From ccedcf50d11587cffac7855f60736d07df8461f5 Mon Sep 17 00:00:00 2001 From: Jonathan Chang Date: Wed, 18 Dec 2024 10:06:25 -0800 Subject: [PATCH] address comments --- config/Makefile | 2 +- config/config.msft.yaml | 7 ++-- config/config.schema.json | 8 ++--- config/config.yaml | 3 +- config/public-cloud-cs-pr.json | 7 ++-- config/public-cloud-dev.json | 7 ++-- config/public-cloud-msft-int.json | 6 ++-- config/public-cloud-personal-dev.json | 7 ++-- .../svc-cluster.tmpl.bicepparam | 2 +- dev-infrastructure/scripts/istio.sh | 34 +++++++++---------- .../templates/svc-cluster.bicep | 3 +- 11 files changed, 44 insertions(+), 42 deletions(-) diff --git a/config/Makefile b/config/Makefile index f9b7289a3..deb33c1fb 100644 --- a/config/Makefile +++ b/config/Makefile @@ -15,7 +15,7 @@ detect-change: materialize echo "Please review the diffs below:\n\n"; \ echo "$$diff_output"; \ echo "\n\n===================================================="; \ - echo "\n\nOnce you reviewed the changes and consider them meaningful, commit them by running "make -C config/ materialize" and commit your changes."; \ + echo "\n\nOnce you reviewed the changes and consider them meaningful, update them by running "make -C config/ materialize" and commit your changes."; \ echo "\n\n===================================================="; \ exit 1; \ else \ diff --git a/config/config.msft.yaml b/config/config.msft.yaml index de6a87d02..efceec3af 100644 --- a/config/config.msft.yaml +++ b/config/config.msft.yaml @@ -30,11 +30,10 @@ defaults: kvName: arohcp-etcd-{{ .ctx.regionShort }} kvSoftDelete: true istio: - url: "https://github.com/istio/istio/releases/download" - istioctlVersion: "1.23.1" + istioctlVersion: "1.24.1" tag: "prod-stable" - targetVersion: "" - version: "asm-1-22" + targetVersion: "asm-1-23" + versions: ["asm-1-22", "asm-1-23"] # MGMT cluster specifics mgmt: diff --git a/config/config.schema.json b/config/config.schema.json index 282237563..ca8a4a3ec 100644 --- a/config/config.schema.json +++ b/config/config.schema.json @@ -665,10 +665,6 @@ "istio": { "type": "object", "properties": { - "url": { - "description": "The download Url for istioctl", - "type": "string" - }, "istioctlVersion": { "description": "Latest version of istioctl. This is used to download the istioctl", "type": "string" @@ -677,9 +673,9 @@ "description": "The revision tag used in istioctl", "type": "string" }, - "version": { + "versions": { "description": "The current istio version in the AKS cluster", - "type": "string" + "type": "array" }, "targetVersion": { "description": "The target istio version that will be updated to", diff --git a/config/config.yaml b/config/config.yaml index 9d2c16ddc..3353bb4f5 100644 --- a/config/config.yaml +++ b/config/config.yaml @@ -28,11 +28,10 @@ defaults: kvName: arohcp-etcd-{{ .ctx.regionShort }} kvSoftDelete: true istio: - url: "https://github.com/istio/istio/releases/download" istioctlVersion: "1.23.1" tag: "prod-stable" targetVersion: "" - version: "asm-1-22" + versions: ["asm-1-22"] # MGMT cluster specifics mgmt: diff --git a/config/public-cloud-cs-pr.json b/config/public-cloud-cs-pr.json index 7d85c5350..05dffa2cc 100644 --- a/config/public-cloud-cs-pr.json +++ b/config/public-cloud-cs-pr.json @@ -161,8 +161,11 @@ "istioctlVersion": "1.23.1", "tag": "prod-stable", "targetVersion": "", - "url": "https://istio.io/downloadIstio", - "version": "asm-1-22" + "url": "https://github.com/istio/istio/releases/download", + "version": "asm-1-22", + "versions": [ + "asm-1-22" + ] }, "rg": "hcp-underlay-cspr-svc", "subscription": "ARO Hosted Control Planes (EA Subscription 1)", diff --git a/config/public-cloud-dev.json b/config/public-cloud-dev.json index e97ab0444..bc6b6776e 100644 --- a/config/public-cloud-dev.json +++ b/config/public-cloud-dev.json @@ -161,8 +161,11 @@ "istioctlVersion": "1.23.1", "tag": "prod-stable", "targetVersion": "", - "url": "https://istio.io/downloadIstio", - "version": "asm-1-22" + "url": "https://github.com/istio/istio/releases/download", + "version": "asm-1-22", + "versions": [ + "asm-1-22" + ] }, "rg": "hcp-underlay-dev-svc", "subscription": "ARO Hosted Control Planes (EA Subscription 1)", diff --git a/config/public-cloud-msft-int.json b/config/public-cloud-msft-int.json index 42e9ed9bd..a7060f2d6 100644 --- a/config/public-cloud-msft-int.json +++ b/config/public-cloud-msft-int.json @@ -160,8 +160,10 @@ "istioctlVersion": "1.24.1", "tag": "prod-stable", "targetVersion": "asm-1-23", - "url": "https://istio.io/downloadIstio", - "version": "asm-1-22" + "versions": [ + "asm-1-22", + "asm-1-23" + ] }, "rg": "hcp-underlay-westus3-svc", "subscription": "hcp-westus3", diff --git a/config/public-cloud-personal-dev.json b/config/public-cloud-personal-dev.json index 64fc7e34e..620795f90 100644 --- a/config/public-cloud-personal-dev.json +++ b/config/public-cloud-personal-dev.json @@ -161,8 +161,11 @@ "istioctlVersion": "1.23.1", "tag": "prod-stable", "targetVersion": "", - "url": "https://istio.io/downloadIstio", - "version": "asm-1-22" + "url": "https://github.com/istio/istio/releases/download", + "version": "asm-1-22", + "versions": [ + "asm-1-22" + ] }, "rg": "hcp-underlay-usw3tst-svc", "subscription": "ARO Hosted Control Planes (EA Subscription 1)", diff --git a/dev-infrastructure/configurations/svc-cluster.tmpl.bicepparam b/dev-infrastructure/configurations/svc-cluster.tmpl.bicepparam index d7cbbc01c..ce5a7b3e8 100644 --- a/dev-infrastructure/configurations/svc-cluster.tmpl.bicepparam +++ b/dev-infrastructure/configurations/svc-cluster.tmpl.bicepparam @@ -1,7 +1,7 @@ using '../templates/svc-cluster.bicep' param kubernetesVersion = '{{ .kubernetesVersion }}' -param istioVersion = ['{{ .svc.istio.version }}', '{{ .svc.istio.targetVersion }}'] +param istioVersion = ['{{ .svc.istio.version }}'] param vnetAddressPrefix = '{{ .vnetAddressPrefix }}' param subnetPrefix = '{{ .subnetPrefix }}' param podSubnetPrefix = '{{ .podSubnetPrefix }}' diff --git a/dev-infrastructure/scripts/istio.sh b/dev-infrastructure/scripts/istio.sh index 8b3bf8a78..e3a97a0c8 100755 --- a/dev-infrastructure/scripts/istio.sh +++ b/dev-infrastructure/scripts/istio.sh @@ -29,8 +29,8 @@ case "${LOCAL_ARCH}" in esac -ISTIO_URL="${ISTIOCTL_URL}/${ISTIOCTL_VERSION}/istio-${ISTIOCTL_VERSION}-${OSEXT}-${ISTIO_ARCH}.tar.gz" -SHA256_URL="${ISTIOCTL_URL}/${ISTIOCTL_VERSION}/istio-${ISTIOCTL_VERSION}-${OSEXT}-${ISTIO_ARCH}.tar.gz.sha256" +ISTIO_URL="https://github.com/istio/istio/releases/download/${ISTIOCTL_VERSION}/istio-${ISTIOCTL_VERSION}-${OSEXT}-${ISTIO_ARCH}.tar.gz" +SHA256_URL="https://github.com/istio/istio/releases/download/${ISTIOCTL_VERSION}/istio-${ISTIOCTL_VERSION}-${OSEXT}-${ISTIO_ARCH}.tar.gz.sha256" # Download the Istioctl binary wget -q "$ISTIO_URL" -O istio-"${ISTIOCTL_VERSION}"-${OSEXT}-${ISTIO_ARCH}.tar.gz @@ -58,12 +58,12 @@ echo "========================================================================== # ISTIO_NAMESPACE="aks-istio-system" -CURRENT_TAG_REVISION=$(istioctl tag list --istioNamespace ${ISTIO_NAMESPACE} -o json | jq --arg tag ${TAG} '.[] | select(.tag == $tag).revision' -r) +CURRENT_TAG_REVISION=$(istioctl tag list --istioNamespace "${ISTIO_NAMESPACE}" -o json | jq --arg tag "${TAG}" '.