├── .envrc ├── .final_builds ├── jobs │ ├── copilot │ │ └── index.yml │ ├── envoy │ │ └── index.yml │ └── pilot-discovery │ │ └── index.yml ├── license │ └── index.yml ├── packages │ ├── copilot │ │ └── index.yml │ ├── envoy │ │ └── index.yml │ ├── golang-1-linux │ │ └── index.yml │ ├── golang-1.9-linux │ │ └── index.yml │ ├── grpcurl │ │ └── index.yml │ ├── librarian │ │ └── index.yml │ └── pilot │ │ └── index.yml └── version ├── .gitignore ├── .gitmodules ├── Gemfile ├── Gemfile.lock ├── ISSUE_TEMPLATE.md ├── LICENSE ├── NOTICE ├── PULL_REQUEST_TEMPLATE.md ├── README.md ├── ci ├── pipelines │ └── istio.yml ├── scripts │ └── script_helpers.sh └── tasks │ ├── bosh2-command │ ├── task │ ├── task-with-release.yml │ └── task.yml │ ├── build-istio-release-notes │ ├── task │ └── task.yml │ ├── bump-submodule │ ├── task │ └── task.yml │ ├── create-final-istio-release │ ├── task │ └── task.yml │ ├── create-integration-configs │ ├── task │ └── task.yml │ ├── create-release-tarball │ ├── task │ └── task.yml │ ├── envoy-blob │ ├── pull-from-docker │ │ ├── task │ │ └── task.yml │ └── update │ │ ├── task │ │ └── task.yml │ ├── grpcurl-blob │ ├── compile │ │ ├── task │ │ └── task.yml │ └── update │ │ ├── task │ │ └── task.yml │ ├── istio-release-tests │ ├── task │ └── task.yml │ ├── merge-bbl-config │ ├── task │ └── task.yml │ ├── merge-ops-files │ ├── task │ └── task.yml │ ├── merge-routing-release-master-into-develop │ ├── task │ └── task.yml │ ├── run-iats │ ├── task │ └── task.yml │ ├── run-istio-scaling │ ├── task │ └── task.yml │ ├── save-golang-version-to-file │ ├── task │ └── task.yml │ └── upgrade-package-in-release │ ├── task │ └── task.yml ├── config ├── blobs.yml └── final.yml ├── deploy ├── README.md ├── bbl-config │ ├── cloud-config │ │ └── istio.yml │ └── terraform │ │ └── istio-router.tf └── cf-deployment-operations │ ├── README.md │ ├── add-external-istio-lb.yml │ ├── add-istio.yml │ ├── disable-ingress-sidecar-proxying.yml │ ├── enable-sidecar-proxying.yml │ ├── enable-tls-termination.yml │ ├── local-istio-release.yml │ ├── remove-pilot-from-diego-cell.yml │ ├── scale-diego-for-ci.yml │ ├── scaling-test.yml │ ├── use-latest-capi-release.yml │ ├── use-latest-cf-networking-release.yml │ ├── use-latest-cf-networking.yml │ ├── use-latest-mysql-release.yml │ ├── use-latest-routing-release.yml │ ├── use-latest-silk-release.yml │ └── use-latest-silk.yml ├── docs ├── .gitkeep └── go.version ├── jobs ├── copilot │ ├── monit │ ├── spec │ └── templates │ │ ├── bbs │ │ └── certs │ │ │ ├── ca.crt.erb │ │ │ ├── client.crt.erb │ │ │ └── client.key.erb │ │ ├── bpm.yml.erb │ │ ├── certs │ │ ├── cloud-controller-client-ca.crt.erb │ │ ├── pilot-client-ca.crt.erb │ │ ├── server.crt.erb │ │ └── server.key.erb │ │ ├── config.json.erb │ │ └── policy-server │ │ └── certs │ │ ├── ca.crt.erb │ │ ├── client.crt.erb │ │ └── client.key.erb ├── envoy │ ├── monit │ ├── spec │ └── templates │ │ ├── bpm-pre-start.erb │ │ ├── bpm.yml.erb │ │ ├── envoy.json.erb │ │ └── librarian.json.erb └── pilot-discovery │ ├── monit │ ├── spec │ └── templates │ ├── bpm.yml.erb │ ├── capi-cli.erb │ ├── certs │ ├── ca.crt.erb │ ├── client.crt.erb │ └── client.key.erb │ ├── istio-cli.erb │ └── mesh-config.json.erb ├── packages ├── copilot │ ├── packaging │ └── spec ├── envoy │ ├── packaging │ └── spec ├── golang-1-linux │ └── spec.lock ├── grpcurl │ ├── packaging │ └── spec ├── librarian │ ├── packaging │ └── spec └── pilot │ ├── packaging │ └── spec ├── releases └── istio │ ├── index.yml │ ├── istio-1.0.10.yml │ ├── istio-1.0.2.yml │ ├── istio-1.1.0.yml │ ├── istio-1.2.0.yml │ ├── istio-1.3.0.yml │ └── istio-1.yml ├── scripts ├── commit-with-submodule-log ├── submodule-log ├── test └── update ├── spec ├── copilot.json.erb_spec.rb ├── envoy.json.erb_spec.rb └── envoy │ └── bpm.yml.erb_spec.rb ├── test-upstream-linux.sh └── test-upstream-mac.sh /.envrc: -------------------------------------------------------------------------------- 1 | export GOPATH=$PWD 2 | export COPILOT_ROOT=$PWD/src/code.cloudfoundry.org/copilot 3 | -------------------------------------------------------------------------------- /.final_builds/jobs/copilot/index.yml: -------------------------------------------------------------------------------- 1 | builds: 2 | 7d3f9353e31e5c015590abceef039d5a4f49ab5fe6e77fc7ced3d2d209b5436b: 3 | version: 7d3f9353e31e5c015590abceef039d5a4f49ab5fe6e77fc7ced3d2d209b5436b 4 | blobstore_id: 6cbd98f8-5f39-4f58-5aee-c8ed07581cd6 5 | sha1: sha256:e08b1026bae836fb90087b375d2e2cc90f0207dd3e091d18db9e704ba023806c 6 | b5f56919af7feafd1fdeebfd856adac86dc62b05910562dfc6c068f84dfda019: 7 | version: b5f56919af7feafd1fdeebfd856adac86dc62b05910562dfc6c068f84dfda019 8 | blobstore_id: 533e0a3e-a08f-461b-4138-1d37d0bbc3cf 9 | sha1: sha256:92774f1b7e26d7c02e96f3dec5685854c45ef492befd729fcd792177252f7b65 10 | format-version: "2" 11 | -------------------------------------------------------------------------------- /.final_builds/jobs/envoy/index.yml: -------------------------------------------------------------------------------- 1 | builds: 2 | 7689163e9bf8e68bb446128d6216fb2f04c3b034dd8e7ae4085ca30b48b52197: 3 | version: 7689163e9bf8e68bb446128d6216fb2f04c3b034dd8e7ae4085ca30b48b52197 4 | blobstore_id: 8e87aec3-f7ac-42ac-665e-6b645986a3a3 5 | sha1: sha256:0ef4c43e9b2a5a484c75729cbc742a3a4a6e0c1725fac0050b6849d022af4fe6 6 | db49a607c408a6b27531fbee13ee47fa852c5788748f6dc3e4cdbfc6f2349ee9: 7 | version: db49a607c408a6b27531fbee13ee47fa852c5788748f6dc3e4cdbfc6f2349ee9 8 | blobstore_id: 868dd025-90ed-4d65-7acf-5b2ae41df751 9 | sha1: sha256:62b8ef26d4a4c92f5feb14eb989fd3880fb7cd28b1852376df4c1c68408e3c7a 10 | e78b2a8b73deb9a0ce0b1b688ab54cd69d8db6fd548a219d7eb03288e7c96490: 11 | version: e78b2a8b73deb9a0ce0b1b688ab54cd69d8db6fd548a219d7eb03288e7c96490 12 | blobstore_id: e9388195-9d16-4477-5fb3-201be333d803 13 | sha1: sha256:27f4a41307e74c0ac04c4bfee330f505d6b8c074159f77d337cfaaf52fb263a5 14 | format-version: "2" 15 | -------------------------------------------------------------------------------- /.final_builds/jobs/pilot-discovery/index.yml: -------------------------------------------------------------------------------- 1 | builds: 2 | 48b6e0c11a7c2fb2e69677888f88dbe559882a8e575d9ac6f671b4b3844e1ad7: 3 | version: 48b6e0c11a7c2fb2e69677888f88dbe559882a8e575d9ac6f671b4b3844e1ad7 4 | blobstore_id: ebfbdf39-2be1-4f49-4c14-f78129f61e8e 5 | sha1: sha256:b3a33beebfd4cd3eba3545b6be20e39ff632750dd31e5154e5bcd8f936036a8a 6 | 4d46a078ce9876d64338569ce917ad3edd37f2ab8117002933ee9c9d0c5b93e3: 7 | version: 4d46a078ce9876d64338569ce917ad3edd37f2ab8117002933ee9c9d0c5b93e3 8 | blobstore_id: 36230d3f-4ab0-42d7-4e47-1b5706b333ee 9 | sha1: sha256:815c0d680aa834e98c9f076f3ab856e99aa32324c91bb132beef204b668995d5 10 | e173ed32386bb2a772a555da49ac001c2e7c599c152ab8802cdb72f0cc2fc30d: 11 | version: e173ed32386bb2a772a555da49ac001c2e7c599c152ab8802cdb72f0cc2fc30d 12 | blobstore_id: af6d9225-2c1f-4c7d-4159-f5e6c21df381 13 | sha1: sha256:f4643233a558875d36d9cf8de88d7c25d401b22f3049053a6720853bf2b12f5d 14 | format-version: "2" 15 | -------------------------------------------------------------------------------- /.final_builds/license/index.yml: -------------------------------------------------------------------------------- 1 | builds: 2 | 7765bf2fe7f1ac25a407022308d7b687d5006fc6a5e40ce7a1aa8a5a34e705d4: 3 | version: 7765bf2fe7f1ac25a407022308d7b687d5006fc6a5e40ce7a1aa8a5a34e705d4 4 | blobstore_id: 8760c1b7-a0c8-4437-4b69-6884ea8155c3 5 | sha1: sha256:1db6f4d4b23c3978c16e6f5805d12c78ee99ad7d97a5d759d5ab96ae7e81d5ac 6 | format-version: "2" 7 | -------------------------------------------------------------------------------- /.final_builds/packages/copilot/index.yml: -------------------------------------------------------------------------------- 1 | builds: 2 | 2b8e9d77e78e2e7fb101d5534433eb28dda94fd2934ed01aa515e7b1cf7ce0f6: 3 | version: 2b8e9d77e78e2e7fb101d5534433eb28dda94fd2934ed01aa515e7b1cf7ce0f6 4 | blobstore_id: 8c15aa03-c2ca-4f66-41b3-eab9eef2840b 5 | sha1: sha256:739273caea8abb86af40c83d0bfd8a6cb7fcfcfd5d4ff91417b558594adb5b17 6 | 3395209b2bfa756f4dccdb98e2ab26842ddcd79290f1df06a368504ad959e924: 7 | version: 3395209b2bfa756f4dccdb98e2ab26842ddcd79290f1df06a368504ad959e924 8 | blobstore_id: 34ef832e-db68-4458-6264-276929945bfc 9 | sha1: sha256:a97b8f57e089df58255f8f6672112a1223a0295ec8f60a295792cff893e4ebb2 10 | 387fc2a68771c24be434b6f09a994befbfac62b13ec7951630d320b7f7be3785: 11 | version: 387fc2a68771c24be434b6f09a994befbfac62b13ec7951630d320b7f7be3785 12 | blobstore_id: e28fe514-e389-4dbe-4a43-1a8d774c1c03 13 | sha1: sha256:34c9663b18efee18466f4df5989cf0aa325518691160f3a7aff7fdf12577483e 14 | 5285e58ce75d7234ae7516c6639503faae15e1aeec8cb6662e5eb8626b704182: 15 | version: 5285e58ce75d7234ae7516c6639503faae15e1aeec8cb6662e5eb8626b704182 16 | blobstore_id: 049bf5a3-78c3-4515-477f-945e90fdf924 17 | sha1: sha256:a1c4fde505d55d63fe66a2117da2d445efe616dc925d0ce4fdb4d42d543e66ef 18 | df5915f95cc0b12429eca579f24c891b7d52ebeda450dd1105224a2d0b97d59c: 19 | version: df5915f95cc0b12429eca579f24c891b7d52ebeda450dd1105224a2d0b97d59c 20 | blobstore_id: c7e76b6b-80af-403f-6548-dbf138f7bd10 21 | sha1: sha256:88ded12236794b42204639ef205ef15efe93c6ee4af91cfcfbc486dd77d7a9e6 22 | format-version: "2" 23 | -------------------------------------------------------------------------------- /.final_builds/packages/envoy/index.yml: -------------------------------------------------------------------------------- 1 | builds: 2 | 776eec30022304b5342972ee5438afe2a36e89c9aa1a687812a2438f16e04401: 3 | version: 776eec30022304b5342972ee5438afe2a36e89c9aa1a687812a2438f16e04401 4 | blobstore_id: c0dbf972-7281-4f54-7d07-9aacd7f6e775 5 | sha1: sha256:066535fd86ff8c446f25b96b1c2a7356f946616719786a8de6f36df2f7d92de3 6 | 7b8aae86953f0e3376e66800bc59361c5117f43b4f87e36a2ac65998bafa1849: 7 | version: 7b8aae86953f0e3376e66800bc59361c5117f43b4f87e36a2ac65998bafa1849 8 | blobstore_id: f8647026-002f-4a6e-57a3-e5fd071c4a45 9 | sha1: sha256:999df67c3077aa82aaa5c15ed6776500862ea1a8fb7ec6603b6d10d278eb1c80 10 | d34f134e050b5216c71d0075f625edee69d2001aa121caea26271755193a2908: 11 | version: d34f134e050b5216c71d0075f625edee69d2001aa121caea26271755193a2908 12 | blobstore_id: f812d920-a523-45fd-71c2-0ccf9262ec50 13 | sha1: sha256:913ca42c50a26196f0cfd1f048e629762d8e6167b7a0e26f8283878563d14eb8 14 | format-version: "2" 15 | -------------------------------------------------------------------------------- /.final_builds/packages/golang-1-linux/index.yml: -------------------------------------------------------------------------------- 1 | builds: 2 | 0fb4dcd069c8e997914e544ce1b76f6643b54e806669bec264cb7a9b4c7bfee4: 3 | version: 0fb4dcd069c8e997914e544ce1b76f6643b54e806669bec264cb7a9b4c7bfee4 4 | blobstore_id: 7a773b9d-6c2b-457e-74bb-aafa9bca08eb 5 | sha1: sha256:c73afc9bcd5e8d56baf2c6abf85efea843d32936fcd2431694e32eb3f4aaf040 6 | 27f2e1ea2746d4ff4a326028a27e88c633b0998f02567cbeb8bc148c1f2df2b0: 7 | version: 27f2e1ea2746d4ff4a326028a27e88c633b0998f02567cbeb8bc148c1f2df2b0 8 | blobstore_id: 86d71ff0-ea71-4e0c-446e-86775827ffba 9 | sha1: sha256:112d89f137898044b3fe38b27def34a7146b6ca5c5dece4c86f91696db8ec505 10 | 3cfad0ad1f670291784b3f8555c873da9b35458645b27de24ed9a5df2ac265d4: 11 | version: 3cfad0ad1f670291784b3f8555c873da9b35458645b27de24ed9a5df2ac265d4 12 | blobstore_id: 47df6b99-7db5-4421-5a6c-150e17c102a2 13 | sha1: sha256:828ce3e0a51df82082f717ce2de27f80e9a2a7f8a78cd7cc36d52b54aa5f0939 14 | 3ebf8d2b96ce770b0017661484a557e3d44b4508: 15 | version: 3ebf8d2b96ce770b0017661484a557e3d44b4508 16 | blobstore_id: ce1b95a0-a9ff-44cb-767a-338407af301f 17 | sha1: 2baa73e173490135011eb2f29c9d2f240e68664b 18 | 4b37d308b947ad4932c10781224b0db02ad274ca174c6851d09e49107e3eca82: 19 | version: 4b37d308b947ad4932c10781224b0db02ad274ca174c6851d09e49107e3eca82 20 | blobstore_id: 751b94ae-6a34-4530-4a22-2d26bf3cf841 21 | sha1: sha256:edfa152be5680f6a0f74de79018f0dbda7a1fd546927b51b08c10158f057f4ab 22 | 67335315cb5afd81462d3b2f35ee79b09c69a909634d16a0ec45d7982a9a611e: 23 | version: 67335315cb5afd81462d3b2f35ee79b09c69a909634d16a0ec45d7982a9a611e 24 | blobstore_id: 9efbe18d-103e-4e24-613a-e3c310ad7229 25 | sha1: sha256:30f7672b2c30c975c16e2d7e2ed5feadb373c2be064e11068839c5d28b5fe8f9 