Skip to content

Commit

Permalink
Merge branch 'master' into patch-1
Browse files Browse the repository at this point in the history
  • Loading branch information
crobby authored Oct 15, 2024
2 parents 39e232e + 06e5303 commit acf5bcc
Show file tree
Hide file tree
Showing 186 changed files with 948 additions and 12,768 deletions.
75 changes: 0 additions & 75 deletions .drone.yml

This file was deleted.

50 changes: 50 additions & 0 deletions .github/workflows/pre-release.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,50 @@
name: Prerelease

on:
push:
tags:
- 'v[0-9]+.[0-9]+.[0-9]+-rc[0-9]+'

jobs:
build:
runs-on: ubuntu-latest
permissions:
contents: write
id-token: write
steps:
- uses: actions/checkout@v4
- name: build binaries
env:
CROSS: 1
VERSION: ${{ github.ref_name }}
run: |
make build-rancher
- name: package
run: |
make package-rancher
- name: retrieve GPG Credentials
uses: rancher-eio/read-vault-secrets@main
with:
secrets: |
secret/data/github/repo/${{ github.repository }}/key/app-credentials passphrase | GPG_PASSPHRASE ;
secret/data/github/repo/${{ github.repository }}/key/app-credentials privateKey | GPG_KEY
- name: sign shasum
env:
GPG_KEY: ${{ env.GPG_KEY }}
GPG_PASSPHRASE: ${{ env.GPG_PASSPHRASE }}
run: |
echo "Importing gpg key"
echo -n '${{ env.GPG_KEY }}' | gpg --import --batch > /dev/null
echo "signing SHASUM file"
VERSION_NO_V="$(echo ${{ github.ref_name }} | tr -d 'v')"
SHASUM_FILE="dist/artifacts/${{ github.ref_name }}/terraform-provider-rancher2_${VERSION_NO_V}_SHA256SUMS"
echo '${{ env.GPG_PASSPHRASE }}' | gpg --detach-sig --pinentry-mode loopback --passphrase-fd 0 --output "${SHASUM_FILE}.sig" --sign "${SHASUM_FILE}"
- name: GH release
env:
GH_TOKEN: ${{ github.token }}
run: |
gh release create ${{ github.ref_name }} --prerelease --verify-tag --generate-notes ./dist/artifacts/${{ github.ref_name }}/*
16 changes: 16 additions & 0 deletions .github/workflows/pull_request.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,16 @@
name: Pull Request

on:
pull_request:

jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: build binaries
env:
CROSS: 1
VERSION: ${{ github.ref_name }}
run: |
make build-rancher
50 changes: 50 additions & 0 deletions .github/workflows/release.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,50 @@
name: Release

on:
push:
tags:
- 'v[0-9]+.[0-9]+.[0-9]+'

jobs:
build:
runs-on: ubuntu-latest
permissions:
contents: write
id-token: write
steps:
- uses: actions/checkout@v4
- name: build binaries
env:
CROSS: 1
VERSION: ${{ github.ref_name }}
run: |
make build-rancher
- name: package
run: |
make package-rancher
- name: retrieve GPG Credentials
uses: rancher-eio/read-vault-secrets@main
with:
secrets: |
secret/data/github/repo/${{ github.repository }}/key/app-credentials passphrase | GPG_PASSPHRASE ;
secret/data/github/repo/${{ github.repository }}/key/app-credentials privateKey | GPG_KEY
- name: sign shasum
env:
GPG_KEY: ${{ env.GPG_KEY }}
GPG_PASSPHRASE: ${{ env.GPG_PASSPHRASE }}
run: |
echo "Importing gpg key"
echo -n '${{ env.GPG_KEY }}' | gpg --import --batch > /dev/null
echo "signing SHASUM file"
VERSION_NO_V="$(echo ${{ github.ref_name }} | tr -d 'v')"
SHASUM_FILE="dist/artifacts/${{ github.ref_name }}/terraform-provider-rancher2_${VERSION_NO_V}_SHA256SUMS"
echo '${{ env.GPG_PASSPHRASE }}' | gpg --detach-sig --pinentry-mode loopback --passphrase-fd 0 --output "${SHASUM_FILE}.sig" --sign "${SHASUM_FILE}"
- name: GH release
env:
GH_TOKEN: ${{ github.token }}
run: |
gh release create ${{ github.ref_name }} --verify-tag --generate-notes ./dist/artifacts/${{ github.ref_name }}/*
18 changes: 4 additions & 14 deletions GNUmakefile
Original file line number Diff line number Diff line change
Expand Up @@ -16,16 +16,16 @@ build-rancher: validate-rancher

