I was trying to figure out what needs to be done to setup things around Helm chart promotion as an OCI artifact and I was hoping that it would be very similar to the images of the driver as both charts and container images are OCI artifacts.
Here is what I think we can do during the release process and I would appreciate your thoughts on this:
-
Someone with write access on dranet repo pushes a release tag
git tag -a v1.1.1 -m "Release v1.1.1"
git push origin v1.1.1
The Prow postsubmit job post-dranet-image in k8s-staging-dranet.yaml kicks off and triggers the cloud build run based on our cloudbuild.yaml.
-
cloudbuild.yaml runs two steps:
make release - which builds and pushes the image to staging repo - gcr.io/k8s-staging-networking/dranet:<_GIT_TAG>
make helm-push (TODO) - which packages and pushes the chart as an OCI artifact to the same staging repo - gcr.io/k8s-staging-networking/charts/dranet:<_GIT_TAG> (TODO)
-
We obtain artifact digests
Once the cloud build run succeeds, we will retrieve the SHA for both artifacts from the build output or we just run
crane digest gcr.io/k8s-staging-networking/dranet:<_GIT_TAG>
crane digest gcr.io/k8s-staging-networking/charts/dranet:<_GIT_TAG>
-
We then promote artifacts from staging to production registry
So here, we open up a PR to k8s.io dranet/images.yaml. So, on top of already existing dranet entry we will have charts/dranet entry
- name: dranet
dmap:
"sha256:<IMAGE_DIGEST>": ["v1.1.1"]
...
- name: charts/dranet
dmap:
"sha256:<CHART_DIGEST>": ["v1.1.1"]Once the PR is merged, the post-k8sio-image-promo postsubmit job in k8s.io/test-infra will promote both artifacts.
-
Finally, we double check that artifacts are promoted
crane digest registry.k8s.io/networking/dranet:v1.1.1
helm show chart oci://registry.k8s.io/networking/charts/dranet --version 1.1.1
# or
helm install dranet oci://registry.k8s.io/networking/charts/dranet --version 1.1.1
Does this sound correct to you?
Is that okay that we keep helm chart artifact under the same dranet/images.yaml so that we avoid creating a separate staging repo and google groups, etc?
I was trying to figure out what needs to be done to setup things around Helm chart promotion as an OCI artifact and I was hoping that it would be very similar to the images of the driver as both charts and container images are OCI artifacts.
Here is what I think we can do during the release process and I would appreciate your thoughts on this:
Someone with write access on dranet repo pushes a release tag
git tag -a v1.1.1 -m "Release v1.1.1" git push origin v1.1.1The Prow postsubmit job
post-dranet-imagein k8s-staging-dranet.yaml kicks off and triggers the cloud build run based on our cloudbuild.yaml.cloudbuild.yaml runs two steps:
make release- which builds and pushes the image to staging repo -gcr.io/k8s-staging-networking/dranet:<_GIT_TAG>make helm-push(TODO) - which packages and pushes the chart as an OCI artifact to the same staging repo -gcr.io/k8s-staging-networking/charts/dranet:<_GIT_TAG>(TODO)We obtain artifact digests
Once the cloud build run succeeds, we will retrieve the SHA for both artifacts from the build output or we just run
We then promote artifacts from staging to production registry
So here, we open up a PR to k8s.io dranet/images.yaml. So, on top of already existing dranet entry we will have charts/dranet entry
Once the PR is merged, the post-k8sio-image-promo postsubmit job in k8s.io/test-infra will promote both artifacts.
Finally, we double check that artifacts are promoted
crane digest registry.k8s.io/networking/dranet:v1.1.1 helm show chart oci://registry.k8s.io/networking/charts/dranet --version 1.1.1 # or helm install dranet oci://registry.k8s.io/networking/charts/dranet --version 1.1.1Does this sound correct to you?
Is that okay that we keep helm chart artifact under the same dranet/images.yaml so that we avoid creating a separate staging repo and google groups, etc?