Gangams/arc ev2 deployment (#522)

* ev2 deployment for arc k8s extension * fix charts path issue * rename scripts tar * add notifications * fix line endings * fix line endings * update with prod repo * fix file endings
microsoft · Apr 7, 2021 · 1f6f6d2 · 1f6f6d2
1 parent ca8fa12
commit 1f6f6d2
Show file tree

Hide file tree

Showing 17 changed files with 821 additions and 22 deletions.
diff --git a/.pipelines/build-linux.sh b/.pipelines/build-linux.sh
@@ -14,3 +14,8 @@ cd $DIR/../build/linux
 echo "----------- Build Docker Provider -------------------------------"
 make
 cd $DIR
+
+echo "------------ Bundle Shell Extension Scripts & HELM chart -------------------------"
+cd $DIR/../deployment/arc-k8s-extension/ServiceGroupRoot/Scripts
+tar -czvf ../artifacts.tar.gz ../../../../charts/azuremonitor-containers/ pushChartToAcr.sh
+
diff --git a/.pipelines/pipeline.user.linux.yml b/.pipelines/pipeline.user.linux.yml
@@ -24,10 +24,15 @@ restore:
 
 build:
   commands:
-    - !!defaultcommand
+    - !!buildcommand
       name: 'Build Docker Provider Shell Bundle'
       command: '.pipelines/build-linux.sh'
       fail_on_stderr: false
+      artifacts:
+        - from: 'deployment'
+          to: 'build'
+          include:
+            - '**'
 
 package:
   commands:

diff --git a/.pipelines/pull-from-cdpx-and-push-to-ci-acr-linux-image.sh b/.pipelines/pull-from-cdpx-and-push-to-ci-acr-linux-image.sh
@@ -35,12 +35,22 @@ echo "end: read appid and appsecret which has read access on cdpx acr"
 # suffix 00 primary and 01 secondary, and we only use primary
 # This configured via pipeline variable
 echo "login to cdpxlinux acr:${CDPX_ACR}"
-docker login $CDPX_ACR  --username $CDPX_ACR_APP_ID --password $CDPX_ACR_APP_SECRET
-echo "login to cdpxlinux acr completed: ${CDPX_ACR}"
+echo $CDPX_ACR_APP_SECRET | docker login $CDPX_ACR  --username $CDPX_ACR_APP_ID --password-stdin
+if [ $? -eq 0 ]; then         
+   echo "login to cdpxlinux acr: ${CDPX_ACR} completed successfully."
+else     
+   echo "-e error login to cdpxlinux acr: ${CDPX_ACR} failed.Please see release task logs."
+   exit 1
+fi  
 
 echo "pull agent image from cdpxlinux acr: ${CDPX_ACR}"
 docker pull ${CDPX_ACR}/official/${CDPX_REPO_NAME}:${CDPX_AGENT_IMAGE_TAG}
-echo "pull image from cdpxlinux acr completed: ${CDPX_ACR}"
+if [ $? -eq 0 ]; then
+   echo "pulling of agent image from cdpxlinux acr: ${CDPX_ACR} completed successfully."
+else
+   echo "-e error pulling of agent image from cdpxlinux acr: ${CDPX_ACR} failed.Please see release task logs."
+   exit 1
+fi  
 
 echo "CI Release name is:"$CI_RELEASE
 imagetag=$CI_RELEASE$CI_IMAGE_TAG_SUFFIX
@@ -51,13 +61,29 @@ echo "CI AGENT REPOSITORY NAME : ${CI_AGENT_REPO}"
 
 echo "tag linux agent image"
 docker tag ${CDPX_ACR}/official/${CDPX_REPO_NAME}:${CDPX_AGENT_IMAGE_TAG} ${CI_ACR}/public/azuremonitor/containerinsights/${CI_AGENT_REPO}:${imagetag}
+if [ $? -eq 0 ]; then         
+   echo "tagging of linux agent image completed successfully."
+else     
+    echo "-e error tagging of linux agent image failed. Please see release task logs."
+   exit 1
+fi  
 