26 | 864e21e6d4f474b33b5d810004e2382cd5c64972: 27 | version: 864e21e6d4f474b33b5d810004e2382cd5c64972 28 | blobstore_id: 2b97c1b6-bbbe-45c1-5542-8a9f916ec2d4 29 | sha1: 5e52b62c0c036ddc9701cc92e16ce808f958ae2d 30 | 8fb48ae1b653b7d0b49d0cbcea856bb8da8a5700: 31 | version: 8fb48ae1b653b7d0b49d0cbcea856bb8da8a5700 32 | blobstore_id: 6e5465cc-e6aa-4ef3-4592-d69d4011061c 33 | sha1: 9f16552fef2b85f38d5b54de153dbff17e71eb03 34 | a58647561918778c52fb932074e6099497a9063bce3a1531e5c60ba643e1f4df: 35 | version: a58647561918778c52fb932074e6099497a9063bce3a1531e5c60ba643e1f4df 36 | blobstore_id: 5da1b0e7-96b3-4d2d-5b45-e87803cae38f 37 | sha1: sha256:c6a7f2d5741270ed0fe9582f2ff18902bc0be08bfc61fb682e46deff97368644 38 | c34ae67641b6b3fea8d84474b76b078b5cba83302cea354931e29cd812d62336: 39 | version: c34ae67641b6b3fea8d84474b76b078b5cba83302cea354931e29cd812d62336 40 | blobstore_id: a3e6b019-1331-4af3-75c9-67671d9a1bfa 41 | sha1: sha256:3cceff4251ae093c9caeef33315e7dbd569ea73363abe2c874737e720b924812 42 | c921dc1e1831da5a2dc61cb8945e372c1410c05882ed00965cba367991495f5d: 43 | version: c921dc1e1831da5a2dc61cb8945e372c1410c05882ed00965cba367991495f5d 44 | blobstore_id: 2ff53367-bd65-4c50-4dd1-f999f4116cbb 45 | sha1: sha256:5949e464c19b842cf864ffbf0f4e5f216872a92a2f5284861be5ba6ab931e01d 46 | d55c618ac63dfdf4ac457346fb325fb2b04884af: 47 | version: d55c618ac63dfdf4ac457346fb325fb2b04884af 48 | blobstore_id: 3380a5da-0f83-426e-6272-f979b491f32e 49 | sha1: a41d085750f5cd6f785d02efe752f3708174224e 50 | f5b5dd169b70c56ab569b236c85979462b2c6e844b46bc6e79e12eddb98bced8: 51 | version: f5b5dd169b70c56ab569b236c85979462b2c6e844b46bc6e79e12eddb98bced8 52 | blobstore_id: 181494f8-b80b-4f60-4467-010cc02aa2d5 53 | sha1: sha256:3977bab1897c26be5d80887555c258b0506d3f333aa5527b61c4ba70711f8b42 54 | fb6ea55df5f3e98d61774d4c3d4e6ba27e141d200875d0cebcb13918e5acd6c1: 55 | version: fb6ea55df5f3e98d61774d4c3d4e6ba27e141d200875d0cebcb13918e5acd6c1 56 | blobstore_id: 350de3e6-6bdb-4d05-70a8-1afbe78a6ffa 57 | sha1: sha256:df747df87f385f84f1494509ad792ee68ce50031155ec6a476ccc265911bc4d5 58 | format-version: "2" 59 | -------------------------------------------------------------------------------- /.final_builds/packages/golang-1.9-linux/index.yml: -------------------------------------------------------------------------------- 1 | builds: 2 | 200a29b129a9078cb156be44c4a792ae24f42900: 3 | version: 200a29b129a9078cb156be44c4a792ae24f42900 4 | blobstore_id: 961dc4af-a80b-4a71-4202-5ffe54149344 5 | sha1: bacfa6a162fa7085f95df7d43e911404a3644b01 6 | format-version: "2" 7 | -------------------------------------------------------------------------------- /.final_builds/packages/grpcurl/index.yml: -------------------------------------------------------------------------------- 1 | builds: 2 | 54415abfa9e50302dbd57d057d05ad4c21ad29ab47f63ed56ae5b6ceddfd0241: 3 | version: 54415abfa9e50302dbd57d057d05ad4c21ad29ab47f63ed56ae5b6ceddfd0241 4 | blobstore_id: abcd5a2a-d593-4b45-6a58-6682f4aba540 5 | sha1: sha256:3bff0508e18be72a99aa0f4ffdac5cbbe7ceaa6e6f33bcc9d72c65ee4767db5b 6 | e3fed164b4d010650526f35e86ef6212507fae22ed6b84261b938a8aba0d20e4: 7 | version: e3fed164b4d010650526f35e86ef6212507fae22ed6b84261b938a8aba0d20e4 8 | blobstore_id: 0b3c7b78-d937-4f85-4f22-e0e225a153ec 9 | sha1: sha256:f678c9c6e7e1a1a7fe964fae9ab1b59c39fa71971239cc302f1d0b377d19286d 10 | format-version: "2" 11 | -------------------------------------------------------------------------------- /.final_builds/packages/librarian/index.yml: -------------------------------------------------------------------------------- 1 | builds: 2 | 1a4860d26890494e9cf800f5bd2375d191cb79e2231104aec026f4df50c16c7c: 3 | version: 1a4860d26890494e9cf800f5bd2375d191cb79e2231104aec026f4df50c16c7c 4 | blobstore_id: 30bc1a0c-eb9a-4409-6b86-36415d5b87c1 5 | sha1: sha256:88b28da96c1034810baecdb5b44b3d5057c6df72890cfbe9783da0539ae49830 6 | 330e9b0c56ce4c1f83afe0665e73bd619faf05c2ea47e331ec5096616f023f55: 7 | version: 330e9b0c56ce4c1f83afe0665e73bd619faf05c2ea47e331ec5096616f023f55 8 | blobstore_id: 1f4851a6-c052-4315-5994-c0c4b398964d 9 | sha1: sha256:61a2eb6fb78c3f060212adfe6e062be86c5543f614d2110ee40432e301f3aa57 10 | 799ffedbef1274adcc7c0649dedd7bd88e16421ae91aaf5a753b547c4ad0609c: 11 | version: 799ffedbef1274adcc7c0649dedd7bd88e16421ae91aaf5a753b547c4ad0609c 12 | blobstore_id: 4798289c-52d2-43aa-631f-d3d406200a5f 13 | sha1: sha256:1164341d51b37c3f5064a5cf4afedc67172636860767c490e82438275c75c6b3 14 | a099e581681ba77ec55e8e5b25578fe2bae8a59e1bd24132dfaeb7c7e0acd26d: 15 | version: a099e581681ba77ec55e8e5b25578fe2bae8a59e1bd24132dfaeb7c7e0acd26d 16 | blobstore_id: 6d9712fb-e3b6-4948-4106-c684bbeb5ab0 17 | sha1: sha256:2acf6d395bf5f174112d6810511c0e5e4c5c0d2a63057dd155b926f209b9ced6 18 | ab545b73a0e4e9259e771b00efc5cfef796f53339a2f4989dc7af7514648e687: 19 | version: ab545b73a0e4e9259e771b00efc5cfef796f53339a2f4989dc7af7514648e687 20 | blobstore_id: a6d730f3-2928-43c7-770b-def07b6be390 21 | sha1: sha256:1bd3c56e9f97f6b2fbf999c9a892adad9e4b46f9a4178e75e60e7f309e3b47d0 22 | format-version: "2" 23 | -------------------------------------------------------------------------------- /.final_builds/packages/pilot/index.yml: -------------------------------------------------------------------------------- 1 | builds: 2 | 0e44be3c2977c8a4d6775630eeda5fe1f744fd21b278c4c63463a9657ca06d0b: 3 | version: 0e44be3c2977c8a4d6775630eeda5fe1f744fd21b278c4c63463a9657ca06d0b 4 | blobstore_id: ede21baa-b836-41ec-4c8d-6c9edcb115d1 5 | sha1: sha256:6487b9271b75e851c8dfda60e0d7da7bc594dd6bda998fd551fbc241d59be854 6 | 1b5eaddb97f7cc7bb3a07cea478eaef12b56cbb07bf59a49909674a454b52db1: 7 | version: 1b5eaddb97f7cc7bb3a07cea478eaef12b56cbb07bf59a49909674a454b52db1 8 | blobstore_id: d95cbbac-0287-4e8e-6208-db7a6cb605f0 9 | sha1: sha256:7bf033bd1652c7aae08cc0e5877e4d46b685111a95d1ebdb6ddd02f76d10d107 10 | 7f95f78d1342ce976d7f64ade0699a342387fbd29ad554c098dd3dbb6b6c0ccd: 11 | version: 7f95f78d1342ce976d7f64ade0699a342387fbd29ad554c098dd3dbb6b6c0ccd 12 | blobstore_id: 46ebc60e-af33-4df2-79b7-0b419fff5226 13 | sha1: sha256:2238d19a04381f15926710fa6e71e7ebb439a064227dc3c419c39813a3ea8d7b 14 | ea57ab69560fe6e24afc0d72943eca19606a01441ecf8a5a79b55a2401bf05f7: 15 | version: ea57ab69560fe6e24afc0d72943eca19606a01441ecf8a5a79b55a2401bf05f7 16 | blobstore_id: 2bd8c453-b609-486d-65bc-df5927483263 17 | sha1: sha256:1bef36e27c7b98f00f2a64db881dedf43d364af515456eb621a2c103d59e2ecc 18 | format-version: "2" 19 | -------------------------------------------------------------------------------- /.final_builds/version: -------------------------------------------------------------------------------- 1 | 1.3.0 2 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | /bin/ 2 | /pkg/ 3 | /.blobs/ 4 | /blobs/ 5 | /config/dev.yml 6 | /config/private.yml 7 | /releases/**/*.tgz 8 | /dev_releases 9 | /.dev_builds 10 | .final_builds/jobs/**/*.tgz 11 | .final_builds/packages/**/*.tgz 12 | .idea/ 13 | out 14 | .DS_Store 15 | params.yml 16 | -------------------------------------------------------------------------------- /.gitmodules: -------------------------------------------------------------------------------- 1 | [submodule "src/code.cloudfoundry.org/copilot"] 2 | path = src/code.cloudfoundry.org/copilot 3 | url = https://github.com/cloudfoundry/copilot 4 | [submodule "src/istio.io/istio"] 5 | path = src/istio.io/istio 6 | url = https://github.com/cloudfoundry/istio 7 | -------------------------------------------------------------------------------- /Gemfile: -------------------------------------------------------------------------------- 1 | source 'https://rubygems.org' 2 | 3 | gem 'rspec', '~> 3.0' 4 | gem 'bosh-template' 5 | gem 'semi_semantic', '~> 1.2' 6 | gem 'rubocop', '~> 0.49.0' 7 | gem 'json' 8 | -------------------------------------------------------------------------------- /Gemfile.lock: -------------------------------------------------------------------------------- 1 | GEM 2 | remote: https://rubygems.org/ 3 | specs: 4 | ast (2.4.0) 5 | bosh-template (2.1.0) 6 | semi_semantic (~> 1.2.0) 7 | diff-lcs (1.3) 8 | json (2.1.0) 9 | parallel (1.12.1) 10 | parser (2.5.3.0) 11 | ast (~> 2.4.0) 12 | powerpack (0.1.2) 13 | rainbow (2.2.2) 14 | rake 15 | rake (12.3.1) 16 | rspec (3.8.0) 17 | rspec-core (~> 3.8.0) 18 | rspec-expectations (~> 3.8.0) 19 | rspec-mocks (~> 3.8.0) 20 | rspec-core (3.8.0) 21 | rspec-support (~> 3.8.0) 22 | rspec-expectations (3.8.2) 23 | diff-lcs (>= 1.2.0, < 2.0) 24 | rspec-support (~> 3.8.0) 25 | rspec-mocks (3.8.0) 26 | diff-lcs (>= 1.2.0, < 2.0) 27 | rspec-support (~> 3.8.0) 28 | rspec-support (3.8.0) 29 | rubocop (0.49.1) 30 | parallel (~> 1.10) 31 | parser (>= 2.3.3.1, < 3.0) 32 | powerpack (~> 0.1) 33 | rainbow (>= 1.99.1, < 3.0) 34 | ruby-progressbar (~> 1.7) 35 | unicode-display_width (~> 1.0, >= 1.0.1) 36 | ruby-progressbar (1.10.0) 37 | semi_semantic (1.2.0) 38 | unicode-display_width (1.4.0) 39 | 40 | PLATFORMS 41 | ruby 42 | 43 | DEPENDENCIES 44 | bosh-template 45 | json 46 | rspec (~> 3.0) 47 | rubocop (~> 0.49.0) 48 | semi_semantic (~> 1.2) 49 | 50 | BUNDLED WITH 51 | 1.17.1 52 | -------------------------------------------------------------------------------- /ISSUE_TEMPLATE.md: -------------------------------------------------------------------------------- 1 | Thanks for submitting an issue to `istio-release`. We are always trying to improve! To help us, please fill out the following template and our bot will add a story to our icebox. From there we will work to prioritize it on the backlog. 2 | 3 | ## Issue 4 | 5 | [provide quick introduction so this issue can be triaged] 6 | 7 | ## Context 8 | 9 | [provide more detailed introduction and the context on what the impact of this is to your operations e.g. this is critical and is impacting all our apps on production] 10 | 11 | ## Steps to Reproduce 12 | 13 | [ordered list the process to finding and recreating the issue, example below] 14 | 15 | ## Expected result 16 | 17 | [describe what you would expect to have resulted from this process] 18 | 19 | ## Current result 20 | 21 | [describe what you currently experience from this process, and thereby explain the bug] 22 | 23 | ## Possible Fix 24 | 25 | [not obligatory, but suggest fixes or reasons for the bug] 26 | 27 | ## `name of issue` Output Results 28 | 29 | [if relevant, include a screenshot] 30 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | Apache License 2 | Version 2.0, January 2004 3 | http://www.apache.org/licenses/ 4 | 5 | TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION 6 | 7 | 1. Definitions. 8 | 9 | "License" shall mean the terms and conditions for use, reproduction, 10 | and distribution as defined by Sections 1 through 9 of this document. 11 | 12 | "Licensor" shall mean the copyright owner or entity authorized by 13 | the copyright owner that is granting the License. 14 | 15 | "Legal Entity" shall mean the union of the acting entity and all 16 | other entities that control, are controlled by, or are under common 17 | control with that entity. For the purposes of this definition, 18 | "control" means (i) the power, direct or indirect, to cause the 19 | direction or management of such entity, whether by contract or 20 | otherwise, or (ii) ownership of fifty percent (50%) or more of the 21 | outstanding shares, or (iii) beneficial ownership of such entity. 22 | 23 | "You" (or "Your") shall mean an individual or Legal Entity 24 | exercising permissions granted by this License. 25 | 26 | "Source" form shall mean the preferred form for making modifications, 27 | including but not limited to software source code, documentation 28 | source, and configuration files. 29 | 30 | "Object" form shall mean any form resulting from mechanical 31 | transformation or translation of a Source form, including but 32 | not limited to compiled object code, generated documentation, 33 | and conversions to other media types. 34 | 35 | "Work" shall mean the work of authorship, whether in Source or 36 | Object form, made available under the License, as indicated by a 37 | copyright notice that is included in or attached to the work 38 | (an example is provided in the Appendix below). 