Move AGIC charts to MCR and update docs (#1646)

akshaysngupta · web-flow · commit 24c42050dae8 · 2024-09-16T15:41:35.000-07:00
* replicate script

* update docs

* some other fixes

* fix docs

* add note

* fix note

* add version notes

* bump versions
diff --git a/docs/developers/build.md b/docs/developers/build.md
@@ -126,22 +126,11 @@ To test your changes on a cluster, you can use the [`Dev Release`](https://dev.a
 `Dev Release` generates a new docker image and helm package for your changes. Once the pipeline completes, use helm to install the release on your AKS cluster.
 
 ```bash
-# add the staging helm repository
-helm repo add staging https://appgwingress.blob.core.windows.net/ingress-azure-helm-package-staging/
-helm repo update
-
-# list the available versions and pick the latest version
-helm search repo staging -l --devel
-NAME                    CHART VERSION   APP VERSION     DESCRIPTION                                       
-staging/ingress-azure   10486           10486           Use Azure Application Gateway as the ingress fo...
-staging/ingress-azure   10465           10465           Use Azure Application Gateway as the ingress fo...
-staging/ingress-azure   10256           10256           Use Azure Application Gateway as the ingress fo...
-
 # install/upgrade
 helm install ingress-azure \
       -f helm-config.yaml \
-      application-gateway-kubernetes-ingress/ingress-azure \
-      --version 10486
+      oci://mcr.microsoft.com/azure-application-gateway/charts/ingress-azure \
+      --version 1.7.5
 ```
 
 You can also find the `version` by opening your build in the `Merge Builds` pipeline and looking for the `buildid`. Use this version when installing on the cluster after the `Dev Release` completes.
diff --git a/docs/features/agic-reconcile.md b/docs/features/agic-reconcile.md
@@ -23,9 +23,9 @@ Configure from helm install command(first time install) and helm upgrade command
 
 ```bash
 # helm fresh install
-helm intall <releaseName> -f helm-config.yaml application-gateway-kubernetes-ingress/ingress-azure --version 1.2.0-rc3 --set reconcilePeriodSeconds=30 
+helm intall <releaseName> -f helm-config.yaml oci://mcr.microsoft.com/azure-application-gateway/charts/ingress-azure --version 1.7.5 --set reconcilePeriodSeconds=30 
 
 # help upgrade
 # --reuse-values, when upgrading, reuse the last release's values and merge in any overrides from the command line via --set and -f.
-helm upgrade <releaseName> application-gateway-kubernetes-ingress/ingress-azure --reuse-values --version 1.2.0-rc3 --set reconcilePeriodSeconds=30
+helm upgrade <releaseName> oci://mcr.microsoft.com/azure-application-gateway/charts/ingress-azure --reuse-values --version 1.7.5 --set reconcilePeriodSeconds=30
 ```
diff --git a/docs/features/appgw-ssl-certificate.md b/docs/features/appgw-ssl-certificate.md
@@ -14,7 +14,7 @@ Please use [Greenfield Deployment](https://github.com/Azure/application-gateway-
 To use the new feature, make sure the AGIC version is at least at 1.2.0-rc3
 
 ```bash
-helm install application-gateway-kubernetes-ingress/ingress-azure -f helm-config.yaml --version 1.2.0-rc3 --generate-name
+helm install oci://mcr.microsoft.com/azure-application-gateway/charts/ingress-azure -f helm-config.yaml --version 1.7.5 --generate-name
 ```
 
 ## Create a certificate and configure the certificate to AppGw
diff --git a/docs/features/multiple-namespaces.md b/docs/features/multiple-namespaces.md
@@ -32,7 +32,7 @@ To enable multiple namespace support:
    - delete the `watchNamespace` key entirely from [helm-config.yaml](../examples/sample-helm-config.yaml) - AGIC will observe all namespaces
    - set `watchNamespace` to an empty string - AGIC will observe all namespaces
    - add multiple namespaces separated by a comma (`watchNamespace: default,secondNamespace`) - AGIC will observe these namespaces exclusively
-2. apply  Helm template changes with: `helm install -f helm-config.yaml application-gateway-kubernetes-ingress/ingress-azure`
+2. apply  Helm template changes with: `helm install -f helm-config.yaml oci://mcr.microsoft.com/azure-application-gateway/charts/ingress-azure`
 
