hack/build: Pin to RHCOS 47.330 and quay.io/openshift-release-dev/ocp-release:4.0.0-0.5

CHANGELOG.md

@@ -4,7 +4,7 @@ All notable changes to this project will be documented in this file.
 
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
 
-## 0.13.0 - 2019-02-19
+## 0.13.0 - 2019-02-26
 
 ### Added
 
@@ -27,11 +27,9 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
       use the same Ignition configuration.  The installer will warn
       about but allow configurations where there are zero compute
       replicas.
-
     - On libvirt, the `masterIPs` property has been removed, since you
       cannot configure master IPs via the libvirt machine API
       provider.
-
     - On OpenStack, there is also a new `lbFloatingIP` property, which
       allows you to provide an IP address to be used by the load
       balancer.  This allows you to create local DNS entries ahead of
@@ -51,8 +49,9 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
   namespace has been replaced with `openshift-machine-api` as well.
 - The installer now uses etcd and OS images referenced by the update
   payload when configuring the machine-config operator.
-- The Kubernetes certificate authority is now self-signed, decoupling
-  its chain of trust from the root certificate authority.
+- The etcd, aggregator, and other certificate authorities are now
+  self-signed, decoupling their chains of trust from the root
+  certificate authority.
 - The installer no longer creates a service-serving certificate
   authority.  The certificate authority is now created by the
   [service-CA operator][service-ca-operator].
@@ -62,15 +61,23 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
   9000-9999 for for host network services.  This matches the approach
   we have been using for masters since 0.4.0.  The master security
   group has also been adjusted to fix a 9990 -> 9999 typo from 0.4.0.
+- On libvirt, the default compute nodes have been bumped from 2 to 4
+  GiB of memory and the control-plane nodes have been bumped from 4 to
+  6 GiB of memory and 2 to 4 vCPUs.
 - Several doc and internal cleanups and minor fixes.
 
 ### Fixed
 
 - The router certificate authority is appended to the admin
   `kubeconfig` to fix the OAuth flow behind `oc login`.
-- The installer now verifies cluster names supplied via
-  `install-config.yaml` (it previously only validated cluster names
-  provided via the install-config wizard).
+- The `install-config.yaml` validation is now more robust, with the
+  installer:
+
+    - Validating cluster names (it previously only validated cluster
+      names provided via the install-config wizard).
+    - Validating `networking.clusterNetworks[].cidr` and explicitly
+      checking for `nil` `machineCIDR` and `serviceCIDR`.
+
 - Terraform variables are now generated from master machine
   configurations instead of from the install configuration.  This
   allows them to reflect changes made by editing master machine
@@ -85,17 +92,32 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
 - When the installer prompts for AWS credentials, it now respects
   `AWS_PROFILE` and will update an existing credentials file instead
   of erroring out.
+- On AWS, the default [instance types][aws-instance-types] now depend
+  on the selected region, with regions that do not support m4 types
+  falling back to m5.
 - On AWS, the installer now verifies that the user-supplied
   credentials have sufficient permissions for creating a cluster.
   Previously, permissions issues would surface as Terraform errors or
   broken cluster functionality after a nominally successful install.
-- On AWS, the `destroy cluster` implementation is now more robust:
+- On AWS, the `destroy cluster` implementation is now more robust,
+  fixing several bugs from 0.10.1:
+
     - The destroy code now checks for `nil` before dereferencing,
       avoiding panics when removing internet gateways which had not
       yet been associated with a VPC, and in other similar cases.
     - The destoy code now treats already-deleted instances as
       successfully deleted, instead of looping forever while trying to
       delete them.
+    - The destroy code now treats a non-existant public DNS zone as
+      success, instead of looping forever while trying to delete
+      records from it.
+
+- On AWS and OpenStack, there is a new infra ID that is a uniqified,
+  possibly-abbreviated form of the cluster name.  The infra ID is used
+  to name and tag cluster resources, allowing for multiple clusters
+  that share the same cluster name in a single account without naming
+  conflicts (beyond DNS conflicts if both clusters also share the same
+  base domain).
 - On OpenStack, the HAProxy configuration on the service VM now only
   balances ports 80 and 443 across compute nodes (it used to also
   balance them across control-plane nodes).