39 | 40 | "Derivative Works" shall mean any work, whether in Source or Object 41 | form, that is based on (or derived from) the Work and for which the 42 | editorial revisions, annotations, elaborations, or other modifications 43 | represent, as a whole, an original work of authorship. For the purposes 44 | of this License, Derivative Works shall not include works that remain 45 | separable from, or merely link (or bind by name) to the interfaces of, 46 | the Work and Derivative Works thereof. 47 | 48 | "Contribution" shall mean any work of authorship, including 49 | the original version of the Work and any modifications or additions 50 | to that Work or Derivative Works thereof, that is intentionally 51 | submitted to Licensor for inclusion in the Work by the copyright owner 52 | or by an individual or Legal Entity authorized to submit on behalf of 53 | the copyright owner. For the purposes of this definition, "submitted" 54 | means any form of electronic, verbal, or written communication sent 55 | to the Licensor or its representatives, including but not limited to 56 | communication on electronic mailing lists, source code control systems, 57 | and issue tracking systems that are managed by, or on behalf of, the 58 | Licensor for the purpose of discussing and improving the Work, but 59 | excluding communication that is conspicuously marked or otherwise 60 | designated in writing by the copyright owner as "Not a Contribution." 61 | 62 | "Contributor" shall mean Licensor and any individual or Legal Entity 63 | on behalf of whom a Contribution has been received by Licensor and 64 | subsequently incorporated within the Work. 65 | 66 | 2. Grant of Copyright License. Subject to the terms and conditions of 67 | this License, each Contributor hereby grants to You a perpetual, 68 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 69 | copyright license to reproduce, prepare Derivative Works of, 70 | publicly display, publicly perform, sublicense, and distribute the 71 | Work and such Derivative Works in Source or Object form. 72 | 73 | 3. Grant of Patent License. Subject to the terms and conditions of 74 | this License, each Contributor hereby grants to You a perpetual, 75 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 76 | (except as stated in this section) patent license to make, have made, 77 | use, offer to sell, sell, import, and otherwise transfer the Work, 78 | where such license applies only to those patent claims licensable 79 | by such Contributor that are necessarily infringed by their 80 | Contribution(s) alone or by combination of their Contribution(s) 81 | with the Work to which such Contribution(s) was submitted. If You 82 | institute patent litigation against any entity (including a 83 | cross-claim or counterclaim in a lawsuit) alleging that the Work 84 | or a Contribution incorporated within the Work constitutes direct 85 | or contributory patent infringement, then any patent licenses 86 | granted to You under this License for that Work shall terminate 87 | as of the date such litigation is filed. 88 | 89 | 4. Redistribution. You may reproduce and distribute copies of the 90 | Work or Derivative Works thereof in any medium, with or without 91 | modifications, and in Source or Object form, provided that You 92 | meet the following conditions: 93 | 94 | (a) You must give any other recipients of the Work or 95 | Derivative Works a copy of this License; and 96 | 97 | (b) You must cause any modified files to carry prominent notices 98 | stating that You changed the files; and 99 | 100 | (c) You must retain, in the Source form of any Derivative Works 101 | that You distribute, all copyright, patent, trademark, and 102 | attribution notices from the Source form of the Work, 103 | excluding those notices that do not pertain to any part of 104 | the Derivative Works; and 105 | 106 | (d) If the Work includes a "NOTICE" text file as part of its 107 | distribution, then any Derivative Works that You distribute must 108 | include a readable copy of the attribution notices contained 109 | within such NOTICE file, excluding those notices that do not 110 | pertain to any part of the Derivative Works, in at least one 111 | of the following places: within a NOTICE text file distributed 112 | as part of the Derivative Works; within the Source form or 113 | documentation, if provided along with the Derivative Works; or, 114 | within a display generated by the Derivative Works, if and 115 | wherever such third-party notices normally appear. The contents 116 | of the NOTICE file are for informational purposes only and 117 | do not modify the License. You may add Your own attribution 118 | notices within Derivative Works that You distribute, alongside 119 | or as an addendum to the NOTICE text from the Work, provided 120 | that such additional attribution notices cannot be construed 121 | as modifying the License. 122 | 123 | You may add Your own copyright statement to Your modifications and 124 | may provide additional or different license terms and conditions 125 | for use, reproduction, or distribution of Your modifications, or 126 | for any such Derivative Works as a whole, provided Your use, 127 | reproduction, and distribution of the Work otherwise complies with 128 | the conditions stated in this License. 129 | 130 | 5. Submission of Contributions. Unless You explicitly state otherwise, 131 | any Contribution intentionally submitted for inclusion in the Work 132 | by You to the Licensor shall be under the terms and conditions of 133 | this License, without any additional terms or conditions. 134 | Notwithstanding the above, nothing herein shall supersede or modify 135 | the terms of any separate license agreement you may have executed 136 | with Licensor regarding such Contributions. 