 Once deployed with the ability to observe multiple namespaces, AGIC will:
 
diff --git a/docs/helm-values-documenation.md b/docs/helm-values-documenation.md
@@ -6,7 +6,7 @@
 
 | Field | Default | Description |
 | - | - | - |
-| `verbosityLevel`| 3 | Sets the verbosity level of the AGIC logging infrastructure. See [Logging Levels](troubleshooting.md#logging-levels) for possible values. |
+| `verbosityLevel`| 3 | Sets the verbosity level of the AGIC logging infrastructure. See [Logging Levels](logging-levels.md) for possible values. |
 | `reconcilePeriodSeconds` | | Enable periodic reconciliation to checks if the latest gateway configuration is different from what it cached. Range: 30 - 300 seconds. Disabled by default. |
 | `appgw.applicationGatewayID` | | Resource Id of the Application Gateway. Example: `applicationgatewayd0f0` |
 | `appgw.subscriptionId` | Default is agent node pool's subscriptionId derived from CloudProvider config  | The Azure Subscription ID in which App Gateway resides. Example: `a123b234-a3b4-557d-b2df-a0bc12de1234` |
@@ -25,7 +25,7 @@
 | `kubernetes.affinity` | `{}` | Scheduling affinity |
 | `kubernetes.volumes.extraVolumes` | `{}` | Specify additional volumes for the AGIC pod. This can be useful when [running on a `readOnlyRootFilesystem`](#run-with-read-only-root-filesystem), as AGIC requires a writeable `/tmp` directory. |
 | `kubernetes.volumes.extraVolumeMounts` | `{}` | Specify additional volume mounts for the AGIC pod. This can be useful when [running on a `readOnlyRootFilesystem`](#run-with-read-only-root-filesystem), as AGIC requires a writeable `/tmp` directory. |
-| `kubernetes.ingressClass` | `azure/application-gateway` | Specify a [custom ingress class](features\custom-ingress-class.md) which will be used to match `kubernetes.io/ingress.class` in ingress manifest |
+| `kubernetes.ingressClass` | `azure/application-gateway` | Specify a [custom ingress class](features/custom-ingress-class.md) which will be used to match `kubernetes.io/ingress.class` in ingress manifest |
 | `rbac.enabled` | false | Specify true if kubernetes cluster is rbac enabled |
 | `armAuth.type` | | could be `aadPodIdentity` or `servicePrincipal` |
 | `armAuth.identityResourceID` | | Resource ID of the Azure Managed Identity |
diff --git a/docs/how-tos/continuous-deployment-pipeline.json b/docs/how-tos/continuous-deployment-pipeline.json
@@ -259,7 +259,7 @@
                                 "namespace": "agic",
                                 "command": "upgrade",
                                 "chartType": "Name",
-                                "chartName": "application-gateway-kubernetes-ingress/ingress-azure",
+                                "chartName": "oci://mcr.microsoft.com/azure-application-gateway/charts/ingress-azure",
                                 "chartPath": "",
                                 "version": "",
                                 "releaseName": "agic",
diff --git a/docs/how-tos/deploy-AGIC-with-Workload-Identity-using-helm.md b/docs/how-tos/deploy-AGIC-with-Workload-Identity-using-helm.md
@@ -8,14 +8,7 @@ This assumes you have an existing Application Gateway. If not, you can create it
 az network application-gateway create -g myResourceGroup -n myApplicationGateway --sku Standard_v2 --public-ip-address myPublicIP --vnet-name myVnet --subnet mySubnet --priority 100
 ```
 
-## 1. Add the AGIC Helm repository
-
-```bash
-helm repo add application-gateway-kubernetes-ingress https://appgwingress.blob.core.windows.net/ingress-azure-helm-package/
-helm repo update
-```
-
-## 2. Set environment variables
+## 1. Set environment variables
 
 ```bash
 export RESOURCE_GROUP="myResourceGroup"
@@ -24,65 +17,65 @@ export USER_ASSIGNED_IDENTITY_NAME="myIdentity"
 export FEDERATED_IDENTITY_CREDENTIAL_NAME="myFedIdentity"
 ```
 
-## 3. Create resource group, AKS cluster and identity
+## 2. Create resource group, AKS cluster and identity
 