validate-rancher: validate test

validate: fmtcheck lint vet
validate: fmtcheck vet

package-rancher:
@sh -c "'$(CURDIR)/scripts/gopackage.sh'"

test: fmtcheck
@echo "==> Running testing..."
go test $(TEST) || exit 1
go test -v $(TEST) || exit 1
echo $(TEST) | \
xargs -t -n4 go test $(TESTARGS) -timeout=30s -parallel=4
xargs -t -n4 go test -v $(TESTARGS) -timeout=30s -parallel=4

testacc:
@sh -c "'$(CURDIR)/scripts/gotestacc.sh'"
Expand All @@ -47,16 +47,6 @@ vet:
echo "fix them if necessary, before submitting the code for review."; \
fi

lint:
@echo "==> Checking that code complies with golint requirements..."
@GO111MODULE=off go get -u golang.org/x/lint/golint
@if [ -n "$$(golint $$(go list ./...) | grep -v 'should have comment.*or be unexported' | tee /dev/stderr)" ]; then \
echo ""; \
echo "golint found style issues. Please check the reported issues"; \
echo "and fix them if necessary before submitting the code for review."; \
exit 1; \
fi

bin:
go build -o $(PROVIDER_NAME)

Expand All @@ -79,6 +69,6 @@ test-compile:
echo " make test-compile TEST=./$(PKG_NAME)"; \
exit 1; \
fi
go test -c $(TEST) $(TESTARGS)
go test -v -c $(TEST) $(TESTARGS)

.PHONY: build test testacc vet fmt fmtcheck errcheck vendor-status test-compile bin vendor
41 changes: 19 additions & 22 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -97,41 +97,38 @@ See [test process](docs/test-process.md) for details on release testing (_Terraf
Branching the Provider
---------------------------

The provider is branched into three release lines with major version alignment with Rancher 2.6, 2.7, and 2.8. The `release/v2` branch with 2.0.0+ is aligned with Rancher 2.6, the `release/v3` branch with 3.0.0+ is aligned with Rancher 2.7, and the `master` branch with 4.0.0+ is aligned with Rancher 2.8. The lifecycle of each major provider version is aligned with the lifecycle of each Rancher minor version. For example, provider versions 4.0.x which are aligned with Rancher 2.8.x will only be actively maintained until the EOM for Rancher 2.8.x and supported until EOL for Rancher 2.8.x.
This provider is branched in correlation with minor versions of Rancher: 2.8, 2.9, etc.
The `release/v3` branch with 3.0.0+ is aligned with Rancher 2.7,
the `release/v4` branch with 4.0.0+ is aligned with Rancher 2.8,
and the `master` branch with 5.0.0+ is aligned with Rancher 2.9.
The lifecycle of each major provider version is aligned with the lifecycle of each Rancher minor version.
For example, provider versions 4.x are aligned with Rancher 2.8.x will only be actively maintained until the EOM for Rancher 2.8.x and supported until EOL for Rancher 2.8.x.

See the [Rancher support matrix](https://www.suse.com/lifecycle/#rancher) for details.