137 | 138 | 6. Trademarks. This License does not grant permission to use the trade 139 | names, trademarks, service marks, or product names of the Licensor, 140 | except as required for reasonable and customary use in describing the 141 | origin of the Work and reproducing the content of the NOTICE file. 142 | 143 | 7. Disclaimer of Warranty. Unless required by applicable law or 144 | agreed to in writing, Licensor provides the Work (and each 145 | Contributor provides its Contributions) on an "AS IS" BASIS, 146 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or 147 | implied, including, without limitation, any warranties or conditions 148 | of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A 149 | PARTICULAR PURPOSE. You are solely responsible for determining the 150 | appropriateness of using or redistributing the Work and assume any 151 | risks associated with Your exercise of permissions under this License. 152 | 153 | 8. Limitation of Liability. In no event and under no legal theory, 154 | whether in tort (including negligence), contract, or otherwise, 155 | unless required by applicable law (such as deliberate and grossly 156 | negligent acts) or agreed to in writing, shall any Contributor be 157 | liable to You for damages, including any direct, indirect, special, 158 | incidental, or consequential damages of any character arising as a 159 | result of this License or out of the use or inability to use the 160 | Work (including but not limited to damages for loss of goodwill, 161 | work stoppage, computer failure or malfunction, or any and all 162 | other commercial damages or losses), even if such Contributor 163 | has been advised of the possibility of such damages. 164 | 165 | 9. Accepting Warranty or Additional Liability. While redistributing 166 | the Work or Derivative Works thereof, You may choose to offer, 167 | and charge a fee for, acceptance of support, warranty, indemnity, 168 | or other liability obligations and/or rights consistent with this 169 | License. However, in accepting such obligations, You may act only 170 | on Your own behalf and on Your sole responsibility, not on behalf 171 | of any other Contributor, and only if You agree to indemnify, 172 | defend, and hold each Contributor harmless for any liability 173 | incurred by, or claims asserted against, such Contributor by reason 174 | of your accepting any such warranty or additional liability. 175 | 176 | END OF TERMS AND CONDITIONS 177 | -------------------------------------------------------------------------------- /NOTICE: -------------------------------------------------------------------------------- 1 | Copyright (c) 2017-Present CloudFoundry.org Foundation, Inc. All Rights Reserved. 2 | 3 | Licensed under the Apache License, Version 2.0 (the "License"); 4 | you may not use this file except in compliance with the License. 5 | You may obtain a copy of the License at 6 | 7 | http://www.apache.org/licenses/LICENSE-2.0 8 | 9 | Unless required by applicable law or agreed to in writing, software 10 | distributed under the License is distributed on an "AS IS" BASIS, 11 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | See the License for the specific language governing permissions and 13 | limitations under the License. 14 | -------------------------------------------------------------------------------- /PULL_REQUEST_TEMPLATE.md: -------------------------------------------------------------------------------- 1 | Thanks for contributing to 'istio-release'. To help us, please fill out the following template and our bot will add a story to our icebox. From there we will work to prioritize it on the backlog. 2 | 3 | * A short explanation of the proposed change: 4 | 5 | * An explanation of the use cases your change solves 6 | 7 | * Instructions to functionally test the behavior change using operator interfaces (BOSH manifest, logs, curl, and metrics) 8 | 9 | * Expected result after the change 10 | 11 | * Current result before the change 12 | 13 | * Links to any other associated PRs 14 | 15 | * [ ] I have viewed signed and have submitted the Contributor License Agreement 16 | 17 | * [ ] I have made this pull request to the `master` branch 18 | 19 | * [ ] I have run all the unit tests using `scripts/test` 20 | 21 | * [ ] I have run Istio Acceptance Tests on bosh lite 22 | 23 | * [ ] I have run CF Acceptance Tests on bosh lite 24 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Deprecated 2 | Development has been suspended for Istio integration with cf-deployment on BOSH. 3 | 4 | Please look at [cf-for-k8s](https://github.com/cloudfoundry/cf-for-k8s) for an Istio integration with Cloud Foundry on Kubernetes. 5 | 6 | 7 | 8 | ## Istio + Cloud Foundry (on BOSH) 9 | 10 | This repo is a [BOSH release](https://github.com/cloudfoundry/bosh) that 11 | packages [Istio](https://istio.io/) and [Envoy](https://github.com/envoyproxy/envoy) for support of Service Mesh use cases in Cloud Foundry. 12 | 13 | ### Deployment 14 | Follow these [steps](https://docs.cloudfoundry.org/running/deploying-service-mesh.html) to deploy the istio routing tier with your Cloud Foundry 15 | 16 | ### Contributing to istio-release 17 | Please follow our [Code of Conduct](https://www.cloudfoundry.org/code-of-conduct/). 18 | 19 | #### Running Tests 20 | Before submitting a PR, please run our tests and update any tests relevant to 21 | your changes. 22 | 23 | #### Run release tests 24 | Test your changes to istio-release. This script tests changes in copilot and in 25 | the BOSH release. 26 | 27 | ``` 28 | ./scripts/update # to sync all the submodules 29 | ./scripts/test 30 | ``` 31 | 32 | #### Run upstream tests 33 | Test your integration with upstream Istio. This runs the Pilot-related tests within 34 | istio.io/istio. 