1313 - [ Implementation Details/Notes/Constraints] ( #implementation-detailsnotesconstraints )
1414 - [ Using OBS instead of manually building and hosting packages] ( #using-obs-instead-of-manually-building-and-hosting-packages )
1515 - [ How Open Build Service works?] ( #how-open-build-service-works )
16- - [ OBS configuration and packages layout] ( #obs-configuration-and-packages-layout )
16+ - [ Packages, Operating Systems, and Architectures in Scope] ( #packages-operating-systems-and-architectures-in-scope )
17+ - [ Repository Layout] ( #repository-layout )
18+ - [ Projects and Packages in OBS] ( #projects-and-packages-in-obs )
1719 - [ Packages in OBS] ( #packages-in-obs )
1820 - [ Package Sources] ( #package-sources )
1921 - [ Package Specs] ( #package-specs )
@@ -202,30 +204,41 @@ to interact via the web interface. Currently there are no (Go) libraries that we
202204
203205[ osc ] : https://openbuildservice.org/help/manuals/obs-user-guide/cha.obs.osc.html
204206
205- #### OBS configuration and packages layout
207+ #### Packages, Operating Systems, and Architectures in Scope
206208
207209We'll publish Debian-based (` deb ` ) and RPM-based (` rpm ` ) packages. Packages will be published for the following
208- architectures: ` aarch64 ` , ` armv7l ` , ` ppc64le ` , ` s390x ` , ` x86_64 ` . We'll build packages on the following operating
209- systems and architectures:
210+ architectures:
211+
212+ * ` x86_64 ` (` amd64 ` )
213+ * ` aarch64 `
214+ * ` armv7l ` (` arm ` )
215+ * ` ppc64le `
216+ * ` s390x `
217+
218+ We'll ** build** packages for those architectures on the following Operating Systems:
210219
211220- Ubuntu 20.04 (` aarch64 ` , ` armv7l ` , ` ppc64le ` , ` s390x ` , ` x86_64 ` )
212221- CentOS Stream 8 (` aarch64 ` , ` ppc64le ` , ` x86_64 ` )
222+ - CentOS Stream 8 doesn't support ` armv7l ` and ` s390x ` on OBS, hence, we use OpenSUSE Factory which does support
223+ those architectures
213224- OpenSUSE Factory (` armv7l ` , ` s390x ` )
214225
215- Note: those operating systems are used as ** builders** . The resulting packages are supposed to work on any Debian-based
226+ Those operating systems are used as ** builders** . The resulting packages are supposed to work on any Debian-based
216227and RPM-based distribution, respectively. Those distributions were chosen based on recommendations from the OBS team
217228to provide the best compatibility with all all Debian-based and RPM-based distributions.
218229
219230The following packages will be published for all operating system and architectures listed earlier. For simplicity,
220231we'll refer to those as packages as the ** core packages** :
221232
222- - ` cri-tools `
223- - ` kubeadm `
224- - ` kubectl `
225- - ` kubelet `
226- - ` kubernetes-cni `
233+ - cri-tools
234+ - kubeadm
235+ - kubectl
236+ - kubelet
237+ - kubernetes-cni
238+
239+ #### Repository Layout
227240
228- We'll use this layout for the core packages:
241+ We'll use this layout when creating repositories for the ** core packages** :
229242
230243- ** ` ${channel} ` ** : can be ` stable ` , ` dev ` , ` nightly `
231244 - ` stable ` : all official releases for ` ${k8s_release} `
@@ -237,43 +250,60 @@ We'll use this layout for the core packages:
237250- ** ` ${k8s_release} ` ** : the version of Kubernetes ` <major>.<minor> `
238251 (e.g. ` 1.12 ` , ` 1.13 ` , ` 1.14 ` , ...)
239252
240- In OBS, this layout replicates as:
253+ #### Projects and Packages in OBS
254+
255+ Speaking of OBS, ** Packages** are located in ** Projects** . We'll use two different types of projects:
256+
257+ - Building/Staging project - we'll build packages in a project of this type
258+ - Publishing/Maintenance project - we'll publish packages from a project of this type
259+
260+ The reason for using two different types of projects is that OBS doesn't keep previously published packages.
261+ For example, if we publish v1.26.0, and then v1.26.1, after v1.26.1 is published, the v1.26.0 package is removed.
