address comments

config/Makefile

@@ -15,7 +15,7 @@ detect-change: materialize
 		echo "Please review the diffs below:\n\n"; \
 		echo "$$diff_output"; \
 		echo "\n\n===================================================="; \
-		echo "\n\nOnce you reviewed the changes and consider them meaningful, commit them by running "make -C config/ materialize" and commit your changes."; \
+		echo "\n\nOnce you reviewed the changes and consider them meaningful, update them by running "make -C config/ materialize" and commit your changes."; \
 		echo "\n\n===================================================="; \
 		exit 1; \
 	else \

config/config.msft.yaml

@@ -30,11 +30,10 @@ defaults:
       kvName: arohcp-etcd-{{ .ctx.regionShort }}
       kvSoftDelete: true
     istio:
-      url: "https://github.com/istio/istio/releases/download"
-      istioctlVersion: "1.23.1"
+      istioctlVersion: "1.24.1"
       tag: "prod-stable"
-      targetVersion: ""
-      version: "asm-1-22"
+      targetVersion: "asm-1-23"
+      versions: ["asm-1-22", "asm-1-23"]
 
   # MGMT cluster specifics
   mgmt:

config/config.schema.json

@@ -665,10 +665,6 @@
           "istio": {
             "type": "object",
             "properties": {
-              "url": {
-                "description": "The download Url for istioctl",
-                "type": "string"
-              },
               "istioctlVersion": {
                 "description": "Latest version of istioctl. This is used to download the istioctl",
                 "type": "string"
@@ -677,9 +673,9 @@
                 "description": "The revision tag used in istioctl",
                 "type": "string"
               },
-              "version": {
+              "versions": {
                 "description": "The current istio version in the AKS cluster",
-                "type": "string"
+                "type": "array"
               },
               "targetVersion": {
                 "description": "The target istio version that will be updated to",

config/config.yaml

@@ -28,11 +28,10 @@ defaults:
       kvName: arohcp-etcd-{{ .ctx.regionShort }}
       kvSoftDelete: true
     istio:
-      url: "https://github.com/istio/istio/releases/download"
       istioctlVersion: "1.23.1"
       tag: "prod-stable"
       targetVersion: ""
-      version: "asm-1-22"
+      versions: ["asm-1-22"]
 
   # MGMT cluster specifics
   mgmt:

config/public-cloud-cs-pr.json

@@ -161,8 +161,11 @@
       "istioctlVersion": "1.23.1",
       "tag": "prod-stable",
       "targetVersion": "",
-      "url": "https://istio.io/downloadIstio",
-      "version": "asm-1-22"
+      "url": "https://github.com/istio/istio/releases/download",
+      "version": "asm-1-22",
+      "versions": [
+        "asm-1-22"
+      ]
     },
     "rg": "hcp-underlay-cspr-svc",
     "subscription": "ARO Hosted Control Planes (EA Subscription 1)",

config/public-cloud-dev.json

@@ -161,8 +161,11 @@
       "istioctlVersion": "1.23.1",
       "tag": "prod-stable",
       "targetVersion": "",
-      "url": "https://istio.io/downloadIstio",
-      "version": "asm-1-22"
+      "url": "https://github.com/istio/istio/releases/download",
+      "version": "asm-1-22",
+      "versions": [
+        "asm-1-22"
+      ]
     },
     "rg": "hcp-underlay-dev-svc",
     "subscription": "ARO Hosted Control Planes (EA Subscription 1)",

config/public-cloud-msft-int.json

@@ -160,8 +160,10 @@
       "istioctlVersion": "1.24.1",
       "tag": "prod-stable",
       "targetVersion": "asm-1-23",
-      "url": "https://istio.io/downloadIstio",
-      "version": "asm-1-22"
+      "versions": [
+        "asm-1-22",
+        "asm-1-23"
+      ]
     },
     "rg": "hcp-underlay-westus3-svc",
     "subscription": "hcp-westus3",

