-
Notifications
You must be signed in to change notification settings - Fork 719
0‐Chart Owners
Chart owners must only target the dev-v2.*
branches.
A chart owner should never merge anything on a release-v2.*
branch.
Those branches (release-v2.*
) are the responsibility of the release team only
.
Since this repository uses rancher/charts-build-scripts
, making changes to this repository involves three steps:
- Adding or modifying an existing
Package
tracked in thepackages/
directory usually involves:make prepare
make patch
make clean
- Running
make charts
to automatically generate assets used to serve a Helm repository (charts/
,assets/
, andindex.yaml
) based on the contents ofpackages/
. - [CI] Running
make validate
to ensure that all generated assets are up-to-date and ready to be merged.
TIP
:
Specify the package on the make prepare; make patch; make charts
so you avoid modifying any other in-development charts that is not your own.
e.g.,:
PACKAGE=rancher-webhook make prepare
PACKAGE=rancher-webhook make patch
make clean
PACKAGE=rancher-webhook make charts
Or for working with specific versions see rancher-istio
workflow example:
PACKAGE=rancher-istio/1.18/rancher-istio make prepare
PACKAGE=rancher-istio/1.18/rancher-istio make patch
make clean
PACKAGE=rancher-istio/1.18/rancher-istio make charts
More info at: 3-Makefile
A new build artifact was introduced in v2.7.0 of Rancher, titled rancher-image-origins.txt
, which denotes the source code repository (github repository) of each image used in Charts and System-Charts.
When adding new dependencies to dev-2.7+, a PR must first be raised and merged in the Rancher repository with the required changes to the pkg/image/origins.go
file.
This ensures that the artifact is up-to-date with the latest images, and will prevent build failures within Rancher when attempting to generate the artifact. Changes to this file are not required when updating versions of existing dependencies.
Two kinds of charts exist in this repository. For each type, the versioning is different.
- upstream charts
- local charts.
In this repository, all packages specify the version
field in the package.yaml
.
The upstream charts follow this versioning: 1.0.#+upX.Y.Z
X
.Y
.Z
is the upstream chart's major
.minor
.patch
The 1.0.#
versioning scheme roughly corresponds to the following rules (with exceptions):
-
Major Version: represents the Rancher minor version these charts are being released to.
- Anything less than
100
: Rancher 2.5 -
100
: Rancher 2.6 -
101
and102
: Rancher 2.7 -
103
: Rancher 2.8 -
104
: Rancher 2.9 - etc.
- Anything less than
- Minor Version: represents a release line of a given chart within a Rancher minor version.
- Patch Version: represents a patch to a given release line of a chart within a Rancher minor version.
For more information on how package versioning works, please see 1-Developing.
- For local charts, we don't follow any complex versioning scheme. Only one
semver
, versioning schemex.x.x
is being followed.
In addition to modifying the chart version, the catalog.cattle.io/rancher-version
annotation is required for user-facing charts that show up in Rancher UI; there is no need to add the annotation to CRD charts or internal charts (like fleet).
General guidelines when releasing a new version of a user-facing chart:
-
Ensure the chart has the annotation
catalog.cattle.io/rancher-version
with a lower and upper bound, such as>= 2.6.0-0 < 2.7.0-0
.-
This indicates that a fresh install of the chart should be allowed in any version of Rancher over
2.6.0-0
and below2.7.0-0
line. -
It should be freshly installable in
2.6.0+
, but should not be freshly installable in Rancher2.7.0+
. The lower bound is particularly useful for charts that will not work in an older version of Rancher, e.g.catalog.cattle.io/rancher-version: >= 2.6.2-0 < 2.7.0-0
indicates that this chart should only be freshly installable in Rancher2.6.2+
, but should not be freshly installable inRancher 2.7.0+
. -
If you do this, it is also recommended that you modify the previously released chart to have
catalog.cattle.io/rancher-version: < 2.6.2-0
. For instructions on how to modify existing charts, see 1-Developing.
-
-
Ensure the chart has the annotation
catalog.cattle.io/kube-version
with a lower and upper bound, such as>= 1.16.0-0 < 1.25.0-0
.- This indicates that a fresh install of the chart should be allowed in a cluster with any version of Kubernetes over
1.16.0
and below1.25.0
line. It should be freshly installable in a1.16.0+
cluster, but should not be freshly installable in1.25.0+
.