hack/build.sh

@@ -2,6 +2,9 @@
 
 set -ex
 
+RELEASE_IMAGE="${RELEASE_IMAGE:-quay.io/openshift-release-dev/ocp-release:4.0.0-0.5}"
+RHCOS_BUILD_NAME="${RELEASE_BUILD_NAME:-47.330}"
+
 # shellcheck disable=SC2068
 version() { IFS="."; printf "%03d%03d%03d\\n" $@; unset IFS;}
 

pkg/asset/ignition/bootstrap/bootstrap.go

@@ -175,7 +175,7 @@ func (a *Bootstrap) getTemplateData(installConfig *types.InstallConfig) (*bootst
 	}
 
 	releaseImage := defaultReleaseImage
-	if ri, ok := os.LookupEnv("OPENSHIFT_INSTALL_RELEASE_IMAGE_OVERRIDE"); ok && ri != "" {
+	if ri, ok := os.LookupEnv("_OPENSHIFT_INSTALL_RELEASE_IMAGE_OVERRIDE"); ok && ri != "" {
 		logrus.Warn("Found override for ReleaseImage. Please be warned, this is not advised")
 		releaseImage = ri
 	}

pkg/types/aws/validation/platform.go

@@ -15,25 +15,25 @@ var (
 	Regions = map[string]string{
 		"ap-northeast-1": "Tokyo",
 		"ap-northeast-2": "Seoul",
-		"ap-northeast-3": "Osaka-Local",
+		//"ap-northeast-3": "Osaka-Local",
 		"ap-south-1":     "Mumbai",
 		"ap-southeast-1": "Singapore",
 		"ap-southeast-2": "Sydney",
 		"ca-central-1":   "Central",
-		"cn-north-1":     "Beijing",
-		"cn-northwest-1": "Ningxia",
-		"eu-central-1":   "Frankfurt",
-		"eu-north-1":     "Stockholm",
-		"eu-west-1":      "Ireland",
-		"eu-west-2":      "London",
-		"eu-west-3":      "Paris",
-		"sa-east-1":      "São Paulo",
-		"us-east-1":      "N. Virginia",
-		"us-east-2":      "Ohio",
-		"us-gov-east-1":  "AWS GovCloud (US-East)",
-		"us-gov-west-1":  "AWS GovCloud (US-West)",
-		"us-west-1":      "N. California",
-		"us-west-2":      "Oregon",
+		//"cn-north-1":     "Beijing",
+		//"cn-northwest-1": "Ningxia",
+		"eu-central-1": "Frankfurt",
+		//"eu-north-1":     "Stockholm",
+		"eu-west-1": "Ireland",
+		"eu-west-2": "London",
+		"eu-west-3": "Paris",
+		"sa-east-1": "São Paulo",
+		"us-east-1": "N. Virginia",
+		"us-east-2": "Ohio",
+		//"us-gov-east-1":  "AWS GovCloud (US-East)",
+		//"us-gov-west-1":  "AWS GovCloud (US-West)",
+		"us-west-1": "N. California",
+		"us-west-2": "Oregon",
 	}
 
 	validRegionValues = func() []string {

pkg/types/validation/installconfig_test.go

@@ -326,7 +326,7 @@ func TestValidateInstallConfig(t *testing.T) {
 				}
 				return c
 			}(),
-			expectedError: `^platform\.aws\.region: Unsupported value: "": supported values: "ap-northeast-1", "ap-northeast-2", "ap-northeast-3", "ap-south-1", "ap-southeast-1", "ap-southeast-2", "ca-central-1", "cn-north-1", "cn-northwest-1", "eu-central-1", "eu-north-1", "eu-west-1", "eu-west-2", "eu-west-3", "sa-east-1", "us-east-1", "us-east-2", "us-gov-east-1", "us-gov-west-1", "us-west-1", "us-west-2"$`,
+			expectedError: `^platform\.aws\.region: Unsupported value: "": supported values: "ap-northeast-1", "ap-northeast-2", "ap-south-1", "ap-southeast-1", "ap-southeast-2", "ca-central-1", "eu-central-1", "eu-west-1", "eu-west-2", "eu-west-3", "sa-east-1", "us-east-1", "us-east-2", "us-west-1", "us-west-2"$`,
 		},
 		{
 			name: "valid libvirt platform",