 ```bash
 az group create --name "${RESOURCE_GROUP}"  --location eastus
 az aks create -g "${RESOURCE_GROUP}" -n myAKSCluster --node-count 1 --enable-oidc-issuer --enable-workload-identity 
 az identity create --name "${USER_ASSIGNED_IDENTITY_NAME}" --resource-group "${RESOURCE_GROUP}" 
 ```
 
-## 4. Export the oidcIssuerProfile.issuerUrl
+## 3. Export the oidcIssuerProfile.issuerUrl
 
 ```bash
 export AKS_OIDC_ISSUER="$(az aks show -n myAKSCluster -g "${RESOURCE_GROUP}" --query "oidcIssuerProfile.issuerUrl" -otsv)"
 ```
 
-## 5. Create federated identity credential
+## 4. Create federated identity credential
 
 **Note**: the name of the service account that gets created after the helm installation is “ingress-azure” and the following command assumes it will be deployed in “default” namespace. Please change the namespace name in the next command if you deploy the AGIC related Kubernetes resources in other namespace.
 
 ```bash
 az identity federated-credential create --name ${FEDERATED_IDENTITY_CREDENTIAL_NAME} --identity-name ${USER_ASSIGNED_IDENTITY_NAME} --resource-group ${RESOURCE_GROUP} --issuer ${AKS_OIDC_ISSUER} --subject system:serviceaccount:default:ingress-azure
 ```
 
-## 6. Obtain the ClientID of the identity created before that is needed for the next step
+## 5. Obtain the ClientID of the identity created before that is needed for the next step
 
 ```bash
 az identity show --resource-group "${RESOURCE_GROUP}" --name "${USER_ASSIGNED_IDENTITY_NAME}" --query 'clientId' -otsv
 ```
 
-## 7. Export the Application Gateway resource ID
+## 6. Export the Application Gateway resource ID
 
 ```bash
 export APP_GW_ID="$(az network application-gateway show --name "${APPLICATION_GATEWAY_NAME}"  --resource-group "${RESOURCE_GROUP}"  --query 'id' --output tsv)"
 ```
 
-## 8. Add Contributor role for the identity over the Application Gateway
+## 7. Add Contributor role for the identity over the Application Gateway
 
 ```bash
 az role assignment create --assignee <identityClientID> --scope "${APP_GW_ID}" --role Contributor
 ```
 
-## 9. In helm-config.yaml specify
+## 8. In helm-config.yaml specify
 
 ```yaml
 armAuth:
     type: workloadIdentity
     identityClientID: <identityClientID>
 ```
 
-## 10.Get the AKS cluster credentials
+## 9. Get the AKS cluster credentials
 
 ```bash
 az aks get-credentials -g "${RESOURCE_GROUP}" -n myAKSCluster
 ```
 
-## 11. Install the helm chart
+## 10. Install the helm chart
 
