v2.25.2 Armory Continuous Deployment Release (Spinnaker™ v1.25.8)

Release notes for Armory Continuous Deployment v2.25.2

2022/04/06 Release Notes

Note: If you’re experiencing production issues after upgrading Spinnaker, rollback to a previous working version and please report issues to http://go.armory.io/support.

Required Halyard or Operator version

To install, upgrade, or configure Armory 2.25.2, use one of the following tools:

  • Armory-extended Halyard 1.12
  • Armory Operator 1.2.6

Security

Armory scans the codebase as we develop and release software. Contact your Armory account representative for information about CVE scans for this release.

Breaking changes

Breaking changes are kept in this list for 3 minor versions from when the change is introduced. For example, a breaking change introduced in 2.21.0 appears in the list up to and including the 2.24.x releases. It would not appear on 2.25.x release notes.

Suffix no longer added to jobs created by Kubernetes Run Job stage

Spinnaker no longer automatically appends a unique suffix to the name of jobs created by the Kubernetes Run Job stage. Prior to this release, if you specified metadata.name: my-job, Spinnaker updates the name to my-job-[random-string] before deploying the job to Kubernetes. As of this release, the job’s name will be passed through to Kubernetes exactly as supplied.

To continue having a random suffix added to the job name, set the metadata.generateName field instead of metadata.name, which causes the Kubernetes API to append a random suffix to the name.

This change is particularly important for users who are using the preconfigured job stage for Kubernetes or are sharing job stages among different pipelines. In these cases, jobs often running concurrently, and it is important that each job have a unique name. In order to retain the previous behavior, manually update your Kubernetes job manifests to use the generateName field.

Previously, this behavior was opt-in.

Impact

As of Armory 2.22, this behavior is the default. Users can still opt out of the new behavior by setting kubernetes.jobs.append-suffix: true in clouddriver-local.yml. This causes Spinnaker to continue to append a suffix to the name of jobs as in prior releases.

The ability to opt out of the new behavior will be removed in Armory 2.23 (OSS 1.23). The above setting will have no effect, and Spinnaker will no longer append a suffix to job names. We recommended that 2.22 users note which jobs are using the old behavior and prepare to remove the setting before upgrading to Armory 2.23 in the future.

Introduced in: Armory 2.22

Zombie Executions

Starting in Spinnaker 2.23.0, ManifestForceCacheRefreshTask was removed, as Kubernetes manifest related stages now do live lookups. While upgrading to Spinnaker 2.23.0 or later, if there is a running pipeline that contains a Kubernetes manifest related stage, it becomes a zombie execution. This causes Orca, Spinnaker’s orchestration service, to fail to complete any Kubernetes manifest related stage in that pipeline.

Workarounds:

To resolve the issue, cancel any zombie executions. For information about how to cancel them, see the Orca Zombie Execution runbook.

Affected versions: 2.23.0 and later

ManifestForceCacheRefreshTask removed from Orca

When you upgrade to 2.23.0 or later, you might encounter the following error:

2021-01-29 23:57:19.691 ERROR 1 --- [    scheduler-2] c.netflix.spinnaker.q.redis.RedisQueue   : Failed to read message 8f072714f1df6dbf3af93a4f4fe4cae2, requeuing...
com.fasterxml.jackson.databind.JsonMappingException: No task found for 'com.netflix.spinnaker.orca.clouddriver.tasks.manifest.ManifestForceCacheRefreshTask' (through reference chain: com.netflix.spinnaker.orca.q.RunTask["taskType"])

The ManifestForceCacheRefreshTask task is no longer a required task when deploying a manifest. In earlier releases, forcing the cache to refresh was part of the deployment process for manifests. Because of this change, if a task was running or retried before the upgrade, the error shows up in logs as an exception.

Workaround

Before starting, make sure that you have access to the Redis instance that Orca uses.

