this release, we updated the following versions:

Project	Previous version	New version
cert-manager	v1.1.0	v1.3.1
cert-manager-google-cas-issuer	v0.2.8	v0.3.0
preflight	v0.1.28	v0.1.29

Notes

📦 Recording of the manual steps of the release process

Since we do not have yet a CD pipeline that would do the work, we prefer documenting every step of the manual process on every single release in order to (1) have a record of what has been done, and (2) be able to remember how to release for the next time.

Information about this release:

(fill this table after you are done with the below steps)

deployer image	gcr.io/jetstack-public/jetstack-secure-for-cert-manager/deployer:1.3.1-gcm.0
git tag	1.3.1-gcm.0
commit	5260d49
retag logs	https://console.cloud.google.com/cloud-build/builds/4e68a9a8-c5b9-41a5-afe4-15afa9b1608c?project=885059085598
deployer logs	https://console.cloud.google.com/cloud-build/builds/c9a200cb-de87-4a84-ad8a-61508061485e

Step-by-step process followed:

• Check if some RBAC rules have been added to the cert-manager chart, preflight and google-cas-issuer, and copy them to schema.yaml.

• Make sure to be logged in with gcloud and to have the "Editor" role on
  the jetstack-public repo:

  gcloud config set project jetstack-public

• Create the smoke-test cluster. When not using it, we remove the cluster.

  gcloud container clusters create smoke-test --project=jetstack-public --zone=europe-west2-b --workload-pool=jetstack-public.svc.id.goog --num-nodes=2 --async

• Set the following variables in your shell session. The APP_VERSION
  corresponds to the release of GCM that you plan on doing. For the other
  _TAG variables, pick the latest git tag of each project.

  APP_VERSION="1.3.1-gcm.0"
  CERT_MANAGER_TAG="v1.3.1"
  JETSTACK_AGENT_TAG="v0.1.29"
  GOOGLE_CAS_ISSUER_TAG="v0.3.0"
  GOOGLE_CAS_ISSUER_TAG_DOCKER="0.3.0" # same as above, but without the 'v'

• Retag the images with the correct licenses using Cloud Build:

  gcloud builds submit --project jetstack-public --config cloudbuild-retag-with-licenses.yaml --substitutions \
      _APP_VERSION=$APP_VERSION,_CERT_MANAGER_TAG=$CERT_MANAGER_TAG,_JETSTACK_AGENT_TAG=$JETSTACK_AGENT_TAG,_GOOGLE_CAS_ISSUER_TAG=$GOOGLE_CAS_ISSUER_TAG,_GOOGLE_CAS_ISSUER_TAG_DOCKER=$GOOGLE_CAS_ISSUER_TAG_DOCKER

• Copy the link to the Cloud Build logs into the table above (row "retag logs").

• Update the app version in schema.yaml:

  # You must be in the jetstack/jetstack-secure-gcm repo folder.
  sed -i~ "s/publishedVersion: .*/publishedVersion: $APP_VERSION/" schema.yaml
  git add schema.yaml
  git commit -m "bump version to $APP_VERSION" --edit

• Copy and paste that commit hash into the above table. You will create
  the tag later on.

• Build the deployer image:

  gcloud builds submit --project jetstack-public --timeout 1800s --config cloudbuild.yaml \
    --substitutions _CLUSTER_NAME=smoke-test,_CLUSTER_LOCATION=europe-west2-b,_APP_MINOR_VERSION=$(awk 'BEGIN {FS="."}; {print $1 "." $2}' <<<$APP_VERSION),_APP_VERSION=$APP_VERSION

• Copy the link to the Cloud Build logs into the table above (row "deployer logs").

• Tag the commit you created above:

  COMMIT=5260d49f3641b4ee80106612fdb8a089e436283f
  git tag $APP_VERSION $COMMIT
  git push --tags

• Delete the smoke-test cluster.

  gcloud container clusters delete smoke-test --zone=europe-west2-b --async

• Go to the GitHub Releases and edit the tag and add this current Markdown <details> block _+ the release notes to the tag and release it. Update any instructions that you had to tweak in order to make this release.

• Finally, go to the solution admin UI, click "Update the image" and "Save". After saving, go to the solution page and click "Submit for review" (you must be "Editor" of the jetstack-public project):
  

1.1.0-gcm.8

For fresh installs, install 1.1.0-gcm.9 instead (breaking change in CRD validation).

The versions 1.1 and 1.3 are deprecated since 24 June 2021 and will be removed on 14 January 2022. We invite users to upgrade to the latest version of the application.