config/public-cloud-personal-dev.json

@@ -161,8 +161,11 @@
       "istioctlVersion": "1.23.1",
       "tag": "prod-stable",
       "targetVersion": "",
-      "url": "https://istio.io/downloadIstio",
-      "version": "asm-1-22"
+      "url": "https://github.com/istio/istio/releases/download",
+      "version": "asm-1-22",
+      "versions": [
+        "asm-1-22"
+      ]
     },
     "rg": "hcp-underlay-usw3tst-svc",
     "subscription": "ARO Hosted Control Planes (EA Subscription 1)",

dev-infrastructure/configurations/svc-cluster.tmpl.bicepparam

@@ -1,7 +1,7 @@
 using '../templates/svc-cluster.bicep'
 
 param kubernetesVersion = '{{ .kubernetesVersion }}'
-param istioVersion = ['{{ .svc.istio.version }}', '{{ .svc.istio.targetVersion }}']
+param istioVersion = ['{{ .svc.istio.version }}']
 param vnetAddressPrefix = '{{ .vnetAddressPrefix }}'
 param subnetPrefix = '{{ .subnetPrefix }}'
 param podSubnetPrefix = '{{ .podSubnetPrefix }}'

dev-infrastructure/scripts/istio.sh

@@ -29,8 +29,8 @@ case "${LOCAL_ARCH}" in
 esac
 
 
-ISTIO_URL="${ISTIOCTL_URL}/${ISTIOCTL_VERSION}/istio-${ISTIOCTL_VERSION}-${OSEXT}-${ISTIO_ARCH}.tar.gz"
-SHA256_URL="${ISTIOCTL_URL}/${ISTIOCTL_VERSION}/istio-${ISTIOCTL_VERSION}-${OSEXT}-${ISTIO_ARCH}.tar.gz.sha256"
+ISTIO_URL="https://github.com/istio/istio/releases/download/${ISTIOCTL_VERSION}/istio-${ISTIOCTL_VERSION}-${OSEXT}-${ISTIO_ARCH}.tar.gz"
+SHA256_URL="https://github.com/istio/istio/releases/download/${ISTIOCTL_VERSION}/istio-${ISTIOCTL_VERSION}-${OSEXT}-${ISTIO_ARCH}.tar.gz.sha256"
 # Download the Istioctl binary
 wget -q "$ISTIO_URL" -O istio-"${ISTIOCTL_VERSION}"-${OSEXT}-${ISTIO_ARCH}.tar.gz
 
@@ -58,12 +58,12 @@ echo "==========================================================================
 #
 
 ISTIO_NAMESPACE="aks-istio-system"
-CURRENT_TAG_REVISION=$(istioctl tag list --istioNamespace ${ISTIO_NAMESPACE} -o json | jq --arg tag ${TAG} '.[] | select(.tag == $tag).revision' -r)
+CURRENT_TAG_REVISION=$(istioctl tag list --istioNamespace "${ISTIO_NAMESPACE}" -o json | jq --arg tag "${TAG}" '.[] | select(.tag == $tag).revision' -r)
 
 echo "********** Ensure tag ${TAG} exists **************"
 if [ -z "$CURRENT_TAG_REVISION" ]; then
     echo "Tag ${TAG} does not exist yet. Creating it with version ${CURRENT_VERSION}"
-    istioctl tag set ${TAG} --revision ${CURRENT_VERSION} --istioNamespace ${ISTIO_NAMESPACE}
+    istioctl tag set "${TAG}" --revision "${CURRENT_VERSION}" --istioNamespace "${ISTIO_NAMESPACE}"
 else
     echo "Tag ${TAG} already exists and refers to version ${CURRENT_TAG_REVISION}"
 fi
@@ -73,37 +73,35 @@ echo "********** ISTIO Upgrade **************"
 # To upgrade or rollback, change the targetVersion to the desire version, and version to the current version.
 if [[ -z "$TARGET_VERSION" ]]; then
     echo "Istio is using Target Version. Exiting script."
-    exit 0
+    exit 1
 fi
 