To resolve this issue, delete the message from the queue:

  1. Verify that there are pipeline execution failure messages that contain ManifestForceCacheRefreshTask:

    Redis

    hgetall orca.task.queue.messages

    The command returns information similar to the following:

    1) "93ac65e03399a4cfd3678e1355936ab2"
2) "{\"kind\":\"runTask\",\"executionType\":\"PIPELINE\",\"executionId\":\"01EVFCCDG3Q2209E0Z1QTNC0FS\",   \"application\":\"armoryhellodeploy\",\"stageId\":\"01EVFCCDG3TJ7AFPYEJT1N8RDJ\",\"taskId\":\"5\",\"taskType\":\"com.netflix.spinnaker.   orca.clouddriver.tasks.manifest.ManifestForceCacheRefreshTask\",\"attributes\":[{\"kind\":\"attempts\",\"attempts\":1}],   \"ackTimeoutMs\":600000}"

  2. Delete the message(s):

    Redis

    hdel orca.task.queue.messages

    The command returns information similar to the following:

    93ac65e03399a4cfd3678e1355936ab2
(integer) 1

Known issues

Bake failures

The Packer version included with Rosco disregards package overrides that use the -var-file= option. This may cause bakes to fail.

Affected versions: 2.22.2 and later

Lambda UI issue

There is a UI bug related to the caching agent that prevents Lambda functions from being displayed in the UI when there are no other clusters associated with the Application. In other words, in order for the function to show up in “Functions” tab, there needs to be a cluster (such as an AWS ASG/EC2 instance) deployed for that application.

Affected versions: 2.23.0 (1.23.0) - 2.26.2 Fixed version: 2.26.3

pipelineID for Pipelines-as-Code

There is a known issue where the pipelineID function does not work the first time, which causes pipelines to not be updated. Subsequent changes to the dinghyfile update the pipelines correctly.

Affected versions: 2.21.1 - 2.26.0 Fixed version: 2.26.1

Highlighted updates

Fixed a dependency issue that caused an Oauth2 error in Gate on startup.

Addressed the Github Deprecated Teams API Endpoint issue per the notice: https://github.blog/changelog/2022-02-22-sunset-notice-deprecated-teams-api-endpoints/.

Spinnaker Community Contributions

There have also been numerous enhancements, fixes, and features across all of Spinnaker’s other services. See the Spinnaker v1.25.8 changelog for details.

Detailed updates

Bill Of Materials (BOM)

Here’s the BOM for this version.

Expand
artifactSources:
  dockerRegistry: docker.io/armory
dependencies:
  redis:
    commit: null
    version: 2:2.8.4-2
services:
  clouddriver:
    commit: 33b60a3d7d9e038b4cac59f256dfb1cdcd6dfc4c
    version: 2.25.7
  deck:
    commit: 509a6a3d0dc87754ce53a4e7072f5101f5f90fbd
    version: 2.25.7
  dinghy:
    commit: 8e48f434fbf9b4830d4b27f89efa6b57b39372ea
    version: 2.25.6
  echo:
    commit: d7f37af9b470ad5795426dd9b912d4a337aa78b7
    version: 2.25.5
  fiat:
    commit: 56c9f6e90c9dc2181208f76576b2a20b6a5aa38a
    version: 2.25.6
  front50:
    commit: 40cfa8aea76490f18dc326f814f5b56261e4f11b
    version: 2.25.5
  gate:
    commit: b32a01cffb0ba3cd70ab1baa2b01d1bd933e3b17
    version: 2.25.8
  igor:
    commit: 39200c329fa711f0964d2e19ddfe642e9ad55ec4
    version: 2.25.5
  kayenta:
    commit: 7e874ca312c441e4c1f8c2dc3e721698f801669c
    version: 2.25.5
  monitoring-daemon:
    commit: null
    version: 2.26.0
  monitoring-third-party:
    commit: null
    version: 2.26.0
  orca:
    commit: b9608b22be7fc7aa05e3f178115cb1f6d34d26b8
    version: 2.25.4
  rosco:
    commit: ce0b6657e8658ba8f3d760ae1a791ffbd3f8425a
    version: 2.25.9
  terraformer:
    commit: 6b396cc9c51c396231d75f2f28899dd3ec8c6844
    version: 2.25.10
timestamp: "2022-04-04 17:24:09"
version: 2.25.2

Armory

Armory Front50 - 2.25.1…2.25.2

  • chore(build): update mergify config (#351) (#354)
  • chore(cd): update armory-commons version to 3.8.8 (#362)
  • chore(action): auto approve astrolabe pr (#370) (#390)