 echo "login ciprod acr":$CI_ACR
-docker login $CI_ACR --username $ACR_APP_ID --password $ACR_APP_SECRET
-echo "login to ${CI_ACR} acr completed"
+echo $ACR_APP_SECRET | docker login $CI_ACR --username $ACR_APP_ID --password-stdin 
+if [ $? -eq 0 ]; then         
+   echo "login to ciprod acr: ${CI_ACR} completed successfully"
+else     
+   echo "-e error login to ciprod acr: ${CI_ACR} failed. Please see release task logs."
+   exit 1
+fi  
 
 echo "pushing the image to ciprod acr:${CI_ACR}"
 docker push ${CI_ACR}/public/azuremonitor/containerinsights/${CI_AGENT_REPO}:${imagetag}
-echo "pushing the image to ciprod acr completed"
+if [ $? -eq 0 ]; then
+   echo "pushing of the image to ciprod acr completed successfully"
+else     
+   echo "-e error pushing of image to ciprod acr failed. Please see release task logs."
+   exit 1
+fi  
 
 echo "end: pull linux agent image from cdpx and push to ciprod acr"
diff --git a/.pipelines/pull-from-cdpx-and-push-to-ci-acr-windows-image.sh b/.pipelines/pull-from-cdpx-and-push-to-ci-acr-windows-image.sh
@@ -34,12 +34,22 @@ echo "end: read appid and appsecret which has read access on cdpx acr"
 # suffix 00 primary and 01 secondary, and we only use primary
 # This configured via pipeline variable
 echo "login to cdpxwindows acr:${CDPX_ACR}"
-docker login $CDPX_ACR  --username $CDPX_ACR_APP_ID --password $CDPX_ACR_APP_SECRET
-echo "login to cdpxwindows acr:${CDPX_ACR} completed"
+echo $CDPX_ACR_APP_SECRET | docker login $CDPX_ACR  --username $CDPX_ACR_APP_ID --password-stdin
+if [ $? -eq 0 ]; then         
+   echo "login to cdpxwindows acr: ${CDPX_ACR} completed successfully."
+else     
+   echo "-e error login to cdpxwindows acr: ${CDPX_ACR} failed.Please see release task logs."
+   exit 1
+fi  
 
 echo "pull image from cdpxwin acr: ${CDPX_ACR}"
 docker pull ${CDPX_ACR}/official/${CDPX_REPO_NAME}:${CDPX_AGENT_IMAGE_TAG}
-echo "pull image from cdpxwin acr completed: ${CDPX_ACR}"
+if [ $? -eq 0 ]; then         
+   echo "pulling of image from cdpxwin acr: ${CDPX_ACR} completed successfully."
+else     
+   echo "pulling of image from cdpxwin acr: ${CDPX_ACR} failed. Please see release task logs."
+   exit 1
+fi  
 
 echo "CI Release name:"$CI_RELEASE
 echo "CI Image Tax suffix:"$CI_IMAGE_TAG_SUFFIX
@@ -49,13 +59,30 @@ echo "agentimagetag="$imagetag
 
 echo "tag windows agent image"
 docker tag ${CDPX_ACR}/official/${CDPX_REPO_NAME}:${CDPX_AGENT_IMAGE_TAG} ${CI_ACR}/public/azuremonitor/containerinsights/${CI_AGENT_REPO}:${imagetag}
+if [ $? -eq 0 ]; then         
+   echo "tagging of windows agent image completed successfully."
+else     
+   echo "-e error tagging of windows agent image failed. Please see release task logs."
+   exit 1
+fi  
 