Changelog

• The preflight deployment is now "green" after a fresh click-to-deploy. Initially, we thought that it would make sense to leave the preflight deployment fail on a fresh install in order to "indicate" that an action was needed to set up http://platform.jetstack.io/, but we later realized that it led to a poor UX. (#41)
  Before/after:
  

Notes

📦 Recording of the manual steps of the release process

Since we do not have yet a CD pipeline that would do the work, we prefer documenting every step of the manual process on every single release in order to (1) have a record of what has been done, and (2) be able to remember how to release for the next time.

Information about this release:

deployer image	gcr.io/jetstack-public/jetstack-secure-for-cert-manager/deployer:1.1.0-gcm.8
git tag	1.1.0-gcm.8
commit	405c4f8
logs	https://console.cloud.google.com/cloud-build/builds/29685ce7-b998-4078-9611-e509f5b086e6?project=885059085598

Step-by-step process followed:

• Update the above table with the correct information (the logs link is
  available after running gcloud builds below).

• Retag all images with the new tag. We do this because we do not have
  automated the "rebuild of images with the LICENSES file embedded", which
  will be done in #10.
  So we have to use an existing prior tag and retag every image to the new
  tag:

  V=1.1.0-gcm.8
  EXISTING_V=1.1.0-gcm.1
  retag() { # Usage: retag FROM_IMAGE_WITH_TAG TO_IMAGE_WITH_TAG
    local FROM=$1 TO=$2
    docker pull $FROM && docker tag $FROM $TO && docker push $TO
  }
  retagall() { # Usage: retagall FROM_REGISTRY FROM_TAG TO_REGISTRY TO_TAG
    local FROM=$1 TO=$2 FROM_TAG=$3 TO_TAG=$4
    retag $FROM:$FROM_TAG $TO:$TO_TAG || exit 1
    retag $FROM/cert-manager-acmesolver:$FROM_TAG $TO/cert-manager-acmesolver:$TO_TAG || exit 1
    retag $FROM/cert-manager-cainjector:$FROM_TAG $TO/cert-manager-cainjector:$TO_TAG || exit 1
    retag $FROM/cert-manager-webhook:$FROM_TAG $TO/cert-manager-webhook:$TO_TAG || exit 1
    retag $FROM/cert-manager-google-cas-issuer:$FROM_TAG $TO/cert-manager-google-cas-issuer:$TO_TAG || exit 1
    retag $FROM/preflight:$FROM_TAG $TO/preflight:$TO_TAG || exit 1
    retag gcr.io/cloud-marketplace-tools/metering/ubbagent:latest $TO/ubbagent:$TO_TAG || exit 1
  }
  retagall gcr.io/jetstack-public/jetstack-secure-for-cert-manager{,} $EXISTING_V $V

• Bump the version number in
  schema.yaml.

• Make sure to be logged in with gcloud and to have the "Editor" role on
  the jetstack-public repo.

• Run a build to create the deployer image:

  V=1.1.0-gcm.8
  gcloud builds submit --project jetstack-public --timeout 1800s --config cloudbuild.yaml \
    --substitutions _CLUSTER_NAME=smoke-test,_CLUSTER_LOCATION=europe-west2-b,_APP_MINOR_VERSION=$(awk 'BEGIN {FS="."}; {print $1 "." $2}' <<<$V),_APP_VERSION=$V

• Tag the commit that was used to run gcloud builds submit:

  V=1.1.0-gcm.8
  COMMIT=405c4f890d1c5631df7ee6be88c1b4d6addf1837
  git tag $V $COMMIT
  git push --tags

• Go to the GitHub Releases and edit the tag and add this current Markdown <details> block _+ the release notes to the tag and release it. Update any instructions that you had to tweak in order to make this release.

• Finally, go to the solution admin UI, click "Update the image" and "Save". After saving, go to the solution page and click "Submit for review" (you must be "Editor" of the jetstack-public project):
  

1.1.0-gcm.7

Changelog

• The schema.yaml was too big as per Google's requirements. I removed a couple of comments in order to go under 16384 bytes. The schema.yaml is now 16273 bytes large.

Notes

📦 Recording of the manual steps of the release process

Since we do not have yet a CD pipeline that would do the work, we prefer documenting every step of the manual process on every single release in order to (1) have a record of what has been done, and (2) be able to remember how to release for the next time.

Information about this release:

deployer image	gcr.io/jetstack-public/jetstack-secure-for-cert-manager/deployer:1.1.0-gcm.7
git tag	1.1.0-gcm.7
commit	61219f6
logs	https://console.cloud.google.com/cloud-build/builds/c23b2a50-b020-41b2-98e3-8a8530507fa5?project=885059085598

Step-by-step process followed:

• Update the above table with the correct information (the logs link is
  available after running gcloud builds below).

