Merge branch 'master' into feature/gen-changelog

CONTRIBUTING.md

@@ -54,17 +54,23 @@ how to edit and expand the build process.
 
 ### Additional Resources
 
-#### Kubernetes
+#### Extending Kubernetes
 
 - [Kubernetes Custom Resources](https://kubernetes.io/docs/concepts/api-extension/custom-resources/) -
   This is how we define our own resource names (`GameServer`, etc) within Kubernetes.
+- [Extend the Kubernetes API with CustomResourceDefinitions](https://kubernetes.io/docs/tasks/access-kubernetes-api/extend-api-custom-resource-definitions/) -
+  This page shows how to install a custom resource into the Kubernetes API by creating a CustomResourceDefinition.
 - [Joe Beda's TGIK Controller](https://github.com/jbeda/tgik-controller) -
   [Joe Beda](https://twitter.com/jbeda) did a video series on writing controllers for Kubernetes.
   **This is the best resource for learning about controllers and Kubernetes.**
 - [Kubernetes Sample Controller](https://github.com/kubernetes/sample-controller) -
   Example of a Custom Resources with a Kubernetes Controller.
 - [Kubernetes Code Generator](https://github.com/kubernetes/code-generator) -
   The tooling that generated the Go libraries for the Custom Resource we define
+- [Kubernetes Controller Best Practices](https://github.com/kubernetes/community/blob/master/contributors/devel/controllers.md) -
+  Set of best practices written for writing Controllers inside Kubernetes. Also a great list for everywhere else too.
+- [Writing Kube Controllers for Everyone - Maciej Szulik, Red Hat](https://www.youtube.com/watch?v=AUNPLQVxvmw) -
+  A great into video into coding for Controllers, and explaining Informers and Listers.
 
 #### Coding and Development
 

build/Makefile

@@ -170,7 +170,9 @@ push-agones-sdk-image: ensure-build-image
 # Generate the static install script
 gen-install: ensure-build-image
 	docker run --rm $(common_mounts) $(DOCKER_RUN_ARGS) $(build_tag) bash -c \
-		'helm template --name=agones-manual $(mount_path)/install/helm/agones > $(mount_path)/install/yaml/install.yaml'
+		'helm template --name=agones-manual $(mount_path)/install/helm/agones \
+		--set agones.controller.generateTLS=false \
+		> $(mount_path)/install/yaml/install.yaml'
 
 # Generate the SDK gRPC server and client code
 gen-gameservers-sdk-grpc: ensure-build-image
@@ -279,6 +281,10 @@ gcloud-test-cluster: ensure-build-image
 	docker run --rm -it $(common_mounts) $(DOCKER_RUN_ARGS) $(build_tag) kubectl apply -f $(mount_path)/build/helm.yaml
 	docker run --rm $(common_mounts) $(DOCKER_RUN_ARGS) $(build_tag) helm init --service-account helm
 
+clean-gcloud-test-cluster: ensure-build-image
+	docker run --rm -it $(common_mounts) $(DOCKER_RUN_ARGS) $(build_tag) gcloud \
+		deployment-manager deployments delete test-cluster
+
 # Pulls down authentication information for kubectl against a cluster, name can be specified through CLUSTER_NAME
 # (defaults to 'test-cluster')
 gcloud-auth-cluster: ensure-build-image

cmd/controller/Dockerfile

@@ -3,7 +3,6 @@ FROM alpine:3.7
 RUN apk --update add ca-certificates && \
     adduser -D agones
 
-COPY ./certs /home/agones/certs
 COPY ./bin/controller /home/agones/controller
 
 RUN chown -R agones /home/agones && \

docs/fleet_spec.md

@@ -18,7 +18,10 @@ metadata:
 spec:
   replicas: 2
   strategy:
-    type: Recreate  
+    type: RollingUpdate
+    rollingUpdate:
+      maxSurge: 25%
+      maxUnavailable: 25%  
   template:
     metadata:
       labels:
@@ -51,9 +54,12 @@ The `spec` field is the actual `Fleet` specification and it is composed as follo
 