 echo "login to ${CI_ACR} acr"
-docker login $CI_ACR --username $ACR_APP_ID --password $ACR_APP_SECRET
-echo "login to ${CI_ACR} acr completed"
+echo $ACR_APP_SECRET | docker login $CI_ACR --username $ACR_APP_ID --password-stdin
+if [ $? -eq 0 ]; then
+   echo "login to acr: ${CI_ACR} completed successfully."
+else     
+   echo "login to acr: ${CI_ACR} failed. Please see release task logs."
+   exit 1
+fi  
+
 
 echo "pushing the image to ciprod acr"
 docker push ${CI_ACR}/public/azuremonitor/containerinsights/${CI_AGENT_REPO}:${imagetag}
-echo "pushing the image to ciprod acr completed"
+if [ $? -eq 0 ]; then
+   echo "pushing the image to ciprod acr completed successfully."
+else     
+   echo "pushing the image to ciprod acr failed. Please see release task logs"
+   exit 1
+fi  
 
 echo "end: pull windows agent image from cdpx and push to ciprod acr"
diff --git a/ReleaseProcess.md b/ReleaseProcess.md
@@ -35,20 +35,21 @@ Image automatically synched to MCR CN from Public cloud MCR.
 
 - Refer to internal docs for the release process and instructions.
 
-## ARO v3
-
-This needs to be co-ordinated with Red hat  and ARO-RP team for the release and Red hat team will pick up the changes for the release.
-
 ## AKS-Engine
 
 Make PR against [AKS-Engine](https://github.com/Azure/aks-engine). Refer PR https://github.com/Azure/aks-engine/pull/2318
 
-## ARO v4, Azure Arc K8s and OpenShift v4 clusters
-
-Make sure azuremonitor-containers chart yamls updates with all changes going with the release and also make sure to bump the chart version, imagetag and docker provider version etc. Similar to agent container image, build pipeline automatically push the chart to container insights prod acr for canary and prod repos accordingly.
-Both the agent and helm chart will be replicated to `mcr.microsoft.com`.
+## Arc for Kubernetes 
 
-The way, customers will be onboard the monitoring to these clusters using onboarding scripts under `onboarding\managed` directory so please bump chart version for prod release. Once we move to Arc K8s Monitoring extension Public preview, these will be taken care so at that point of time no manual changes like this required.
+Ev2 pipeline used to deploy the chart of the Arc K8s Container Insights Extension as per Safe Deployment Process. 
+Here is the high level process
+```
+ 1. Specify chart version of the release candidate and trigger [container-insights-arc-k8s-extension-ci_prod-release](https://github-private.visualstudio.com/microsoft/_release?_a=releases&view=all)
+ 2. Get the approval from one of team member for the release
+ 3. Once the approved, release should be triggered automatically 
+ 4. use `cimon-arck8s-eastus2euap` for validating latest release in canary region
+ 5. TBD - Notify vendor team for the validation on all Arc K8s supported platforms
+```
 