• Retag all images with the new tag. We do this because we do not have
  automated the "rebuild of images with the LICENSES file embedded", which
  will be done in #10.
  So we have to use an existing prior tag and retag every image to the new
  tag:

  V=1.1.0-gcm.7
  EXISTING_V=1.1.0-gcm.1
  retag() { # Usage: retag FROM_IMAGE_WITH_TAG TO_IMAGE_WITH_TAG
    local FROM=$1 TO=$2
    docker pull $FROM && docker tag $FROM $TO && docker push $TO
  }
  retagall() { # Usage: retagall FROM_REGISTRY FROM_TAG TO_REGISTRY TO_TAG
    local FROM=$1 TO=$2 FROM_TAG=$3 TO_TAG=$4
    retag $FROM:$FROM_TAG $TO:$TO_TAG || exit 1
    retag $FROM/cert-manager-acmesolver:$FROM_TAG $TO/cert-manager-acmesolver:$TO_TAG || exit 1
    retag $FROM/cert-manager-cainjector:$FROM_TAG $TO/cert-manager-cainjector:$TO_TAG || exit 1
    retag $FROM/cert-manager-webhook:$FROM_TAG $TO/cert-manager-webhook:$TO_TAG || exit 1
    retag $FROM/cert-manager-google-cas-issuer:$FROM_TAG $TO/cert-manager-google-cas-issuer:$TO_TAG || exit 1
    retag $FROM/preflight:$FROM_TAG $TO/preflight:$TO_TAG || exit 1
    retag gcr.io/cloud-marketplace-tools/metering/ubbagent:latest $TO/ubbagent:$TO_TAG || exit 1
  }
  retagall gcr.io/jetstack-public/jetstack-secure-for-cert-manager{,} $EXISTING_V $V

• Bump the version number in
  schema.yaml.

• Make sure to be logged in with gcloud and to have the "Editor" role on
  the jetstack-public repo.

• Run a build to create the deployer image:

  V=1.1.0-gcm.7
  gcloud builds submit --project jetstack-public --timeout 1800s --config cloudbuild.yaml \
    --substitutions _CLUSTER_NAME=smoke-test,_CLUSTER_LOCATION=europe-west2-b,_APP_MINOR_VERSION=$(awk 'BEGIN {FS="."}; {print $1 "." $2}' <<<$V),_APP_VERSION=$V

• Tag the commit that was used to run gcloud builds submit:

  V=1.1.0-gcm.7
  COMMIT=61219f6670a72a73a7069076dedec68410094777
  git tag $V $COMMIT
  git push --tags

• Go to the GitHub Releases and edit the tag and add this current Markdown <details> block _+ the release notes to the tag and release it. Update any instructions that you had to tweak in order to make this release.

• Finally, go to the solution admin UI, click "Update the image" and "Save". After saving, go to the solution page and click "Submit for review" (you must be "Editor" of the jetstack-public project):
  

1.1.0-gcm.6

Changelog

• Fix missing "Application info" that can be seen when clicking on the "Application info" button (see below screenshot). (#42)

  

Notes

📦 Recording of the manual steps of the release process

Since we do not have yet a CD pipeline that would do the work, we prefer documenting every step of the manual process on every single release in order to (1) have a record of what has been done, and (2) be able to remember how to release for the next time.

Information about this release:

deployer image	gcr.io/jetstack-public/jetstack-secure-for-cert-manager/deployer:1.1.0-gcm.6
git tag	1.1.0-gcm.6
commit	acc0e2d
logs	https://console.cloud.google.com/cloud-build/builds/b16ab708-5829-4056-89cc-df59dc8a7748?project=885059085598

Step-by-step process followed:

1. Bump the version number in schema.yaml.

2. Copy-paste the commit you are on to the above table.

3. Make sure to be logged in with gcloud and to have the "Editor" role on the jetstack-public repo.

4. Run a build to create the deployer image:

   V=1.1.0-gcm.6
   gcloud builds submit --project jetstack-public --timeout 1800s --config cloudbuild.yaml \
     --substitutions _CLUSTER_NAME=smoke-test,_CLUSTER_LOCATION=europe-west2-b,_APP_MINOR_VERSION=$(awk 'BEGIN {FS="."}; {print $1 "." $2}' <<<$V),_APP_VERSION=$V

5. Copy-paste the logs link to the above table.

6. Tag the commit that was used to run gcloud builds submit:

   V=1.1.0-gcm.6
   COMMIT=acc0e2d23cfdca104d2353c3d6e530e909a3768f
   git tag $V $COMMIT
   git push --tags

7. Finally, go to the solution admin UI, click "Update the image" and "Save". After saving, go to the solution page and click "Submit for review" (you must be "Editor" of the jetstack-public project):
   

1.1.0-gcm.5

Changelog

• The billing agent was reporting much more than it should have been reporting. (#39)

Notes

📦 Recording of the manual steps of the release process

Since we do not have yet a CD pipeline that would do the work, we prefer documenting every step of the manual process on every single release in order to (1) have a record of what has been done, and (2) be able to remember how to release for the next time.