 - `replicas` is the number of `GameServers` to keep Ready or Allocated in this Fleet
 - `strategy` is the `GameServer` replacement strategy for when the `GameServer` template is edited.
-  `type` "Recreate" is the only option. A "RollingUpdate" option will be implemented soon.  
-  - `Recreate` terminates all non-allocated `GameServers`, and starts up a new set with
-  the new `GameServer` configuration to replace them.
+  - `type` is replacement strategy for when the GameServer template is changed. Default option is "RollingUpdate", but "Recreate" is also available.
+    - `RollingUpdate` will increment by `maxSurge` value on each iteration, while decrementing by `maxUnavailable` on each iteration, until all GameServers have been switched from one version to another.   
+    - `Recreate` terminates all non-allocated `GameServers`, and starts up a new set with the new `GameServer` configuration to replace them.
+  - `rollingUpdate` is only relevant when `type: RollingUpdate`
+    - `maxSurge` is the amount to increment the new GameServers by. Defaults to 25%
+    - `maxUnavailable` is the amount to decrements GameServers by. Defaults to 25%
 - `template` a full `GameServer` configuration template.
    See the [GameServer](./gameserver_spec.md) reference for all available fields.
 

docs/governance/release_process.md

@@ -0,0 +1,32 @@
+# Agones Release Management
+
+# Release Cadence
+
+- Versioned releases will occur every 6 weeks
+- Releases occur on a Tuesday.
+- 5 week development cycle, at the end of a which a Release Candidate (RC) will be released with the contents of master.
+- For the next week, the project is in "feature freeze" - i.e. only bug and documentation (.md and examples) fixes during this time.
+  - Any new PRs that are submitted during feature freeze, will be tagged with the label `merge-after-release` 
+    to delineate that they should only be merged after the full release is complete. 
+- At the end of the RC week, the complete version release will occur.
+
+## Release Calendar
+
+> Release Calendar forthcoming once the 0.2 release is complete, when the scheduled release cadence will start.
+
+# Release Process
+
+1. Create a Release Issue from the [release issue template](./templates/release_issue.md).
+1. Label the issue `release`, and attach it to the milestone that it matches.
+1. Complete all items in the release issue checklist.
+1. Close the release issue.
+
+# Hot fix Process
+
+1. Hotfixes will occur as needed, to be determined by those will commit access on the repository.
+1. Create a Release Issue from the [release issue template](./templates/release_issue.md).
+1. Label the issue `release`, and attach it to the next upcoming milestone.
+1. Complete all items in the release issue checklist.
+1. Close the release issue.
+
+

docs/governance/templates/release.md

@@ -0,0 +1,20 @@
+# v{version}
+
+This is the {version} release of Agones.
+
+Check the [README](https://github.com/GoogleCloudPlatform/agones/tree/{release-branch}) for details on features, installation and usage.
+
+Features in this release:
+
+{ insert enhancements from the changelog }
+
+See [CHANGELOG.md](https://github.com/GoogleCloudPlatform/agones/blob/{release-branch}/CHANGELOG.md) for more details on changes.
+
+This software is currently alpha, and subject to change. Not to be used in production systems.
+
+Images available with this release:
+- [gcr.io/agones-images/agones-controller:{version}](https://gcr.io/agones-images/agones-controller:{version})
+- [gcr.io/agones-images/agones-sdk:{version}](https://gcr.io/agones-images/agones-sdk:{version})
+- [gcr.io/agones-images/cpp-simple-server:{example-version}](https://gcr.io/agones-images/cpp-simple-server:{example-version})
+- [gcr.io/agones-images/udp-server:{example-version}](https://gcr.io/agones-images/udp-server:{example-version})
+- [gcr.io/agones-images/xonotic-example:{example-version}](https://gcr.io/agones-images/xonotic-example:{example-version})