 ## Microsoft Charts Repo release for On-prem K8s
 

diff --git a/.../arc-k8s-extension/ServiceGroupRoot/Parameters/ContainerInsightsExtension.Parameters.json b/.../arc-k8s-extension/ServiceGroupRoot/Parameters/ContainerInsightsExtension.Parameters.json
@@ -0,0 +1,66 @@
+{
+  "$schema": "http://schema.express.azure.com/schemas/2015-01-01-alpha/RolloutParameters.json",
+  "contentVersion": "1.0.0.0",
+  "wait": [
+    {
+      "name": "waitSdpBakeTime",
+      "properties": {
+        "duration": "PT24H"
+      }
+    }
+  ],
+  "shellExtensions": [
+    {
+      "name": "PushChartToACR",
+      "type": "ShellExtensionType",
+      "properties": {
+        "maxexecutiontime": "PT1H"
+      },
+      "package": {
+        "reference": {
+          "path": "artifacts.tar.gz"
+        }
+      },
+      "launch": {
+        "command": [
+          "/bin/bash",
+          "pushChartToAcr.sh"
+        ],
+        "environmentVariables": [
+          {
+            "name": "RELEASE_STAGE",
+            "value": "__RELEASE_STAGE__"
+          },
+          {
+            "name": "ACR_APP_ID",
+            "reference": {
+              "provider": "AzureKeyVault",
+              "parameters": {
+                "secretId": "https://cibuildandreleasekv.vault.azure.net/secrets/ciprodacrappid/e8f47bf7505741ebaf65a4db16ff9fa7"
+              }
+            },
+            "asSecureValue": "true"
+          },
+          {
+            "name": "ACR_APP_SECRET",
+            "reference": {
+              "provider": "AzureKeyVault",
+              "parameters": {
+                "secretId": "https://cibuildandreleasekv.vault.azure.net/secrets/ciprodacrappsecret/8718afcdac114accb8b26f613cef1e1e"
+              }
+            },
+            "asSecureValue": "true"
+          },
+          {
+            "name": "ACR_NAME",
+            "value": "__ACR_NAME__"
+          },
+          {
+            "name": "CHART_VERSION",
+            "value": "__CHART_VERSION__"
+          }
+        ]
+      }
+    }
+  ]
+}
diff --git a/deployment/arc-k8s-extension/ServiceGroupRoot/RolloutSpecs/Public.Canary.RolloutSpec.json b/deployment/arc-k8s-extension/ServiceGroupRoot/RolloutSpecs/Public.Canary.RolloutSpec.json
@@ -0,0 +1,29 @@
+{
+  "$schema": "http://schema.express.azure.com/schemas/2015-01-01-alpha/RolloutSpec.json",
+  "ContentVersion": "1.0.0.0",
+  "RolloutMetadata": {
+    "ServiceModelPath": "ServiceModels//Public.ServiceModel.json",   
+    "ScopeBindingsPath": "ScopeBindings//Public.ScopeBindings.json", 
+    "Name": "ContainerInsightsExtension-Canary",
+    "RolloutType": "Major",
+    "BuildSource": {
+      "Parameters": {
+        "VersionFile": "buildver.txt"
+      }
+    },
+    "notification": {
+      "email": {
+        "to": "[email protected]"
+      }
+    }  
+  },
+  "orchestratedSteps": [
+    {
+      "name": "PushChartToACR",
+      "targetType": "ServiceResource",
+      "targetName": "PushChartToACR-Canary",
+      "actions": [ "Shell/PushChartToACR" ],
+      "dependsOn": [ ]
+    }
+  ]
+}
diff --git a/deployment/arc-k8s-extension/ServiceGroupRoot/RolloutSpecs/Public.FF.RolloutSpec.json b/deployment/arc-k8s-extension/ServiceGroupRoot/RolloutSpecs/Public.FF.RolloutSpec.json
@@ -0,0 +1,29 @@
+{
+  "$schema": "http://schema.express.azure.com/schemas/2015-01-01-alpha/RolloutSpec.json",
+  "ContentVersion": "1.0.0.0",
+  "RolloutMetadata": {
+    "ServiceModelPath": "ServiceModels//Public.ServiceModel.json",   
+    "ScopeBindingsPath": "ScopeBindings//Public.ScopeBindings.json", 
+    "Name": "ContainerInsightsExtension-FF",