Armory Deck - 2.25.1…2.25.2

  • fix(build): update sync script to legacy location (#1185)
  • chore(action): upgrade node version (backport #1188) (#1191)
  • chore(cd): update base deck version to 2021.0.0-20211115212635.release-1.25.x (#1194)

Armory Fiat - 2.25.1…2.25.2

  • chore(build): update mergify config (backport #293) (#296)
  • chore(cd): update base service version to fiat:2022.03.03.09.24.29.release-1.25.x (#311)
  • chore(cd): update base service version to fiat:2022.03.07.20.32.07.release-1.25.x (#317)
  • chore(action): auto approve astrolabe prs (#318) (#323)
  • chore(cd): update armory-commons version to 3.8.8 (#303)

Armory Gate - 2.25.1…2.25.2

  • chore(cd): update base service version to gate:2022.01.19.09.10.38.release-1.25.x (#379)
  • chore(cd): update base service version to gate:2022.01.19.09.10.38.release-1.25.x (#369)
  • chore(cd): update base service version to gate:2022.01.19.09.10.38.release-1.25.x (#368)
  • chore(build): update mergify config (backport #373) (#376)
  • chore(cd): update base service version to gate:2022.02.03.20.15.33.release-1.25.x (#381)
  • chore(action): auto approve astrolabe pr (#398) (#402)
  • chore(cd): update armory-commons version to 3.8.8 (#392)

Armory Igor - 2.25.1…2.25.2

  • chore(build): update mergify config (#283) (#286)
  • chore(action): auto approve astrolabe pr (#299) (#304)
  • chore(cd): update armory-commons version to 3.8.8 (#293)

Armory Clouddriver - 2.25.1…2.25.2

  • chore(cd): update base service version to clouddriver:2021.12.30.00.36.29.release-1.25.x (#515)
  • chore(cd): update base service version to clouddriver:2022.02.18.21.12.33.release-1.25.x (#543)
  • chore(cd): update base service version to clouddriver:2022.02.23.23.16.21.release-1.25.x (#548)
  • chore(action): auto approve prs with extensionDependencyUpdate label (#558) (#568)
  • chore(cd): update armory-commons version to 3.8.8 (#551)
  • fix(imdsv2): Support newer aws-iam-authenticator (#581)
  • chore(build): update mergify config (#529)
  • chore(cd): update base service version to clouddriver:2022.02.24.16.32.48.release-1.25.x (#599)

Armory Orca - 2.25.1…2.25.2

  • [create-pull-request] automated change (#402)
  • chore(build): update mergify config (backport #408) (#411)
  • chore(action): auto approve astrolabe pr (#431) (#437)
  • chore(cd): update armory-commons version to 3.8.8 (#425)

Armory Kayenta - 2.25.1…2.25.2

  • chore(build): update mergify config (backport #297) (#300)
  • chore(cd): update armory-commons version to 3.8.8 (#306)

Armory Rosco - 2.25.1…2.25.2

  • chore(docker): update rosco baking utilities to match OSS (backport #253) (#256)
  • fix(timezone): set timezone for tzdata (backport #259) (#260)
  • fix(test): increase timeout for AMI bake int test (backport #350) (#354)
  • chore(action): auto approve extensionDependency pr (backport #369) (#379)
  • chore(gha): re-enable integration tests (#287) (#290)
  • chore(cd): update armory-commons version to 3.8.8 (#360)
  • fix(build): remove redhat publishing (backport #301) (#353)
  • fix(inttest): fixing vpc and subnets because recreation (backport #230) (#279)
  • chore(build): update mergify config (#343) (#386)

Dinghy™ - 2.25.1…2.25.2

  • chore(build): update mergify config (#457) (#460)

Armory Echo - 2.25.1…2.25.2

  • chore(build): update mergify config (#406) (#409)
  • chore(action): auto approve prs from astrolabe (#423) (#428)
  • chore(cd): update armory-commons version to 3.8.8 (#417)

Terraformer™ - 2.25.1…2.25.2

  • chore(build): update mergify config (backport #451) (#452)

Last modified March 3, 2023: (22c29bf4)