262+ To be able to keep all packages/versions (e.g. v1.26.0 and v1.26.1), we need to publish packages from the
263+ maintenance project.
264+
265+ The repository layout mentioned earlier replicates in OBS as:
241266
242267- The root OBS project is [ ** ` isv:kubernetes ` ** ] ( https://build.opensuse.org/project/show/isv:kubernetes )
243- - ** ` core ` ** subproject will be created in the root project to be used for the core packages
244- - In the future, we might want to allow other subprojects to use OBS, so we want to properly layout our root project
245- - Each ** ` ${channel} ` ** has a subproject in the ** ` core ` ** project (e.g. ** ` isv:kubernetes:core:stable ` ** )
246- - Each ** ` ${k8s_release} ` ** has a subproject in the ** ` ${channel} ` ** subproject
268+ - ** ` core ` ** subproject of the root project will be created to be used for ** core packages**
269+ - In the future, we might decide to publish other packages (e.g. Minikube), so we want to have
270+ a proper and scalable layout from the beginning
271+ - Each ** ` ${channel} ` ** has a subproject of the ** ` core ` ** project (e.g. ** ` isv:kubernetes:core:stable ` ** )
272+ - Each ** ` ${k8s_release} ` ** has a ** publishing** subproject of the ** ` ${channel} ` ** subproject
247273 (e.g. ** ` isv:kubernetes:core:stable:v1.26 ` ** )
248- - Packages are published to this subproject. Other subprojects are only placeholders
249- for ** ` ${k8s_release} ` ** subprojects
274+ - We'll publish our packages from this project
275+ - Each ** ` ${k8s_release} ` ** has a ** building** subproject as a subproject of the appropriate publishing subproject
276+ (e.g. ** ` isv:kubernetes:core:stable:v1.26:stage ` ** )
277+ - We'll build packages in this project
250278
251279Having ** ` ${k8s_release} ` ** subproject as a subproject of ** ` ${channel} ` ** is required so we can build multiple
252- releases in parallel. Otherwise, we would have to build a mechanism to wait for ongoing build process to be done
253- before starting the build process for the next release in the pipeline. This is because if changes are pushed to
254- the package, the ongoing build process is aborted. Running builds sequentially is not an option because
255- that would slow down the release process too much.
256-
257- The subprojects can be created manually via the web interface. Upon creating a ** ` ${k8s_release} ` ** subproject,
258- the target operating systems and architectures (listed at the beginning of this subheading) must be configured for
259- the subproject (via the Repositories option). This is to be done by the Release Managers before cutting the first
260- alpha release for that minor release.
280+ releases in parallel. This is because if changes are pushed to the package, the ongoing build process is aborted.
281+ Running builds sequentially is not an option because that would slow down the release process too much.
261282
262- Note: it's important to ensure that the subproject and created packages are configured in a way to keep
263- previous build (i.e. previous patch releases).
283+ Mentioned subprojects can be created manually via the web interface. Upon creating appropriate ** ` ${k8s_release} ` **
284+ subprojects, the target operating systems and architectures (listed earlier) must be configured for those subprojects
285+ (via the Repositories option). Additionally, some meta configuration is needed to declare the projects as publishing
286+ and building. This is to be done by the Release Managers before cutting the first alpha release for that minor release.
287+ The concrete configuration steps will be documented outside of this KEP, as part of the Release Managers Handbook.
288+ We'll also consider automating this in some form.
264289
265290#### Packages in OBS
266291
267- Before pushing packages, a ** Package** object must be created in each ** ` ${k8s_release} ` ** subproject for each package
268- that we want to publish. This can be done via the ` osc ` command-line tool or the web interface. The created package
269- inherits information about the target operating systems and architectures from the subproject. Creating packages is
270- to be done by the Release Managers before cutting the first alpha release for that minor release.
292+ ** Package** object must be created in the ** ` ${k8s_release} ` ** ** building** subproject for each package that we want
293+ to build and publish. This can be done via the ` osc ` command-line tool or the web interface. The created package
294+ inherits information about the target operating systems and architectures from the subproject.
271295
272- Once all Package objects are created, sources and spec files can be pushed to those packages using ` osc ` .
296+ Creating packages is to be done by the Release Managers before cutting the first alpha release for that minor release.
297+ We'll consider automating this in some form.