 ```bash
 helm install ingress-azure \
   -f helm-config.yaml \
-  application-gateway-kubernetes-ingress/ingress-azure \
-  --version 1.7.1
+  oci://mcr.microsoft.com/azure-application-gateway/charts/ingress-azure \
+  --version 1.7.5
 ```
diff --git a/docs/how-tos/helm-upgrade.md b/docs/how-tos/helm-upgrade.md
@@ -3,49 +3,10 @@
 > **_NOTE:_** [Application Gateway for Containers](https://aka.ms/agc) has been released, which introduces numerous performance, resilience, and feature changes. Please consider leveraging Application Gateway for Containers for your next deployment.
 
 The Azure Application Gateway Ingress Controller for Kubernetes (AGIC) can be upgraded
-using a Helm repository hosted on Azure Storage.
-
-Before we begin the upgrade procedure, ensure that you have added the required repository:
-
-- View your currently added Helm repositories with:
-
-    ```bash
-    helm repo list
-    ```
-
-- Add the AGIC repo with:
-
-    ```bash
-    helm repo add \
-        application-gateway-kubernetes-ingress \
-        https://appgwingress.blob.core.windows.net/ingress-azure-helm-package/
-    ```
+using a Helm repository hosted on MCR.
 
 ## Upgrade
 
-1. Refresh the AGIC Helm repository to get the latest release:
-
-    ```bash
-    helm repo update
-    ```
-
-1. View available versions of the `application-gateway-kubernetes-ingress` chart:
-
-    ``` bash
-    helm search repo -l application-gateway-kubernetes-ingress
-    ```
-
-    Sample response:
-
-    ```bash
-    NAME                                                    CHART VERSION   APP VERSION     DESCRIPTION
-    application-gateway-kubernetes-ingress/ingress-azure    1.0.0           1.0.0           Use Azure Application Gateway as the ingress for an Azure...
-    application-gateway-kubernetes-ingress/ingress-azure    0.7.0-rc1       0.7.0-rc1       Use Azure Application Gateway as the ingress for an Azure...
-    application-gateway-kubernetes-ingress/ingress-azure    0.6.0           0.6.0           Use Azure Application Gateway as the ingress for an Azure...
-    ```
-
-    Latest available version from the list above is: `0.7.0-rc1`
-
 1. View the Helm charts currently installed:
 
     ```bash
@@ -67,8 +28,8 @@ Before we begin the upgrade procedure, ensure that you have added the required r
     ```bash
     helm upgrade \
         odd-billygoat \
-        application-gateway-kubernetes-ingress/ingress-azure \
-        --version 1.0.0
+        oci://mcr.microsoft.com/azure-application-gateway/charts/ingress-azure \
+        --version 1.7.5
     ```
 
 ## Rollback
diff --git a/docs/how-tos/prevent-agic-from-overwriting.md b/docs/how-tos/prevent-agic-from-overwriting.md
@@ -71,7 +71,7 @@ Apply the Helm changes:
       helm upgrade \
           --recreate-pods \
           -f helm-config.yaml \
-          ingress-azure application-gateway-kubernetes-ingress/ingress-azure
+          ingress-azure oci://mcr.microsoft.com/azure-application-gateway/charts/ingress-azure
       ```
 
 As a result your AKS will have a new instance of `AzureIngressProhibitedTarget` called `prohibit-all-targets`:
diff --git a/docs/setup/install.md b/docs/setup/install.md
@@ -2,6 +2,9 @@
 
 > [Application Gateway for Containers](https://aka.ms/agc) has been released, which introduces numerous performance, resilience, and feature changes. Please consider leveraging Application Gateway for Containers for your next deployment.
 
+> AGIC charts have been moved to MCR. Use oci://mcr.microsoft.com/azure-application-gateway/charts/ingress-azure as the target repository.
+  AGIC versions >= 1.5.0 excluding release candidates are now available.
+
 You need to complete the following tasks prior to deploying AGIC on your cluster:
 
 1. Prepare your Azure subscription and your `az-cli` client.
@@ -52,7 +55,7 @@ You need to complete the following tasks prior to deploying AGIC on your cluster
 
 3. Install Helm
 
-    [Helm](https://github.com/helm/helm) is an open-source packaging tool that is used to install ALB controller.
+    [Helm](https://github.com/helm/helm) is an open-source packaging tool that is used to install AGIC.
 
     > Helm is already available in Azure Cloud Shell.  If you are using Azure Cloud Shell, no additional Helm installation is necessary.
 
@@ -145,7 +148,7 @@ If using an existing Application Gateway, make sure the following:
 
     echo "Set up federation with AKS OIDC issuer"
