Skip to content

Commit 12f8fbe

Browse files
michi-covalentjoestringer
michi-covalent
and
joestringer
committed
Create new converged helm release tool
This one now pulls from the official repository (either Cilium or Tetragon), and uses cosign to pull the official digests for Cilium. Signed-off-by: Michi Mutsuzaki <[email protected]> Co-authored-by: Joe Stringer <[email protected]> Signed-off-by: Joe Stringer <[email protected]>
1 parent 26b1954 commit 12f8fbe

6 files changed

+111
-112
lines changed

RELEASE.md

+9-1
Original file line numberDiff line numberDiff line change
@@ -1,8 +1,16 @@
1+
# Releasing a new Cilium chart
2+
3+
To release a new Cilium chart for a tag (e.g. `v0.8.0`), run:
4+
5+
./generate_helm_release.sh cilium v0.8.0
6+
7+
and open a pull request against master branch.
8+
19
# Releasing a new Tetragon chart
210

311
To release a new Tetragon chart for a tag (e.g. `v0.8.0`), run:
412

5-
./prepare_tetragon_artifacts.sh v0.8.0
13+
./generate_helm_release.sh tetragon v0.8.0
614

715
and open a pull request against master branch.
816

fix_dates.sh

-22
This file was deleted.

generate_helm_release.sh

+84
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,84 @@
1+
#!/usr/bin/env bash
2+
3+
set -ex
4+
shopt -s expand_aliases
5+
6+
DOCKER=${DOCKER:-docker}
7+
8+
cosign() {
9+
"${DOCKER}" run --rm gcr.io/projectsigstore/cosign:v2.2.4 "$@"
10+
}
11+
12+
helm() {
13+
"${DOCKER}" run --user "$(id -u):$(id -g)" --rm -v "$(pwd)":/apps alpine/helm:3.12.0 "$@"
14+
}
15+
16+
jq () {
17+
"${DOCKER}" run --rm -i ghcr.io/jqlang/jq:1.7.1 "$@"
18+
}
19+
20+
usage() {
21+
>&2 echo "usage: $0 <project> <version>"
22+
>&2 echo
23+
>&2 echo "example: $0 cilium v1.15.0"
24+
>&2 echo "example: $0 tetragon v1.2.0"
25+
}
26+
27+
# $1 - project
28+
# $2 - version
29+
main() {
30+
PROJECT="$1"
31+
version="$2"
32+
ersion="$(echo $version | sed -e 's/^v//')"
33+
34+
if [ "$PROJECT" != cilium ] && [ "$PROJECT" != "tetragon" ] ; then
35+
echo "bad project $PROJECT"
36+
usage
37+
exit 1
38+
fi
39+
40+
if echo "$ersion" | grep "^[0-9]+\.[0-9]+\.[0-9]+[0-9a-zA-Z-_.]*$" ; then
41+
echo "bad version '$version'"
42+
usage
43+
exit 1
44+
fi
45+
46+
CWD=$(git rev-parse --show-toplevel)
47+
chart_dir="${PROJECT}/install/kubernetes"
48+
rm -rf "${PROJECT}"
49+
git clone --depth 1 --branch "$version" "https://github.com/cilium/${PROJECT}.git"
50+
cd "${chart_dir}" || exit
51+
52+
## Cilium generate helm from templates (digest substitution)
53+
if [ "${PROJECT}" == "cilium" ]; then
54+
grep export < Makefile.digests | while IFS= read -r line; do
55+
variable_name=$(echo "$line" | cut -d ' ' -f 2)
56+
image=$(echo "$variable_name" | sed -e "s/_DIGEST$//" | tr '[:upper:]' '[:lower:]' | tr '_' '-')
57+
digest=$(cosign verify --certificate-github-workflow-repository "cilium/${PROJECT}" \
58+
--certificate-oidc-issuer https://token.actions.githubusercontent.com \
59+
--certificate-github-workflow-name "Image Release Build" \
60+
--certificate-github-workflow-ref "refs/tags/${version}" \
61+
--certificate-identity "https://github.com/cilium/${PROJECT}/.github/workflows/build-images-releases.yaml@refs/tags/${version}" \
62+
"quay.io/cilium/${image}:${version}" 2>/dev/null | jq '.[].critical.image.["docker-manifest-digest"]')
63+
echo "export $variable_name := $digest" >> Makefile.digests.tmp
64+
done
65+
66+
mv Makefile.digests.tmp Makefile.digests
67+
68+
# TODO i don't want to have to specify CILIUM_BRANCH. struggle.
69+
make RELEASE=yes CILIUM_BRANCH=main CILIUM_VERSION="${version}"
70+
71+
>&2 echo "Debugging the diff in cilium tree"
72+
git --no-pager diff
73+
fi
74+
75+
helm package "${PROJECT}"
76+
cd -
77+
helm repo index --merge index.yaml "${PROJECT}/install/kubernetes"
78+
mv "${chart_dir}/${PROJECT}-${ersion}".tgz "${chart_dir}/index.yaml" "${CWD}"
79+
./generate_readme.sh > README.md
80+
git add README.md index.yaml "${PROJECT}-${ersion}".tgz
81+
git commit -s -m "Add ${PROJECT} $version@$(cd ${PROJECT}; git rev-parse HEAD)"
82+
}
83+
84+
main "$@"