[] | select(.tag == $tag).revision' -r) echo "********** Ensure tag ${TAG} exists **************" if [ -z "$CURRENT_TAG_REVISION" ]; then echo "Tag ${TAG} does not exist yet. Creating it with version ${CURRENT_VERSION}" - istioctl tag set ${TAG} --revision ${CURRENT_VERSION} --istioNamespace ${ISTIO_NAMESPACE} + istioctl tag set "${TAG}" --revision "${CURRENT_VERSION}" --istioNamespace "${ISTIO_NAMESPACE}" else echo "Tag ${TAG} already exists and refers to version ${CURRENT_TAG_REVISION}" fi @@ -73,37 +73,35 @@ echo "********** ISTIO Upgrade **************" # To upgrade or rollback, change the targetVersion to the desire version, and version to the current version. if [[ -z "$TARGET_VERSION" ]]; then echo "Istio is using Target Version. Exiting script." - exit 0 + exit 1 fi NEWVERSION="$TARGET_VERSION" echo "********** Istio Upgrade Started with version ${NEWVERSION} **************" istioctl tag set "$TAG" --revision "${NEWVERSION}" --istioNamespace ${ISTIO_NAMESPACE} --overwrite -# Get the namespaces with the label istio.io/rev=$TAG -namespaces=$(kubectl get namespaces --selector=istio.io/rev="$TAG" -o jsonpath='{.items[*].metadata.name}' | xargs -n1 echo) -for ns in $namespaces; do - pods=$(kubectl get pods -n "$ns" -o jsonpath='{.items[*].metadata.name}'| xargs -n1 echo) - for pod_name in $pods; do - istio_version=$(kubectl get pod "$pod_name" -n "$ns" -o jsonpath='{.metadata.annotations.sidecar\.istio\.io/status}' | grep -oP '(?<="revision":")[^"]*') +# Get the namespaces with the label istio.io/rev=$TAG +for namespace in $( kubectl get namespaces --selector=istio.io/rev="$TAG" -o jsonpath='{.items[*].metadata.name}' ); do + for pod in $( kubectl get pods -n "$namespace" -o jsonpath='{.items[*].metadata.name}' ); do + istio_version=$(kubectl get pod "$pod" -n "$namespace" -o jsonpath='{.metadata.annotations.sidecar\.istio\.io/status}' | grep -oP '(?<="revision":")[^"]*') if [[ "$istio_version" != "$NEWVERSION" ]]; then - owner_kind=$(kubectl get pod "$pod_name" -n "$ns" -o jsonpath='{.metadata.ownerReferences[0].kind}') - owner_name=$(kubectl get pod "$pod_name" -n "$ns" -o jsonpath='{.metadata.ownerReferences[0].name}') + owner_kind=$(kubectl get pod "$pod" -n "$namespace" -o jsonpath='{.metadata.ownerReferences[0].kind}') + owner_name=$(kubectl get pod "$pod" -n "$namespace" -o jsonpath='{.metadata.ownerReferences[0].name}') case "$owner_kind" in "ReplicaSet") - deployment=$(kubectl get replicaset "$owner_name" -n "$ns" -o jsonpath='{.metadata.ownerReferences[0].name}') + deployment=$(kubectl get replicaset "$owner_name" -n "$namespace" -o jsonpath='{.metadata.ownerReferences[0].name}') if [[ -n "$deployment" ]]; then - kubectl rollout restart deployment "$deployment" -n "$ns" + kubectl rollout restart deployment "$deployment" -n "$namespace" continue 2 else - kubectl delete pod "$pod_name" -n "$ns" + kubectl delete pod "$pod" -n "$namespace" fi ;; "StatefulSet") - deployment=$(kubectl get replicaset "$owner_name" -n "$ns" -o jsonpath='{.metadata.ownerReferences[0].name}') - kubectl rollout restart deployment "$deployment" -n "$ns" + deployment=$(kubectl get replicaset "$owner_name" -n "$namespace" -o jsonpath='{.metadata.ownerReferences[0].name}') + kubectl rollout restart deployment "$deployment" -n "$namespace" continue 2 ;; *) diff --git a/dev-infrastructure/templates/svc-cluster.bicep b/dev-infrastructure/templates/svc-cluster.bicep index bd4f3b323..c723c0125 100644 --- a/dev-infrastructure/templates/svc-cluster.bicep +++ b/dev-infrastructure/templates/svc-cluster.bicep @@ -138,7 +138,6 @@ param aroDevopsMsiId string param regionalDNSZoneName string var clusterServiceMIName = 'clusters-service' -var istio = empty(istioVersion[1]) ? [istioVersion[0]] : istioVersion resource serviceKeyVault 'Microsoft.KeyVault/vaults@2024-04-01-preview' existing = { name: serviceKeyVaultName @@ -167,7 +166,7 @@ module svcCluster '../modules/aks-cluster-base.bicep' = { aksEtcdKVEnableSoftDelete: aksEtcdKVEnableSoftDelete kubernetesVersion: kubernetesVersion deployIstio: true - istioVersion: istio + istioVersion: istioVersion vnetAddressPrefix: vnetAddressPrefix subnetPrefix: subnetPrefix podSubnetPrefix: podSubnetPrefix