     AKS_OIDC_ISSUER="$(az aks show -n "$AKS_NAME" -g "$RESOURCE_GROUP" --query "oidcIssuerProfile.issuerUrl" -o tsv)"
-    az identity federated-credential create --name "azure-alb-identity" \
+    az identity federated-credential create --name "agic" \
         --identity-name "$IDENTITY_RESOURCE_NAME" \
         --resource-group $RESOURCE_GROUP \
         --issuer "$AKS_OIDC_ISSUER" \
@@ -163,14 +166,7 @@ If using an existing Application Gateway, make sure the following:
 
    > Assignment of the managed identity immediately after creation may result in an error that the principalId does not exist. Allow about a minute of time to elapse for the identity to replicate in Microsoft Entra ID prior to delegating the identity.
 
-1. Add the AGIC Helm repository:
-
-    ```bash
-    helm repo add application-gateway-kubernetes-ingress https://appgwingress.blob.core.windows.net/ingress-azure-helm-package/
-    helm repo update
-    ```
-
-1. Install ALB Controller using Helm
+1. Install AGIC using Helm
 
 ### For new deployments
 
@@ -181,7 +177,7 @@ AGIC can be installed by running the following commands:
 
   # on aks cluster with only linux node pools
   helm install ingress-azure \
-    application-gateway-kubernetes-ingress/ingress-azure \
+    oci://mcr.microsoft.com/azure-application-gateway/charts/ingress-azure \
     --set appgw.applicationGatewayID=$APPGW_ID \
     --set armAuth.type=workloadIdentity \
     --set armAuth.identityClientID=$IDENTITY_CLIENT_ID \
@@ -190,7 +186,7 @@ AGIC can be installed by running the following commands:
   
   # on aks cluster with windows node pools
   helm install ingress-azure \
-    application-gateway-kubernetes-ingress/ingress-azure \
+    oci://mcr.microsoft.com/azure-application-gateway/charts/ingress-azure \
     --set appgw.applicationGatewayID=$APPGW_ID \
     --set armAuth.type=workloadIdentity \
     --set armAuth.identityClientID=$IDENTITY_CLIENT_ID \
@@ -208,7 +204,7 @@ AGIC can be upgraded by running the following commands:
 
   # on aks cluster with only linux node pools
   helm upgrade ingress-azure \
-    application-gateway-kubernetes-ingress/ingress-azure \
+    oci://mcr.microsoft.com/azure-application-gateway/charts/ingress-azure \
     --set appgw.applicationGatewayID=$APPGW_ID \
     --set armAuth.type=workloadIdentity \
     --set armAuth.identityClientID=$IDENTITY_CLIENT_ID \
@@ -217,7 +213,7 @@ AGIC can be upgraded by running the following commands:
   
   # on aks cluster with windows node pools
   helm upgrade ingress-azure \
-    application-gateway-kubernetes-ingress/ingress-azure \
+    oci://mcr.microsoft.com/azure-application-gateway/charts/ingress-azure \
     --set appgw.applicationGatewayID=$APPGW_ID \
     --set armAuth.type=workloadIdentity \
     --set armAuth.identityClientID=$IDENTITY_CLIENT_ID \
diff --git a/docs/troubleshootings/troubleshooting-agic-fails-with-aad-pod-identity-breakingchange.md b/docs/troubleshootings/troubleshooting-agic-fails-with-aad-pod-identity-breakingchange.md
@@ -50,9 +50,9 @@ Updated AGIC Helm templates to use the right fields regarding AAD Pod Identity,
 
 ### Resolving the issue
 
-It's recommended you upgrade your AGIC to release 1.2.0 and then apply AAD Pod Identity version >= 1.6.0
+It's recommended you upgrade your AGIC to release >= 1.2.0 and then apply AAD Pod Identity version >= 1.6.0
 
-#### Upgrade AGIC to 1.2.0
+#### Upgrade AGIC to >= 1.2.0
 
 AGIC version [v1.2.0](https://github.com/Azure/application-gateway-kubernetes-ingress/releases/tag/1.2.0) will be required.
 
@@ -65,15 +65,15 @@ helm repo update
 # check the latest relese version of AGIC
 helm search repo -l application-gateway-kubernetes-ingress
 
-# install release 1.2.0
+# install release 1.7.5
 helm upgrade \
   <release-name> \
-  application-gateway-kubernetes-ingress/ingress-azure
-  --version 1.2.0
+  oci://mcr.microsoft.com/azure-application-gateway/charts/ingress-azure
+  --version 1.7.5
   --reuse-values
 ```
 
-***Note:**_ If you're upgrading from v1.0.0 or below, you'll have to delete AGIC and then reinstall with v1.2.0.
+***Note:**_ If you're upgrading from v1.0.0 or below, you'll have to delete AGIC and then reinstall with v1.7.5.
 
 #### Install the right version of AAD Pod Identity
 
diff --git a/helm/index.md b/helm/index.md
diff --git a/mkdocs.yml b/mkdocs.yml
diff --git a/scripts/replicate-chart.sh b/scripts/replicate-chart.sh