298+
299+ Packages in the ** publishing** subproject are created automatically for each published build. Those automatically
300+ packages are named as ` <package-name>.<timestamp> ` , e.g. ` kubectl.20230120135613 ` . This naming schema doesn't affect
301+ package managers or users, i.e. those packages are still installable by their original name
302+ (e.g. ` apt install kubectl=1.26.0* ` ). More about building and publishing packages is explained in the next sections.
273303
274304#### Package Sources
275305
276- We'll push pre-built binaries to OBS instead of pushing sources and then building binaries in the OBS pipeline.
306+ We'll build packages using pre-built binaries instead of pushing sources and then building binaries in the OBS pipeline.
277307The reasoning for this is:
278308
279309- We already have our own release pipeline. Adding another release pipeline would increase the maintenance burden for
@@ -290,6 +320,7 @@ storage. The structure of the tarball is supposed to be:
290320
291321- Root of tarball:
292322 - LICENSE file
323+ - README.md file
293324 - All accompanying files (e.g. systemd units)
294325 - Subdirectory for each target architecture:
295326 - Binary for that architecture (e.g. ` kubectl ` )
@@ -308,14 +339,16 @@ The starting point for creating RPM specs is going to be the [RPM specs currentl
308339The following changes are needed to those RPM specs:
309340
310341- Parametrize specs so the build tooling is able to pick a binary for the correct target architecture
342+ - Provide additional metadata needed for building Debian-based packages
311343- Ensure all spec files are passing rpm-lint
312344
313- The reason for dropping deb specs is that maintaining and generating those specs is much more complicated than
345+ The reason for dropping deb specs is that maintaining and generating those specs is more complicated than
314346maintaining RPM specs. Considering that we use pre-built binaries, we can easily convert RPM specs to Debian specs
315- using the [ ` debbuild ` tool] [ debbuild ] . The ` debbuild ` tool is already available in the OBS pipeline. This tool
316- can also be used by distributors if they want to build deb packages on their own.
347+ automatically using the [ ` debbuild ` tool] [ debbuild ] . The ` debbuild ` tool is already available in the OBS pipeline.
348+ This tool can also be used by distributors if they want to build deb packages on their own.
317349
318- The RPM specs will be generated by ` kubepkg ` , which already supports this. We only need to update the spec files.
350+ The RPM specs will be generated by ` kubepkg ` , which already supports this. That said, we only need to update the spec
351+ files.
319352
320353[ kubepkg-rpm ] : https://github.com/kubernetes/release/tree/e10a44f8f9a9c08441260574e3d2a8711031fafe/cmd/kubepkg/templates/latest/rpm
321354[ debbuild ] : https://github.com/debbuild/debbuild
@@ -328,14 +361,25 @@ the user management, described below). We'll consider automating those steps in
328361
329362The workflow for publishing packages is:
330363
331- - Authenticate to OBS via ` osc `
332- - Pull all packages that we'll be publishing from OBS using ` osc `
333- - Regenerate specs for all packages using ` kubepkg `
334- - Generate the sources tarballs for all packages using ` kubepkg `
335- - Commit all changes and push them to OBS using ` osc `
336- - Wait for packages to be built and published successfully
364+ - Authenticate to OBS via ` osc ` and pull existing packages from the appropriate ** building subproject**
365+ - Update specs and generate the sources tarball using ` kubepkg `
366+ - Commit changes and push them to the ** building subproject**
367+ - Wait for packages to be built
337368 - There's [ RabbitMQ] [ obs-rabbitmq ] available that we can use to listen for events
338369 - This might not be feasible for all architectures, for example, building for ` s390x ` can take quite a while
370+ - Once packages are built, release those packages by running ` osc release `
371+ - Releasing (or publishing) packages means taking them from the ** building subproject** and publishing them
372+ from the ** publishing subproject** . This step makes packages available to end users
373+ - As described earlier, this ensures we keep previous builds and versions (e.g. both v1.26.0 and v1.26.1)
374+
375+ ``` mermaid
376+ flowchart
377+ Authenticate --> Checkout[Checkout/Clone packages]
378+ Checkout --> Gen[Generate specs and sources]
379+ Gen --> Push[Push changes to OBS]
380+ Push --> Wait[Wait for builds]
381+ Wait --> Release[Release builds]
382+ ```
339383
340384Ideally and optionally, publishing/promoting a package means to commit a change
341385to a configuration file which triggers a "package promotion tool", which:
0 commit comments