Aligning major provider releases with minor Rancher releases means,
Aligning major provider releases with minor Rancher releases means:

* We can follow semver
* We can cut patch/minor versions on an as-needed basis to fix bugs or add new resources
* We can cut patch/minor versions on an as-needed basis to fix bugs or add new resources
* We have 'out of band' flexibility and are only tied to releasing a new version of the provider when we get a new 2.x Rancher minor version.

See the [compatibility matrix](docs/compatibility-matrix.md) for details.

If you are using Terraform to provision clusters on instances of Rancher 2.7 and 2.8, you must have a separate configuration in a separate dir for each provider. Otherwise, Terraform will overwrite the `.tfstate` file every time you switch versions.
If you are using Terraform to provision clusters on instances of Rancher 2.7 and 2.8,
you must have a separate configuration in a separate dir for each provider.
Otherwise, Terraform will overwrite the `.tfstate` file every time you switch versions.

Releasing the Provider
---------------------------

As of Terraform 2.0.0 and 3.0.0, the provider is tied to Rancher minor releases but can be released 'out of band' within that minor version. For example, 4.0.0 will be released 1-2 weeks after Rancher 2.8.x and fixes and features in the 4.0.0 release will be supported for clusters provisioned via Terraform on Rancher 2.8.x. A critical bug fix can be released 'out of band' as 4.0.1 and backported to `release/v3` as 3.0.1. A new feature can also be released 'out of band' as 4.1.0 but not backported.

The [RKE provider](https://github.com/rancher/terraform-provider-rke) should be released after every RKE or KDM release. For example, if upstream RKE 1.3.15 was released, bump the RKE version to 1.3.15 and release the provider.
As of Terraform 2.0.0 and 3.0.0, the provider is tied to Rancher minor releases but can be released 'out of band' within that minor version.
For example, 4.0.0 will be released 1-2 weeks after Rancher 2.8.x and fixes and features in the 4.0.0 release will be supported for clusters provisioned via Terraform on Rancher 2.8.x.
A critical bug fix can be released 'out of band' as 4.0.1 and backported to `release/v3` as 3.0.1.

To release the provider

* Create a draft of the [release](https://github.com/rancher/terraform-provider-rancher2/releases) and select create new tag for the version you are releasing
* Create release notes by clicking `Generate release notes`
* Copy the release notes to the CHANGELOG and update to the following format

```
# <tag version> (Month Day, Year)
FEATURES:
ENHANCEMENTS:
BUG FIXES:
```

* Create a PR to update CHANGELOG
* Copy the updated notes back to the draft release and save (DO NOT release with just the generated notes. Those are just a template to help you)
* Undraft the release, which creates the tag and builds the release
* If necessary - create a followup PR to edit [`./docs/compatibility-matrix.md`](https://github.com/rancher/terraform-provider-rancher2/blob/master/docs/compatibility-matrix.md) with the new version information
* Make sure that the various QA teams have approved the rc versions, see [test process](./docs/test-process.md) for more information.
* Update the `CHANGELOG.md` with the release notes
* Push a tag to the release branch (`release/v2`, `release/v3`, or `master`) which does not have a `-rc` suffix
* The CI will build the provider and generate a release on GitHub
* Make sure to validate that the release is picked up by the Terraform registry, you may need to find the "resync" button to accomplish this.
43 changes: 15 additions & 28 deletions docs/compatibility-matrix.md
Original file line number Diff line number Diff line change
@@ -1,35 +1,22 @@
# Rancher2 Provider

### Version compatibility matrix
## Version compatibility matrix

The version matrix specifies the Terraform provider version _recommended_ to use with the associated minor Rancher version that it was released for. When updating the version matrix, add a row for each Terraform version released with a minor Rancher release.
The version matrix specifies the Terraform provider version _recommended_ to use with the associated minor Rancher version that it was released for.
When updating the version matrix, add a row for each Terraform version released with a minor Rancher release.
This shouldn't be a changelog for every branch, each branch has its own CHANGELOG.md file which should be updated with changes.