index.yaml

+18-18
Original file line numberDiff line numberDiff line change
@@ -723,7 +723,7 @@ entries:
723723
can be used for pooled IPAM (i.e. the multi-pool IPAM mode).\n"
724724
apiVersion: v2
725725
appVersion: 1.15.1
726-
created: "2024-02-15T00:44:36+00:00"
726+
created: "2024-02-15T00:44:36Z"
727727
description: eBPF-based Networking, Security, and Observability
728728
digest: f5e9ba3b7a98fb1d391ff98b3af0bb711f61aa2d585b24554c1b2946fe5d5ea1
729729
home: https://cilium.io/
@@ -2123,7 +2123,7 @@ entries:
21232123
CiliumPodIPPool defines an IP pool that can be used for pooled IPAM (i.e. the multi-pool IPAM mode).
21242124
apiVersion: v2
21252125
appVersion: 1.14.7
2126-
created: "2024-02-14T17:23:58+00:00"
2126+
created: "2024-02-14T17:23:58Z"
21272127
description: eBPF-based Networking, Security, and Observability
21282128
digest: f7646084f91f3e994e102d41a22672b73459d66cac3a90ef23e7ecb601dccd1b
21292129
home: https://cilium.io/
@@ -2848,7 +2848,7 @@ entries:
28482848
CiliumPodIPPool defines an IP pool that can be used for pooled IPAM (i.e. the multi-pool IPAM mode).
28492849
apiVersion: v2
28502850
appVersion: 1.14.2
2851-
created: "2023-09-12T21:21:56+00:00"
2851+
created: "2023-09-12T21:21:56Z"
28522852
description: eBPF-based Networking, Security, and Observability
28532853
digest: 5ed64fbbf48e5d226ef0080eb2c6c00f156f4505a795d637bd2f365c2fad82aa
28542854
home: https://cilium.io/
@@ -4593,7 +4593,7 @@ entries:
45934593
nodes indicated by a label selector.
45944594
apiVersion: v2
45954595
appVersion: 1.13.12
4596-
created: "2024-02-14T22:53:02+00:00"
4596+
created: "2024-02-14T22:53:02Z"
45974597
description: eBPF-based Networking, Security, and Observability
45984598
digest: 0c9a0dde02714958ed4b867d3e2f05d1198d16b397bf3fa33b025c889af83961
45994599
home: https://cilium.io/
@@ -5223,7 +5223,7 @@ entries:
52235223
nodes indicated by a label selector.
52245224
apiVersion: v2
52255225
appVersion: 1.13.7
5226-
created: "2023-09-12T23:39:40+00:00"
5226+
created: "2023-09-12T23:39:40Z"
52275227
description: eBPF-based Networking, Security, and Observability
52285228
digest: 1587cad2e38ccd6cfa14efb77acc65134bcdb6a2f4c9e2ad0136e2836cd6ef3f
52295229
home: https://cilium.io/
@@ -6991,7 +6991,7 @@ entries:
69916991
advertise LoadBalancer Services to BGP peers defined by Cilium BGP Peering Policies.
69926992
apiVersion: v2
69936993
appVersion: 1.12.19
6994-
created: "2024-02-14T22:54:25+00:00"
6994+
created: "2024-02-14T22:54:25Z"
69956995
description: eBPF-based Networking, Security, and Observability
69966996
digest: fbf91a226958031533dda75ac3709b3d4fac53ebad8db479f26d6f49dcd758eb
69976997
home: https://cilium.io/
@@ -7626,7 +7626,7 @@ entries:
76267626
advertise LoadBalancer Services to BGP peers defined by Cilium BGP Peering Policies.
76277627
apiVersion: v2
76287628
appVersion: 1.12.14
7629-
created: "2023-09-13T17:07:12+00:00"
7629+
created: "2023-09-13T17:07:12Z"
76307630
description: eBPF-based Networking, Security, and Observability
76317631
digest: a64c6e09df5ae167c08933ad7cee4f74c99fcd36a212d6a4735ddb5a2a9a9f70
76327632
home: https://cilium.io/
@@ -8642,7 +8642,7 @@ entries:
86428642
advertise LoadBalancer Services to BGP peers defined by Cilium BGP Peering Policies.
86438643
apiVersion: v2
86448644
appVersion: 1.12.6
8645-
created: "2023-01-27T13:40:03+00:00"
8645+
created: "2023-01-27T13:40:03Z"
86468646
description: eBPF-based Networking, Security, and Observability
86478647
digest: 6aec70462fa8b9b2aab7e09bedfb35986b4e63393dd4a831162dda9998abce17
86488648
home: https://cilium.io/
@@ -8896,7 +8896,7 @@ entries:
88968896
advertise LoadBalancer Services to BGP peers defined by Cilium BGP Peering Policies.
88978897
apiVersion: v2
88988898
appVersion: 1.12.4
8899-
created: "2022-11-17T22:50:18+00:00"
8899+
created: "2022-11-17T22:50:18Z"
89008900
description: eBPF-based Networking, Security, and Observability