- This indicates that a fresh install of the chart should be allowed in a cluster with any version of Kubernetes over
-
Do we directly backport charts to previous Rancher minor versions (e.g. make
100.x.x
available in Rancher2.5
)?-
No, we do not. If a fix needs to go to both Rancher
2.5
andv2.6
, we just release a new chart in each branch. Then, we forward-port the one released in therelease-v2.5
branch torelease-v2.6
. -
If a fix that went into Rancher
2.6
needs to be backported to Rancher2.5
, it will be the developer's responsibility to bump the chart version indev-v2.5
, copy back the changes, and release a new chart following the Rancher2.5
versioning scheme torelease-v2.5
.
-
-
If Rancher
2.5
releases Monitoring14.5.100
and16.6.0
and Rancher2.6
releases Monitoring100.0.0+up14.5.100
and100.0.1+up16.6.0
, how do we prevent users from "downgrading" from16.6.0
to100.0.0+up14.5.100
on ahelm upgrade
after upgrading Rancher minor versions?-
Currently, this is unavoidable. There is an expectation that users should look at the upstream annotation on the chart version (e.g.
+upX.Y.Z
), read the Rancher minor version release notes, or consult the chart'sREADME.md
orapp-README.md
before performing an upgrade on their applications after migrating to a new Rancher minor version. -
We are still looking for a better way to mitigate this kind of risk.
-
-
For Rancher version annotations, why don't we need to add the lower bound all the time?
- Each Rancher minor version has its dedicated chart release branch (e.g.
release-v2.5
,release-v2.6
, etc.), so a chart designed for Rancher2.6.x
will never be available or show up in Rancher2.5.x
; therefore, we do not need to worry about setting a lower bound of> 2.5.99-0
on all charts.
- Each Rancher minor version has its dedicated chart release branch (e.g.
Currently, the scripts used to generate the rancher-images.txt
(used for mirroring a private registry in a air-gapped Rancher setup) rely on values.yaml
files in charts that nest all image repository and tags used by the Helm chart under repository
and tag
fields.
For example:
image: org/repo:v0.0.0 # will not be picked up
hello:
world:
# will be picked up, even though it is nested under hello.world.*
repository: org/repo
tag: v0.0.0
os: windows # optional, takes in a comma-delimited list of supported OSs. By default, the OS is assumed to be "linux" but you can specify "windows" or "linux,windows" as well.
Therefore, any charts that are committed into this repository must nest references to Docker images in this format within each chart's values.yaml
; if an upstream chart you are referencing does not follow this format, it is recommended that you refactor the chart's values.yaml to look like this:
images:
config_reloader:
repository: rancher/mirrored-jimmidyson-configmap-reload
tag: v0.4.0
fluentbit:
repository: rancher/mirrored-fluent-fluent-bit
tag: 1.7.9
fluentbit_debug:
repository: rancher/mirrored-fluent-fluent-bit
tag: 1.7.9-debug
fluentd:
repository: rancher/mirrored-banzaicloud-fluentd
tag: v1.12.4-alpine-1
nodeagent_fluentbit:
os: "windows"
repository: rancher/fluent-bit
tag: 1.7.4
Please create your Pull Request title following this rule:
[dev-v2.X] <chart> <version> <action>
[release-v2.X] <chart> <version> <action>
A working example:
[dev-v2.8] rancher-istio 103.2.0+up1.19.6 update
-
<chart>
: The full name of the charts exactly how it is written under/charts folder
-
<version>
: The full version of the chart, exactly how it is written underrelease.yaml
-
<action>
:update
;remove
;add
What you should keep in mind for releasing charts:
- Each Pull Request should only modify one chart with its dependencies.
- Each chart version in release.yaml DOES NOT modify an already released chart. If so, stop and modify the versions so that it releases a net-new chart.
- Each chart version in release.yaml IS exactly 1 more patch or minor version than the last released chart version. If not, stop and modify the versions so that it releases a net-new chart.
- The
index.yaml
file has an entry for your new chart version. - The
index.yaml
entries for each chart matches theChart.yaml
for each chart. - Each chart has ALL required annotations
- kube-version annotation
- rancher-version annotation
- permits-os annotation (indicates Windows and/or Linux)