docs/governance/templates/release_issue.md

@@ -0,0 +1,29 @@
+# Release {version}
+
+<!--
+This is the release issue template. Make a copy of the markdown in this page
+and copy it into a release issue. Fill in relevent values, found inside {}
+!-->
+
+- [ ] Review closed issues have appropriate tags.
+- [ ] Review closed issues have been applied to the current milestone.
+- [ ] Ensure the next version milestone is created.
+- [ ] Any issues in the current milestone that are not closed, move to next milestone.
+- [ ] Run `make gen-changelog` to generate the CHANGELOG.md
+- [ ] Ensure the [helm `tag` value][values] is correct (should be the {version} if a full release, {version}.rc if release candidate)
+- [ ] Create PR with these changes, and merge them with approval
+- [ ] If full release, close the current milestone.
+- [ ] Confirm local git remote `upstream` points at `[email protected]:GoogleCloudPlatform/agones.git`
+- [ ] Run `git checkout master && git reset --hard upstream/master` to ensure your code is in line with upstream  (unless this is a hotfix, then do the same, but for the the release branch)
+- [ ] Run `make do-release`. (if release candidate `make do-release RELEASE_VERSION={version}.rc`) to create and push the docker images.
+- [ ] Create a release with the [release template][release-template]
+  - [ ] Make a `tag` with the release version.
+  - [ ] Attach all assets found in the `release` folder to the release.
+- [ ] If full release, then increment the `base_version` in [`build/Makefile`][build-makefile]
+- [ ] Ensure the [the helm `tag` value][values] is the same at the above `base_version`
+- [ ] Create PR with these changes, and merge them with approval
+- [ ] Close this issue. *Congratulations!* - the release is now complete! :tada: :clap: :smile: :+1: 
+
+[values]: https://github.com/GoogleCloudPlatform/agones/blob/master/install/helm/agones/values.yaml#L33
+[release-template]: https://github.com/GoogleCloudPlatform/agones/blob/master/docs/governance/templates/release.md
+[build-makefile]: https://github.com/GoogleCloudPlatform/agones/blob/master/build/Makefile