+    "RolloutType": "Major",
+    "BuildSource": {
+      "Parameters": {
+        "VersionFile": "buildver.txt"
+      }
+    },
+    "notification": {
+      "email": {
+        "to": "[email protected]"
+      }
+    }
+  },
+  "orchestratedSteps": [
+    {
+      "name": "PushChartToACR",
+      "targetType": "ServiceResource",
+      "targetName": "PushChartToACR-FF",
+      "actions": [ "wait/waitSdpBakeTime", "Shell/PushChartToACR" ],
+      "dependsOn": [ ]
+    }
+  ]
+}
diff --git a/deployment/arc-k8s-extension/ServiceGroupRoot/RolloutSpecs/Public.HighLoad.RolloutSpec.json b/deployment/arc-k8s-extension/ServiceGroupRoot/RolloutSpecs/Public.HighLoad.RolloutSpec.json
@@ -0,0 +1,29 @@
+{
+  "$schema": "http://schema.express.azure.com/schemas/2015-01-01-alpha/RolloutSpec.json",
+  "ContentVersion": "1.0.0.0",
+  "RolloutMetadata": {
+    "ServiceModelPath": "ServiceModels//Public.ServiceModel.json",   
+    "ScopeBindingsPath": "ScopeBindings//Public.ScopeBindings.json", 
+    "Name": "ContainerInsightsExtension-Prod3",
+    "RolloutType": "Major",
+    "BuildSource": {
+      "Parameters": {
+        "VersionFile": "buildver.txt"
+      }
+    },
+    "notification": {
+      "email": {
+        "to": "[email protected]"
+      }
+    }
+  },
+  "orchestratedSteps": [
+    {
+      "name": "PushChartToACR",
+      "targetType": "ServiceResource",
+      "targetName": "PushChartToACR-HighLoad",
+      "actions": [  "wait/waitSdpBakeTime", "Shell/PushChartToACR" ],
+      "dependsOn": [ ]
+    }
+  ]
+}
diff --git a/deployment/arc-k8s-extension/ServiceGroupRoot/RolloutSpecs/Public.LightLoad.RolloutSpec.json b/deployment/arc-k8s-extension/ServiceGroupRoot/RolloutSpecs/Public.LightLoad.RolloutSpec.json
@@ -0,0 +1,29 @@
+{
+  "$schema": "http://schema.express.azure.com/schemas/2015-01-01-alpha/RolloutSpec.json",
+  "ContentVersion": "1.0.0.0",
+  "RolloutMetadata": {
+    "ServiceModelPath": "ServiceModels//Public.ServiceModel.json",   
+    "ScopeBindingsPath": "ScopeBindings//Public.ScopeBindings.json", 
+    "Name": "ContainerInsightsExtension-Prod2",
+    "RolloutType": "Major",
+    "BuildSource": {
+      "Parameters": {
+        "VersionFile": "buildver.txt"
+      }
+    },
+    "notification": {
+      "email": {
+        "to": "[email protected]"
+      }
+    }
+  },
+  "orchestratedSteps": [
+    {
+      "name": "PushChartToACR",
+      "targetType": "ServiceResource",
+      "targetName": "PushChartToACR-LightLoad",
+      "actions": [ "wait/waitSdpBakeTime", "Shell/PushChartToACR" ],
+      "dependsOn": [ ]
+    }
+  ]
+}
diff --git a/deployment/arc-k8s-extension/ServiceGroupRoot/RolloutSpecs/Public.MC.RolloutSpec.json b/deployment/arc-k8s-extension/ServiceGroupRoot/RolloutSpecs/Public.MC.RolloutSpec.json
@@ -0,0 +1,29 @@
+{
+  "$schema": "http://schema.express.azure.com/schemas/2015-01-01-alpha/RolloutSpec.json",
+  "ContentVersion": "1.0.0.0",
+  "RolloutMetadata": {
+    "ServiceModelPath": "ServiceModels//Public.ServiceModel.json",   
+    "ScopeBindingsPath": "ScopeBindings//Public.ScopeBindings.json", 
+    "Name": "ContainerInsightsExtension-MC",
+    "RolloutType": "Major",
+    "BuildSource": {
+      "Parameters": {
+        "VersionFile": "buildver.txt"
+      }
+    },
+    "notification": {
+      "email": {
+        "to": "[email protected]"
+      }
+    }
+  },
+  "orchestratedSteps": [
+    {
+      "name": "PushChartToACR",
+      "targetType": "ServiceResource",
+      "targetName": "PushChartToACR-MC",
+      "actions": [ "wait/waitSdpBakeTime", "Shell/PushChartToACR" ],
+      "dependsOn": [ ]
+    }
+  ]
+}