#### Rancher 2.6
| Terraform provider version | Rancher version | Terraform provider branch |
|----------------------------|:---------------:|---------------------------|
| 2.x | 2.6.x | release/v2 |
| 3.x | 2.7.x | release/v3 |
| 4.x | 2.8.x | release/v4 |
| 5.x | 2.9.x | master |

| Terraform provider version | Rancher | Notes |
|----------------------------------------|:-------:|:-----------:|
| 2.0.0 | 2.6.11 | Bug fixes |
## FAQ

#### Rancher 2.7
**Can I use an earlier Terraform version?**
Yes, but Terraform may not support all features and fields supported in your Rancher version so provisioning may be limited.

| Terraform provider version | Rancher | Notes |
|----------------------------|:-------:|-----------------------------------------------------------------------------------------------------|
| 3.0.0 | 2.7.2 | Kubernetes 1.25 support, Azure / EKS / Harvester features<br/>and bug fixes |
| 3.0.1 | 2.7.4 | Fix to support old Harvester config |
| 3.0.2 | 2.7.4 | Fix Harvester disk_size default value |
| 3.1.0 | 2.7.5 | Cluster Agent customization, PSACT support for 1.25+ clusters,<br/>custom user tokens and bug fixes |
| 3.1.1 | 2.7.5 | Docs patch |
| 3.2.0 | 2.7.x | |

#### Rancher 2.8

| Terraform provider version | Rancher | Notes |
|----------------------------|:-------:|-------|
| 4.0.0 | 2.8.x | |
| 4.1.0 | 2.8.x | |

#### FAQ

**Can I use an earlier Terraform version?** Yes, but Terraform may not support all features and fields supported in your Rancher version so provisioning may be limited.

**Can I use a later Terraform version?** Yes, but you must NOT use any new features and fields that your Rancher version does not support.
**Can I use a later Terraform version?**
Yes, but you must NOT use any new features and fields that your Rancher version does not support.
3 changes: 0 additions & 3 deletions docs/data-sources/cluster.md
Original file line number Diff line number Diff line change
Expand Up @@ -44,13 +44,10 @@ The following attributes are exported:
* `oke_config` - (Computed) The Oracle OKE configuration for `oke` Clusters. Conflicts with `aks_config`, `aks_config_v2`, `eks_config`, `eks_config_v2`, `gke_config`, `gke_config_v2`, `k3s_config` and `rke_config` (list maxitems:1)
* `description` - (Computed) The description for Cluster (string)
* `cluster_auth_endpoint` - (Computed) Enabling the [local cluster authorized endpoint](https://rancher.com/docs/rancher/v2.x/en/cluster-provisioning/rke-clusters/options/#local-cluster-auth-endpoint) allows direct communication with the cluster, bypassing the Rancher API proxy. (list maxitems:1)
* `cluster_monitoring_input` - (Computed) Cluster monitoring config (list maxitems:1)
* `cluster_template_answers` - (Computed) Cluster template answers (list maxitems:1)
* `cluster_template_id` - (Computed) Cluster template ID (string)
* `cluster_template_questions` - (Computed) Cluster template questions (list)
* `cluster_template_revision_id` - (Computed) Cluster template revision ID (string)
* `default_pod_security_policy_template_id` - (Optional/Computed) [Default pod security policy template id](https://rancher.com/docs/rancher/v2.x/en/cluster-provisioning/rke-clusters/options/#pod-security-policy-support) (string)
* `enable_cluster_monitoring` - (Computed) Enable built-in cluster monitoring. Default `false` (bool)
* `enable_network_policy` - (Computed) Enable project network isolation. Default `false` (bool)
* `enable_cluster_istio` - (Computed) Enable built-in cluster istio. Default `false` (bool)
* `fleet_workspace_name` - (Computed) Fleet workspace name (string)
Expand Down
32 changes: 0 additions & 32 deletions docs/data-sources/cluster_alert_group.md

This file was deleted.

Loading

0 comments on commit acf5bcc

Please sign in to comment.