Information about this release:

deployer image	gcr.io/jetstack-public/jetstack-secure-for-cert-manager/deployer:1.1.0-gcm.5
git tag	1.1.0-gcm.5
commit	c43be00
logs	https://console.cloud.google.com/cloud-build/builds/675b5929-0f7c-446b-8854-7b38c55dec41?project=885059085598

Step-by-step process followed:

1. Bump the version number in schema.yaml and in application.yaml.

2. Copy-paste the commit you are on to the above table.

3. Make sure to be logged in with gcloud and to have the "Editor" role on the jetstack-public repo.

4. Run a build to create the deployer image:

   V=1.1.0-gcm.5
   gcloud builds submit --project jetstack-public --timeout 1800s --config cloudbuild.yaml \
     --substitutions _CLUSTER_NAME=smoke-test,_CLUSTER_LOCATION=europe-west2-b,_APP_MINOR_VERSION=$(awk 'BEGIN {FS="."}; {print $1 "." $2}' <<<$V),_APP_VERSION=$V

5. Copy-paste the logs link to the above table.

6. Tag the commit that was used to run gcloud builds submit:

   V=1.1.0-gcm.5
   COMMIT=c43be00b36f7fd1d01f15771025308b8f5ab69f7
   git tag $V $COMMIT
   git push --tags

7. Finally, go to the solution admin UI, click "Update the image" and "Save". After saving, go to the solution page and click "Submit for review" (you must be "Editor" of the jetstack-public project):
   

1.1.0-gcm.4

Changelog

• The ubbagent heartbeat now works properly. A bug was preventing the ubbagent to report its metrics. The ubbagent is a tiny side-car container to the cert-manager main deployment that reports metrics about the app usage and serve as a way to bill usage. (#36)

Notes

📦 Recording of the manual steps of the release process

Since we do not have yet a CD pipeline that would do the work, we prefer documenting every step of the manual process on every single release in order to (1) have a record of what has been done, and (2) be able to remember how to release for the next time.

Information about this release:

deployer image	gcr.io/jetstack-public/jetstack-secure-for-cert-manager/deployer:1.1.0-gcm.4
git tag	1.1.0-gcm.4
commit	6a81ac9
logs	https://console.cloud.google.com/cloud-build/builds/7d0b489a-be29-43d9-92e4-1562c052fe34?project=885059085598

Step-by-step process followed:

1. Bump the version number in schema.yaml and in application.yaml. Copy-paste it in the above table.
2. Copy-paste the commit you are on here:
3. Make sure to be logged in with gcloud and to have the "Editor" role on the jetstack-public repo.
4. Run a build to create the deployer image:

   V=1.1.0-gcm.5
   gcloud builds submit --project jetstack-public --timeout 1800s --config cloudbuild.yaml \
     --substitutions _CLUSTER_NAME=smoke-test,_CLUSTER_LOCATION=europe-west2-b,_APP_MINOR_VERSION=1.1,_APP_VERSION=$V

5. Copy-paste the logs link to the above table.
6. Tag the commit that was used to run gcloud builds submit:

   git tag $V c43be00b36f7fd1d01f15771025308b8f5ab69f7
   git push --tags

7. Finally, go to the solution admin UI, click "Update the image" and "Save". After saving, go to the solution page and click "Submit for review" (you must be "Editor" of the jetstack-public project):
   

1.1.0-gcm.3

Changelog

• All the components (deployments and services) are now properly showing in the application UI (see below screenshot). (#35)
• ubbagent is now installed as a side-car to the cert-manager controller. (#35)
• The icon now shows properly on the application UI (see below screenshot). (#35)
• The preflight agent is now able to watch more resources instead of just secrets and cert-manager resources. (#35)

1.1.0-gcm.2

Changelog

• The Application UI on Google Cloud should now show most components, A component is a Kubernetes deployment, a service, or anything that was created for the purpose of the application.
• Note that two components are still not showing (cainjector and webhook), we will fix that in 1.1.0-gcm.3.
• Some deployment names are confusing, like "controller" that corresponds to the google-cas-issuer. The cert-manager-controller deployment is named after your application and does not contain -controller at the end.
• The icon of the application on the Application UI has no icon, although we tried adding one. We will be fixing that in a later release.

Here is a view of the Application UI after installing the application: