Add Updates to Release Procedures (#1716)

* add updates to release notes

developer-docs/upgrading_kubernetes.md

@@ -2,20 +2,22 @@
 
 From time to time we need to update the version of Kubernetes used by RKE2. This document serves as a how-to for that process. The following steps are laid out in order.
 
-##  Kube-proxy
+## Hardened Kubernetes
 
-### Container Image
+The Hardened Kubernetes build process for RKE2 was once part of the RKE2 build process itself. It's been since split out and exists on its own in the [image-build-kubernetes](https://github.com/rancher/image-build-kubernetes) repository. Follow the steps below to create a new Hardened Kubernetes build.
 
-Create a new release tag at the [image-build-kube-proxy](https://github.com/rancher/image-build-kube-proxy) repo.
+Create a new release tag at the [image-build-kubernetes](https://github.com/rancher/image-build-kubernetes) repo.
 
 * Click "Releases"
 * Click "Draft a new release"
-* Enter the new release version (the new k8s version), appended with `-buildYYYYMMdd`, into the "Tag version" box
+* Enter the new release version (the RKE2 Kubernetes version), appended with `-buildYYYYMMdd`, into the "Tag version" box.  **NOTE** The build system is in UTC.
+    When converting the RKE2 version to the Kubernetes version, use dash instead of plus, and do not include any alpha/beta/rc components. For example, if preparing for RKE2 `v1.21.4-rc1+rke2r1` before 5 PM Pacific on Friday, August 27th 2021 you would tag `v1.21.4-rke2r1-build20210827`
 * Check box, "This is a pre-release".
 * Click the "Publish release" button. 
 
 This will take a few minutes for CI to run but upon completion, a new image will be available in [Dockerhub](https://hub.docker.com/r/rancher/hardened-kubernetes).
 
+
 ### Helm Chart
 
 RKE2 depends on it's [Helm Charts](https://github.com/rancher/rke2-charts) being up-to-date with the expected versions for the Kubernetes components. The build process downloads these charts and bundles them into the runtime image.
@@ -26,9 +28,9 @@ Create a PR in [rke2-charts](https://github.com/rancher/rke2-charts) that update
 
 The following files have references that will need to be updated in the respective locations. Replace the found version with the desired version. There are also references in documentation that should be updated and kept in sync. 
 
-* Dockerfile: `RUN CHART_VERSION="v1.21.0-build2021041301"     CHART_FILE=/charts/rke2-kube-proxy.yaml`
-* Dockerfile: `FROM rancher/k3s:v1.21.0-k3s1 AS k3s`
-* version.sh: `KUBERNETES_VERSION=${KUBERNETES_VERSION:-v1.21.0}`
+* Dockerfile: `RUN CHART_VERSION="v1.21.4-build2021041301"     CHART_FILE=/charts/rke2-kube-proxy.yaml`
+* Dockerfile: `FROM rancher/k3s:v1.21.4-k3s1 AS k3s`
+* version.sh: `KUBERNETES_VERSION=${KUBERNETES_VERSION:-v1.21.4}`
 
 Once these changes are made, submit a PR for review and let CI complete. When CI is finished and 2 approvals are had, merge the PR. CI will run for the master merge. 
 
@@ -39,7 +41,8 @@ Next, we need to create a release candidate (RC).
 * Click "Releases"
 * Click "Draft new release"
 * Enter the desired version into the "Tag version" box. 
-    * Example tag: `v1.21.0-rc1+rke2r1`
+    * Example tag: `v1.21.4-rc1+rke2r1`
+    * **NOTE** Make sure to create the tag against the correct release branch. In the example above, that would map to release branch `release-1.21`.
 
 CI will run and build the release assets as well as kick off an image build for [RKE2 Upgrade images](https://hub.docker.com/r/rancher/rke2-upgrade/tags?page=1&ordering=last_updated).
 
@@ -52,7 +55,7 @@ Along with creating a new RKE2 release, we need to trigger a new build of the as
 * Click "Releases"
 * Click "Draft new release"
 * Enter the desired version into the "Tag version" box. 
-    * Example tag: `v1.21.0-rc1+rke2r1.testing.0`
+    * Example tag: `v1.21.4-rc1+rke2r1.testing.0`
     * The first part of the tag here must match the tag created in the RKE2 repo.
 
 When CI completes, let QA know so they can perform testing.
@@ -64,7 +67,7 @@ Once QA signs off on the RC, it's time to cut the primary release. Go to the [rk
 * Click "Releases"
 * Click "Draft new release"
 * Enter the desired version into the "Tag version" box. 
-    * Example tag: `v1.21.0+rke2r1`
+    * Example tag: `v1.21.4+rke2r1`
 
 Leave the release as "prerelease". This will be unchecked as soon as CI completes successfully.
 
@@ -73,12 +76,12 @@ Once complete, the process is repeated in the [rke2-packaging](https://github.co
 * Click "Releases"
 * Click "Draft new release"
 * Enter the desired version into the "Tag version" box. 
-    * Example tag: `v1.21.0+rke2r1.testing.0`
+    * Example tag: `v1.21.4+rke2r1.testing.0`
     * The first part of the tag here must match the tag created in the RKE2 repo.
 
 Make sure that CI passes. This is for RPM availability in the testing channel.
 
-Once complete, perform the steps above again however this time, use the tag "latest" tag. E.g. `v1.21.0+rke2r1.latest.0`.
+Once complete, perform the steps above again however this time, use the tag "latest" tag. E.g. `v1.21.4+rke2r1.latest.0`.
 
 We choose "latest" here since we want to wait at least 24 hours in case the community finds an issue. Patches will need at least 24 hours. We'll then wait up to 7 days until marking the release as "stable".
 
@@ -86,7 +89,7 @@ We choose "latest" here since we want to wait at least 24 hours in case the comm
 
 After all of the builds are complete and QA has signed off on the release, we need to update the channel server. This is done by editing the `channels.yaml` file at the root of the [rke2](https://github.com/rancher/rke2) repository.
 
-* Update the line: `latest: <release>` to be the recent release. e.g. `v1.21.0+rke2r1`.
+* Update the line: `latest: <release>` to be the recent release. e.g. `v1.21.4+rke2r1`.
 * Verify updated in the JSON output from a call [here](https://update.rke2.io/).
 
 ## Update Rancher KDM
@@ -100,4 +103,4 @@ This step is specific to Rancher and serves to update Rancher's [Kontainer Drive
 
 ### Promoting to Stable
 
-After 24 hours, we'll promote the release to stable by updating the channel server's config as we did at above, however this time changing "latest" to "stable". We need to do the same thing for RPM's too. This involves the same steps for RPM releases but changing "latest" to "stable" in the release name. E.g. `v1.21.0+rke2r1.stable.0`.
+After 24 hours, we'll promote the release to stable by updating the channel server's config as we did at above, however this time changing "latest" to "stable". We need to do the same thing for RPM's too. This involves the same steps for RPM releases but changing "latest" to "stable" in the release name. E.g. `v1.21.4+rke2r1.stable.0`.