Add controller release artifacts spec

Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
pull/3254/head
Stefan Prodan 2 years ago
parent ea06d9614f
commit 590b7b7682
No known key found for this signature in database
GPG Key ID: 3299AEB0E4085BAF

@ -2,5 +2,5 @@
## Release Engineering ## Release Engineering
- [Shared packages release specifications](release/pkg.md) - [Shared packages release specifications](release/packages.md)
- [Controllers release specifications](release/controllers.md) - [Controllers release specifications](release/controllers.md)

@ -13,10 +13,6 @@ Controller repositories and their interdependencies:
5. [fluxcd/image-reflector-controller](https://github.com/fluxcd/image-reflector-controller) 5. [fluxcd/image-reflector-controller](https://github.com/fluxcd/image-reflector-controller)
6. [fluxcd/image-automation-controller](https://github.com/fluxcd/image-automation-controller) (imports `fluxcd/source-controller/api` and `fluxcd/image-reflector-controller/api`) 6. [fluxcd/image-automation-controller](https://github.com/fluxcd/image-automation-controller) (imports `fluxcd/source-controller/api` and `fluxcd/image-reflector-controller/api`)
The API versioning and controller versioning are indirectly related. For example,
a source-controller minor release `v1.1.0` can introduce a new API version
`v1beta1` for a Kind `XRepository` in the `source.toolkit.fluxcd.io` group.
## API versioning ## API versioning
The Flux APIs (Kubernetes CRDs) follow the The Flux APIs (Kubernetes CRDs) follow the
@ -30,7 +26,10 @@ test environments only.
The schema of objects may change in incompatible ways in a later controller release. The schema of objects may change in incompatible ways in a later controller release.
The custom resources may require editing and re-creating after a CRD update. The custom resources may require editing and re-creating after a CRD update.
An alpha API is introduced after it reaches the `implementable` phase in the An alpha version API becomes deprecated once a subsequent alpha or beta API version is released.
A deprecated alpha version is subject to removal after a three months period.
An alpha API is introduced when its proposal reaches the `implementable` phase in the
[Flux RFC process](https://github.com/fluxcd/flux2/tree/main/rfcs). [Flux RFC process](https://github.com/fluxcd/flux2/tree/main/rfcs).
We encourage users to try out the alpha APIs and provide feedback which is extremely We encourage users to try out the alpha APIs and provide feedback which is extremely
valuable during early stages of development. valuable during early stages of development.
@ -68,25 +67,9 @@ The Flux controllers and their Go API packages are released by following the
- `vX.Y.Z-RC.W` release candidates e.g. `v1.0.0-RC.1` - `vX.Y.Z-RC.W` release candidates e.g. `v1.0.0-RC.1`
- `vX.Y.Z` stable releases e.g. `v1.0.0` - `vX.Y.Z` stable releases e.g. `v1.0.0`
The release artifacts can be accessed based on the controller name and version. The API versioning and controller versioning are indirectly related. For example,
a source-controller minor release `v1.1.0` can introduce a new API version
To import or update a controller API package in a Go project: `v1beta1` for a Kind `XRepository` in the `source.toolkit.fluxcd.io` group.
```shell
go get github.com/fluxcd/<controller-name>/api@<version>
```
To pull a controller container image:
```shell
docker pull ghcr.io/fluxcd/<controller-name>:<version>
```
To download a controller's Kubernetes Custom resource definitions:
```shell
curl -sL https://github.com/fluxcd/<controller-name>/releases/download/<version>/<controller-name>.crds.yaml
```
### Release candidates ### Release candidates
@ -114,11 +97,9 @@ Note that breaking changes may occur if required by a security vulnerability fix
Minor releases are used when updating Kubernetes dependencies such as `k8s.io/api` from one minor version to another. Minor releases are used when updating Kubernetes dependencies such as `k8s.io/api` from one minor version to another.
In effect, this means a minor version will be released for all Flux controllers approximately every three months In effect, this means a minor version will be released for all Flux controllers approximately every four months
after each Kubernetes minor version release. after each Kubernetes minor version release. To properly validate the controllers against the latest Kubernetes version,
we reserve a time window of at least two weeks for Flux controllers end-to-end testing.
To properly validate the controllers against the latest Kubernetes version, we reserve a time window of at least
two weeks for Flux controllers end-to-end testing.
### Major releases ### Major releases
@ -127,7 +108,7 @@ Major releases are intended for drastic changes in the controller behaviour or s
A controller major release will be announced ahead of time throughout all communication channels, A controller major release will be announced ahead of time throughout all communication channels,
and a support window of one year will be provided for the previous major version. and a support window of one year will be provided for the previous major version.
## Release Cadence ## Release cadence
Flux controllers follow Kubernetes three releases per year cadence. After each Kubernetes minor release, Flux controllers follow Kubernetes three releases per year cadence. After each Kubernetes minor release,
all controllers are tested against the latest Kubernetes version and are released at approximately two all controllers are tested against the latest Kubernetes version and are released at approximately two
@ -143,7 +124,40 @@ For Flux controllers we support the last three minor releases.
Security fixes, may be backported to those three minor versions as patch releases, Security fixes, may be backported to those three minor versions as patch releases,
depending on severity and feasibility. depending on severity and feasibility.
## Release procedure ## Release artifacts
Each controller release produces the following artifacts:
- Source code (GitHub Releases page)
- Software Bill of Materials in SPDX format (GitHub Releases page)
- Kubernetes manifests such as CRDs and Deployments (GitHub Releases page)
- Signed checksums of source code, SBOM and manifests (GitHub Releases page)
- Multi-arch container images (GitHub Container Registry and DockerHub)
All the artifacts are cryptographically signed and can be verified with Cosign.
The release artifacts can be accessed based on the controller name and version.
To import or update a controller's API package in a Go project:
```shell
go get github.com/fluxcd/<controller-name>/api@<version>
```
To verify and pull a controller's container image:
```shell
cosign verify ghcr.io/fluxcd/<controller-name>:<version>
docker pull ghcr.io/fluxcd/<controller-name>:<version>
```
To download a controller's Kubernetes Custom resource definitions:
```shell
curl -sL https://github.com/fluxcd/<controller-name>/releases/download/<version>/<controller-name>.crds.yaml
```
## Controller release procedure
As a project maintainer, to release a controller and its API: As a project maintainer, to release a controller and its API:

Loading…
Cancel
Save