docs/installing_agones.md

@@ -193,6 +193,10 @@ We can install Agones to the cluster using the
 kubectl apply -f https://raw.githubusercontent.com/googlecloudplatform/agones/release-0.1/install.yaml
 ```
 
+> Note: Installing Agones with the `intall.yaml` will setup the TLS certificates stored in this repository for securing 
+> kubernetes webhooks communication. If you want to generates new certificates or use your own,
+> we recommend using the helm installation.
+
 ## Install using Helm
 
 Also, we can install Agones using [Helm][helm] package manager. If you want more details and configuration

examples/fleet.yaml

@@ -30,10 +30,17 @@ spec:
   # a GameServer template - see:
   # https://github.com/GoogleCloudPlatform/agones/blob/master/docs/gameserver_spec.md for all the options
   strategy:
-    # The replacement strategy for when the GameServer template is changed. Current option is "Recreate",
-    # "RollingUpdate" will come at a later date.
+    # The replacement strategy for when the GameServer template is changed. Default option is "RollingUpdate",
+    # "RollingUpdate" will increment by maxSurge value on each iteration, while decrementing by maxUnavailable on each
+    # iteration, until all GameServers have been switched from one version to another.
     # "Recreate" terminates all non-allocated GameServers, and starts up a new set with the new details to replace them.
-    type: Recreate
+    type: RollingUpdate
+    # Only relevant when `type: RollingUpdate`
+    rollingUpdate:
+      # the amount to increment the new GameServers by. Defaults to 25%
+      maxSurge: 25%
+      # the amount to decrements GameServers by. Defaults to 25%
+      maxUnavailable: 25%
   template:
     # GameServer metadata
     metadata:

install/helm/README.md

@@ -78,6 +78,7 @@ The following tables lists the configurable parameters of the Agones chart and t
 | `agones.controller.healthCheck.failureThreshold`       | Number of times before giving up (in seconds)                   | `3`                        |
 | `agones.controller.healthCheck.timeoutSeconds`         | Number of seconds after which the probe times out (in seconds)  | `1`                        |
 | `agones.controller.resources`  | Controller resource requests/limit | `{}`
+| `agones.controller.generateTLS`  | Set to true to generate TLS certificates or false to provide your own certificates in `certs/*` | `true`
 | `gameservers.namespaces`                         | a list of namespaces you are planning to use to deploy game servers | `["defaut"]` |
 | `gameservers.minPort`                            | Minimum port to use for dynamic port allocation                 | `7000`                     |
 | `gameservers.maxPort`                            | Maximum port to use for dynamic port allocation                 | `8000`                     |

install/helm/agones/templates/admissionregistration.yaml

@@ -0,0 +1,112 @@
+# Copyright 2018 Google Inc. All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+{{- $ca := genCA "admission-controller-ca" 3650 }}
+{{- $cn := printf "agones-controller-service" }}
+{{- $altName1 := printf "agones-controller-service.%s"  .Values.agones.namespace }}
+{{- $altName2 := printf "agones-controller-service.%s.svc" .Values.agones.namespace }}
+{{- $cert := genSignedCert $cn nil (list $altName1 $altName2) 3650 $ca }}
+---
+apiVersion: admissionregistration.k8s.io/v1beta1
+kind: ValidatingWebhookConfiguration
+metadata:
+  name: agones-validation-webhook
+  namespace: {{ .Values.agones.namespace }}
+webhooks:
+  - name: validations.stable.agones.dev
+    failurePolicy: Fail
+    clientConfig:
+      service:
+        name: agones-controller-service
+        namespace: {{ .Values.agones.namespace }}
+        path: /validate
+{{- if .Values.agones.controller.generateTLS }}
+      caBundle: {{ b64enc $ca.Cert }}
+{{- else }}
+      caBundle: {{ .Files.Get "certs/server.crt" | b64enc }}
+{{- end }}
+    rules:
+      - apiGroups:
+          - stable.agones.dev
+        resources:
+          - "gameservers"
+          - "fleetallocations"
+        apiVersions:
+          - "v1alpha1"
+        operations:
+          - CREATE
+      - apiGroups:
+          - stable.agones.dev
+        resources:
+          - "gameserversets"
+          - "fleetallocations"
+        apiVersions:
+          - "v1alpha1"
+        operations:
+          - UPDATE
+---
+apiVersion: admissionregistration.k8s.io/v1beta1
+kind: MutatingWebhookConfiguration
+metadata:
+  name: agones-mutation-webhook
+  namespace: {{ .Values.agones.namespace }}
+  labels:
+    component: controller
+    app: {{ template "agones.name" . }}
+    chart: {{ template "agones.chart" . }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+webhooks:
+  - name: mutations.stable.agones.dev
+    failurePolicy: Fail
+    clientConfig:
+      service:
+        name: agones-controller-service
+        namespace: {{ .Values.agones.namespace }}
+        path: /mutate
+{{- if .Values.agones.controller.generateTLS }}
+      caBundle: {{ b64enc $ca.Cert }}
+{{- else }}
+      caBundle: {{ .Files.Get "certs/server.crt" | b64enc }}
+{{- end }}
+    rules:
+      - apiGroups:
+          - stable.agones.dev
+        resources:
+          - "gameservers"
+          - "fleets"
+          - "fleetallocations"
+        apiVersions:
+          - "v1alpha1"
+        operations:
+          - CREATE
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ template "agones.fullname" . }}-cert
+  namespace: {{ .Values.agones.namespace }}
+  labels:
+    app: {{ template "agones.fullname" . }}
+    chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
+    release: "{{ .Release.Name }}"
+    heritage: "{{ .Release.Service }}"
+type: Opaque
+data:
+{{- if .Values.agones.controller.generateTLS }}
+  server.crt: {{ b64enc $cert.Cert }}
+  server.key: {{ b64enc $cert.Key }}
+{{- else }}
+  server.crt: {{ .Files.Get "certs/server.crt" | b64enc }}
+  server.key: {{ .Files.Get "certs/server.key" | b64enc }}
+{{- end }}

install/helm/agones/templates/controller.yaml

@@ -64,3 +64,11 @@ spec:
         resources:
 {{ toYaml .Values.agones.controller.resources | indent 10 }}
 {{- end }}
+        volumeMounts:
+        - name: certs
+          mountPath: /home/agones/certs
+          readOnly: true
+      volumes:
+      - name: certs
+        secret:
+          secretName: {{ template "agones.fullname" . }}-cert