 NEWVERSION="$TARGET_VERSION"
 echo "********** Istio Upgrade Started with version ${NEWVERSION} **************"
 
 istioctl tag set "$TAG" --revision "${NEWVERSION}" --istioNamespace ${ISTIO_NAMESPACE} --overwrite
-# Get the namespaces with the label istio.io/rev=$TAG
-namespaces=$(kubectl get namespaces --selector=istio.io/rev="$TAG" -o jsonpath='{.items[*].metadata.name}' | xargs -n1 echo)
 
-for ns in $namespaces; do
-    pods=$(kubectl get pods -n "$ns" -o jsonpath='{.items[*].metadata.name}'| xargs -n1 echo)
-    for pod_name in $pods; do
-        istio_version=$(kubectl get pod "$pod_name" -n "$ns" -o jsonpath='{.metadata.annotations.sidecar\.istio\.io/status}' | grep -oP '(?<="revision":")[^"]*')
+# Get the namespaces with the label istio.io/rev=$TAG
+for namespace in $( kubectl get namespaces --selector=istio.io/rev="$TAG" -o jsonpath='{.items[*].metadata.name}' ); do
+    for pod in $( kubectl get pods -n "$namespace" -o jsonpath='{.items[*].metadata.name}' ); do
+        istio_version=$(kubectl get pod "$pod" -n "$namespace" -o jsonpath='{.metadata.annotations.sidecar\.istio\.io/status}' | grep -oP '(?<="revision":")[^"]*')
         if [[ "$istio_version" != "$NEWVERSION" ]]; then
-            owner_kind=$(kubectl get pod "$pod_name" -n "$ns" -o jsonpath='{.metadata.ownerReferences[0].kind}')
-            owner_name=$(kubectl get pod "$pod_name" -n "$ns" -o jsonpath='{.metadata.ownerReferences[0].name}')
+            owner_kind=$(kubectl get pod "$pod" -n "$namespace" -o jsonpath='{.metadata.ownerReferences[0].kind}')
+            owner_name=$(kubectl get pod "$pod" -n "$namespace" -o jsonpath='{.metadata.ownerReferences[0].name}')
 
             case "$owner_kind" in
                 "ReplicaSet")
-                    deployment=$(kubectl get replicaset "$owner_name" -n "$ns" -o jsonpath='{.metadata.ownerReferences[0].name}')
+                    deployment=$(kubectl get replicaset "$owner_name" -n "$namespace" -o jsonpath='{.metadata.ownerReferences[0].name}')
                     if [[ -n "$deployment" ]]; then
-                        kubectl rollout restart deployment "$deployment" -n "$ns"
+                        kubectl rollout restart deployment "$deployment" -n "$namespace"
                         continue 2
                     else
-                        kubectl delete pod "$pod_name" -n "$ns"
+                        kubectl delete pod "$pod" -n "$namespace"
                     fi
                 ;;
                 "StatefulSet")
-                    deployment=$(kubectl get replicaset "$owner_name" -n "$ns" -o jsonpath='{.metadata.ownerReferences[0].name}')
-                    kubectl rollout restart deployment "$deployment" -n "$ns"
+                    deployment=$(kubectl get replicaset "$owner_name" -n "$namespace" -o jsonpath='{.metadata.ownerReferences[0].name}')
+                    kubectl rollout restart deployment "$deployment" -n "$namespace"
                     continue 2
                 ;;
                 *)

dev-infrastructure/templates/svc-cluster.bicep

@@ -138,7 +138,6 @@ param aroDevopsMsiId string
 param regionalDNSZoneName string
 
 var clusterServiceMIName = 'clusters-service'
-var istio = empty(istioVersion[1]) ? [istioVersion[0]] : istioVersion
 
 resource serviceKeyVault 'Microsoft.KeyVault/vaults@2024-04-01-preview' existing = {
   name: serviceKeyVaultName
@@ -167,7 +166,7 @@ module svcCluster '../modules/aks-cluster-base.bicep' = {
     aksEtcdKVEnableSoftDelete: aksEtcdKVEnableSoftDelete
     kubernetesVersion: kubernetesVersion
     deployIstio: true
-    istioVersion: istio
+    istioVersion: istioVersion
     vnetAddressPrefix: vnetAddressPrefix
     subnetPrefix: subnetPrefix
     podSubnetPrefix: podSubnetPrefix