89018901
digest: 77a5d01136c7e25ef6e9ed33cd89187fe8c562f661a82dd13c64e0ebc32f5638
89028902
home: https://cilium.io/
@@ -10599,7 +10599,7 @@ entries:
1059910599
leaves the cluster and which source addresses to use for that traffic.
1060010600
apiVersion: v2
1060110601
appVersion: 1.11.13
10602-
created: "2023-01-27T13:38:10+00:00"
10602+
created: "2023-01-27T13:38:10Z"
1060310603
description: eBPF-based Networking, Security, and Observability
1060410604
digest: 81b742bb4742415b6ef221fb9ef981a66fbb480de5b6f7754c32147d7af797b6
1060510605
home: https://cilium.io/
@@ -10783,7 +10783,7 @@ entries:
1078310783
leaves the cluster and which source addresses to use for that traffic.
1078410784
apiVersion: v2
1078510785
appVersion: 1.11.11
10786-
created: "2022-11-17T22:58:28+00:00"
10786+
created: "2022-11-17T22:58:28Z"
1078710787
description: eBPF-based Networking, Security, and Observability
1078810788
digest: 2f5093234419af154097241a856747d4ed5d6aad915572a0d2a1e6b7392825bd
1078910789
home: https://cilium.io/
@@ -12258,7 +12258,7 @@ entries:
1225812258
IP addressing and whether the networking is succesfully operational.
1225912259
apiVersion: v2
1226012260
appVersion: 1.10.19
12261-
created: "2023-01-27T13:08:16+00:00"
12261+
created: "2023-01-27T13:08:16Z"
1226212262
description: eBPF-based Networking, Security, and Observability
1226312263
digest: 7d3907e13df26442bd3000571d012de609bbef1d715d462c6e9598ea9702d2e8
1226412264
home: https://cilium.io/
@@ -12412,7 +12412,7 @@ entries:
1241212412
IP addressing and whether the networking is succesfully operational.
1241312413
apiVersion: v2
1241412414
appVersion: 1.10.17
12415-
created: "2022-11-17T22:58:51+00:00"
12415+
created: "2022-11-17T22:58:51Z"
1241612416
description: eBPF-based Networking, Security, and Observability
1241712417
digest: d249e2b9f21026344885c2e6275596ab582dee0282757856f17f6f5a54d85718
1241812418
home: https://cilium.io/
@@ -17376,7 +17376,7 @@ entries:
1737617376
version: 1.0.0-rc.5
1737717377
- apiVersion: v2
1737817378
appVersion: 1.0.0-rc.3
17379-
created: "2023-10-26T16:52:39+00:00"
17379+
created: "2023-10-26T16:52:39Z"
1738017380
description: Helm chart for Tetragon
1738117381
digest: ec15c4237d1d8290274c58c686a877063742fc38dda3b8bab11254b2e7437506
1738217382
name: tetragon
@@ -17406,7 +17406,7 @@ entries:
1740617406
version: 1.0.0-rc.1
1740717407
- apiVersion: v2
1740817408
appVersion: 0.11.0
17409-
created: "2023-09-01T09:14:42+00:00"
17409+
created: "2023-09-01T09:14:42Z"
1741017410
description: Helm chart for Tetragon
1741117411
digest: b25a179743c08fe5e2139b514412dacf66f649ef681002dacb4f66458dc4b301
1741217412
name: tetragon
@@ -17446,7 +17446,7 @@ entries:
1744617446
version: 0.8.4
1744717447
- apiVersion: v2
1744817448
appVersion: 0.8.3
17449-
created: "2022-10-20T18:05:19+00:00"
17449+
created: "2022-10-20T18:05:19Z"
1745017450
description: Helm chart for Tetragon
1745117451
digest: 7c700c54584f00379b569d45bb7d073303bd6296469e5c27752dec225c3ce118
1745217452
name: tetragon
@@ -17466,7 +17466,7 @@ entries:
1746617466
version: 0.8.2
1746717467
- apiVersion: v2
1746817468
appVersion: 0.8.1
17469-
created: "2022-09-19T18:42:38+00:00"
17469+
created: "2022-09-19T18:42:38Z"
1747017470
description: Helm chart for Tetragon
1747117471
digest: aa6a0a1757167579b4f1e18d6e14a677223efca831e9308d3b722cf5840e1ae9
1747217472
name: tetragon
@@ -17476,7 +17476,7 @@ entries:
1747617476
version: 0.8.1
1747717477
- apiVersion: v2
1747817478
appVersion: 0.8.0
17479-
created: "2022-05-22T00:09:23+00:00"
17479+
created: "2022-05-22T00:09:23Z"
1748017480
description: Helm chart for Tetragon
1748117481
digest: 7b78ae2a7defa8290c3dd6c4134c76400f99babfac6afbfc8b99b870ba98b3b5
1748217482
name: tetragon

prepare_artifacts.sh

-30
This file was deleted.

prepare_tetragon_artifacts.sh

-41
This file was deleted.

0 commit comments

Comments
 (0)