35 | 36 | ``` 37 | ./scripts/update # to sync all the submodules 38 | ./test-upstream-linux.sh or ./test-upstream-mac.sh 39 | ``` 40 | -------------------------------------------------------------------------------- /ci/pipelines/istio.yml: -------------------------------------------------------------------------------- 1 | groups: 2 | - name: istio 3 | jobs: 4 | - copilot-test 5 | - upgrade-go1.x-in-istio-release 6 | - update-envoy-blob 7 | - update-grpcurl-blob 8 | - istio-release-test 9 | - istio-dev-deploy-cf 10 | - run-iats-dev 11 | - run-scaling 12 | - run-sits 13 | - run-cats 14 | - istio-acceptance-deploy-cf 15 | - run-iats-acceptance 16 | - build-istio-release-notes 17 | - bump-patch-and-create-final-release 18 | - bump-minor-and-create-final-release 19 | - bump-major-and-create-final-release 20 | - merge-master-into-develop 21 | - name: maintenance 22 | jobs: 23 | - istio-dev-setup 24 | - isitio-dev-bbl-destroy 25 | - istio-dev-bosh-cleanup 26 | - istio-acceptance-setup 27 | - istio-acceptance-bosh-cleanup 28 | - istio-upstream-setup 29 | - isitio-upstream-bbl-destroy 30 | - istio-upstream-bosh-cleanup 31 | - istio-acceptance-delete-deployment 32 | - istio-dev-delete-deployment 33 | - istio-upstream-delete-deployment 34 | - name: istio-source 35 | jobs: 36 | - update-istio-submodule 37 | - istio-upstream-test 38 | - istio-upstream-release-test 39 | - istio-upstream-deploy-cf 40 | - run-iats-upstream 41 | - merge-istio-release-upstream-untested 42 | 43 | resource_types: 44 | - name: tracker-resource 45 | type: docker-image 46 | source: 47 | repository: concourse/tracker-resource 48 | 49 | resources: 50 | - name: final-version 51 | type: semver 52 | source: 53 | uri: git@github.com:cloudfoundry/istio-release.git 54 | branch: develop 55 | file: .final_builds/version 56 | driver: git 57 | private_key: ((github_private_key.private_key)) 58 | git_user: CI Bot 59 | 60 | - name: cf-deployment-concourse-tasks 61 | type: git 62 | source: 63 | branch: master 64 | uri: https://github.com/cloudfoundry/cf-deployment-concourse-tasks 65 | tag_filter: v* 66 | 67 | - name: cf-acceptance-tests 68 | type: git 69 | source: 70 | branch: master 71 | uri: https://github.com/cloudfoundry/cf-acceptance-tests 72 | 73 | - name: cf-deployment 74 | type: git 75 | source: 76 | branch: master 77 | uri: https://github.com/cloudfoundry/cf-deployment.git 78 | 79 | - name: deployments-routing 80 | type: git 81 | source: 82 | branch: master 83 | private_key: ((github_private_key.private_key)) 84 | uri: git@github.com:cloudfoundry/deployments-routing.git 85 | 86 | - name: copilot 87 | type: git 88 | source: 89 | branch: master 90 | uri: https://github.com/cloudfoundry/copilot 91 | 92 | - name: istio-release-ci 93 | type: git 94 | source: 95 | branch: develop 96 | uri: git@github.com:cloudfoundry/istio-release.git 97 | private_key: ((github_private_key.private_key)) 98 | paths: 99 | - ci 100 | 101 | - name: istio-release 102 | type: git 103 | source: 104 | branch: develop 105 | uri: git@github.com:cloudfoundry/istio-release.git 106 | rebase: true 107 | private_key: ((github_private_key.private_key)) 108 | 109 | - name: istio-release-master 110 | type: git 111 | source: 112 | branch: master 113 | uri: git@github.com:cloudfoundry/istio-release.git 114 | rebase: true 115 | private_key: ((github_private_key.private_key)) 116 | 117 | - name: istio-release-upstream-untested 118 | type: git 119 | source: 120 | branch: upstream-untested 121 | uri: git@github.com:cloudfoundry/istio-release.git 122 | rebase: true 123 | private_key: ((github_private_key.private_key)) 124 | 125 | - name: istio-source 126 | type: git 127 | source: 128 | branch: master # change back to release branch when our PR is released: https://github.com/istio/istio/pull/15473 129 | uri: https://github.com/istio/istio 130 | 131 | - name: istio-acceptance-tests 132 | type: git 133 | source: 134 | branch: master 135 | uri: git@github.com:cloudfoundry/istio-acceptance-tests.git 136 | private_key: ((github_private_key.private_key)) 137 | 138 | - name: istio-scaling 139 | type: git 140 | source: 141 | branch: master 142 | uri: git@github.com:cloudfoundry/istio-scaling.git 143 | private_key: ((github_private_key.private_key)) 144 | 145 | - name: sync-integration-tests 146 | type: git 147 | source: 148 | branch: master 149 | uri: https://github.com/cloudfoundry/sync-integration-tests.git 150 | 151 | - name: golang-release-latest 152 | type: git 153 | source: 154 | branch: master 155 | tag_filter: v* 156 | uri: https://github.com/bosh-packages/golang-release.git 157 | 158 | - name: envoy-semver-v1.11.0 159 | type: git 160 | source: 161 | branch: master 162 | tag_filter: v1.11.0 163 | uri: https://github.com/envoyproxy/envoy 164 | 165 | - name: grpcurl-source 166 | type: git 167 | source: 168 | branch: master 169 | uri: https://github.com/fullstorydev/grpcurl.git 170 | 171 | # please DO NOT rename the branch here without changing the name of the resource 172 | - name: capi-develop 173 | type: git 174 | source: 175 | branch: develop 176 | uri: https://github.com/cloudfoundry/capi-release 177 | 178 | - name: latest-silk 179 | type: git 180 | source: 181 | uri: https://github.com/cloudfoundry/silk-release 182 | branch: release-candidate 183 | ignore_paths: 184 | - docs 185 | 186 | # APP INTEGRATIONS 187 | - name: tracker-routing 188 | type: tracker-resource 189 | source: 190 | tracker_url: https://www.pivotaltracker.com 191 | project_id: "1358110" 192 | token: ((tracker_api_token)) 193 | 194 | jobs: 195 | - name: copilot-test 196 | plan: 197 | - get: copilot 198 | trigger: true 199 | - task: test 200 | file: copilot/ci/test.yml 201 | 202 | - name: upgrade-go1.x-in-istio-release 203 | plan: 204 | - in_parallel: 205 | - get: istio-release 206 | - get: golang-release-latest 207 | - get: istio-release-ci 208 | - get: deployments-routing 209 | - task: upgrade-go1.x-in-istio-release 210 | file: istio-release-ci/ci/tasks/upgrade-package-in-release/task.yml 211 | params: 212 | RELEASE: release 213 | PACKAGE: golang-1-linux 214 | BRANCH: develop 215 | GCP_BLOBSTORE_SERVICE_ACCOUNT_KEY: ((gcp_istio_blobstore_service_account_key)) 216 | input_mapping: 217 | release: istio-release 218 | package-release: golang-release-latest 219 | - task: save-golang-version-to-file 220 | file: istio-release-ci/ci/tasks/save-golang-version-to-file/task.yml 221 | params: 222 | BRANCH: develop 223 | input_mapping: 224 | release: modified-release 225 | - put: istio-release 226 | params: 227 | repository: modified-release 228 | 229 | - name: update-envoy-blob 230 | plan: 231 | - in_parallel: 232 | - get: istio-release-ci 233 | - get: istio-release 234 | - get: envoy-source 235 | resource: envoy-semver-v1.11.0 236 | - task: pull-envoy-image 237 | privileged: true # see: https://github.com/concourse/docker-image-resource/issues/164 238 | file: istio-release-ci/ci/tasks/envoy-blob/pull-from-docker/task.yml 239 | - task: update-envoy-blob 240 | file: istio-release-ci/ci/tasks/envoy-blob/update/task.yml 241 | params: 242 | GCP_BLOBSTORE_SERVICE_ACCOUNT_KEY: ((gcp_istio_blobstore_service_account_key)) 243 | - put: istio-release 244 | params: 245 | repository: updated-istio-release 246 | rebase: true 247 | 248 | - name: update-grpcurl-blob 249 | plan: 250 | - in_parallel: 251 | - get: istio-release-ci 252 | - get: istio-release 253 | - get: grpcurl-source 254 | - task: compile-grpcurl 255 | file: istio-release-ci/ci/tasks/grpcurl-blob/compile/task.yml 256 | - task: update-grpcurl-blob 257 | file: istio-release-ci/ci/tasks/grpcurl-blob/update/task.yml 258 | params: 259 | GCP_BLOBSTORE_SERVICE_ACCOUNT_KEY: ((gcp_istio_blobstore_service_account_key)) 260 | - put: istio-release 261 | params: 262 | repository: updated-istio-release 263 | rebase: true 264 | 265 | - name: istio-upstream-setup 266 | serial_groups: [istio-upstream] 267 | plan: 268 | - in_parallel: 269 | - get: cf-deployment-concourse-tasks 270 | - get: deployments-routing 271 | - get: istio-release-ci 272 | - get: istio-release 273 | - task: merge-bbl-config 274 | file: istio-release-ci/ci/tasks/merge-bbl-config/task.yml 275 | input_mapping: 276 | source1: istio-release-ci 277 | source2: istio-release 278 | source3: deployments-routing 279 | params: 280 | SOURCE1_DIR: ci/tasks/bbl-configs/add-parent-dns-full 281 | SOURCE2_DIR: deploy/bbl-config 282 | SOURCE3_DIR: datadog-config 283 | - task: bbl-up 284 | file: cf-deployment-concourse-tasks/bbl-up/task.yml 285 | input_mapping: 286 | bbl-state: deployments-routing 287 | bbl-config: merged-bbl-config 288 | params: 289 | BBL_IAAS: gcp 290 | BBL_GCP_SERVICE_ACCOUNT_KEY: ((shared_gcp_account_creds)) 291 | BBL_GCP_REGION: us-west1 292 | BBL_LB_CERT: ../lb_certs/lb.crt 293 | BBL_LB_KEY: ../lb_certs/lb.key 294 | LB_DOMAIN: istio-upstream.routing.cf-app.com 295 | BBL_ENV_NAME: istio-upstream 296 | BBL_STATE_DIR: istio-upstream/bbl-state 297 | GIT_COMMIT_EMAIL: cf-routing-eng@pivotal.io 298 | BBL_CONFIG_DIR: "." 299 | ensure: 300 | put: deployments-routing 301 | params: 302 | repository: updated-bbl-state 303 | rebase: true 304 | 305 | - name: isitio-upstream-bbl-destroy 306 | serial_groups: [istio-upstream] 307 | build_logs_to_retain: 100 308 | plan: 309 | - in_parallel: 310 | - get: deployments-routing 311 | - get: cf-deployment-concourse-tasks 312 | - task: destroy-istio-upstream 313 | file: cf-deployment-concourse-tasks/bbl-destroy/task.yml 314 | params: 315 | BBL_STATE_DIR: istio-upstream/bbl-state 316 | BBL_GCP_SERVICE_ACCOUNT_KEY: ((shared_gcp_account_creds)) 317 | GIT_COMMIT_EMAIL: cf-routing-eng@pivotal.io 318 | input_mapping: 319 | bbl-state: deployments-routing 320 | ensure: 321 | put: deployments-routing 322 | params: 323 | repository: updated-bbl-state 324 | rebase: true 325 | 326 | - name: istio-upstream-bosh-cleanup 327 | serial_groups: [istio-upstream] 328 | build_logs_to_retain: 100 329 | plan: 330 | - get: deployments-routing 331 | - get: cf-deployment-concourse-tasks 332 | - task: cleanup-artifacts 333 | file: cf-deployment-concourse-tasks/bosh-cleanup/task.yml 334 | params: 335 | BBL_STATE_DIR: istio-upstream/bbl-state 336 | input_mapping: 337 | bbl-state: deployments-routing 338 | 339 | - name: istio-acceptance-delete-deployment 340 | serial_groups: [istio-acceptance] 341 | build_logs_to_retain: 100 342 | plan: 343 | - in_parallel: 344 | - get: cf-deployment-concourse-tasks 345 | - get: deployments-routing 346 | - task: delete-cf-deployment 347 | file: cf-deployment-concourse-tasks/bosh-delete-deployment/task.yml 348 | params: 349 | BBL_STATE_DIR: istio-acceptance/bbl-state 350 | DEPLOYMENT_NAME: cf 351 | input_mapping: 352 | bbl-state: deployments-routing 353 | 354 | - name: istio-dev-delete-deployment 355 | serial_groups: [istio-dev] 356 | build_logs_to_retain: 100 357 | plan: 358 | - in_parallel: 359 | - get: cf-deployment-concourse-tasks 360 | - get: deployments-routing 361 | - task: delete-cf-deployment 362 | file: cf-deployment-concourse-tasks/bosh-delete-deployment/task.yml 363 | params: 364 | BBL_STATE_DIR: istio-dev/bbl-state 365 | DEPLOYMENT_NAME: cf 366 | input_mapping: 367 | bbl-state: deployments-routing 368 | 369 | - name: istio-upstream-delete-deployment 370 | serial_groups: [istio-upstream] 371 | build_logs_to_retain: 100 372 | plan: 373 | - in_parallel: 374 | - get: cf-deployment-concourse-tasks 375 | - get: deployments-routing 376 | - task: delete-cf-deployment 377 | file: cf-deployment-concourse-tasks/bosh-delete-deployment/task.yml 378 | params: 379 | BBL_STATE_DIR: istio-upstream/bbl-state 380 | DEPLOYMENT_NAME: cf 381 | input_mapping: 382 | bbl-state: deployments-routing 383 | 384 | - name: istio-dev-setup 385 | serial_groups: 386 | - istio-dev 387 | plan: 388 | - in_parallel: 389 | - get: cf-deployment-concourse-tasks 390 | - get: deployments-routing 391 | - get: istio-release-ci 392 | - get: istio-release 393 | - task: merge-bbl-config 394 | file: istio-release-ci/ci/tasks/merge-bbl-config/task.yml 395 | input_mapping: 396 | source1: istio-release-ci 397 | source2: istio-release 398 | source3: deployments-routing 399 | params: 400 | SOURCE1_DIR: ci/tasks/bbl-configs/add-parent-dns-full 401 | SOURCE2_DIR: deploy/bbl-config 402 | SOURCE3_DIR: datadog-config 403 | - task: bbl-up 404 | file: cf-deployment-concourse-tasks/bbl-up/task.yml 405 | input_mapping: 406 | bbl-state: deployments-routing 407 | bbl-config: merged-bbl-config 408 | params: 409 | BBL_IAAS: gcp 410 | BBL_GCP_SERVICE_ACCOUNT_KEY: ((shared_gcp_account_creds)) 411 | BBL_GCP_REGION: us-west1 412 | BBL_LB_CERT: ../lb_certs/lb.crt 413 | BBL_LB_KEY: ../lb_certs/lb.key 414 | LB_DOMAIN: istio-dev.routing.cf-app.com 415 | BBL_ENV_NAME: istio-dev 416 | BBL_STATE_DIR: istio-dev/bbl-state 417 | GIT_COMMIT_EMAIL: cf-routing-eng@pivotal.io 418 | BBL_CONFIG_DIR: "." 419 | ensure: 420 | put: deployments-routing 421 | params: 422 | repository: updated-bbl-state 423 | rebase: true 424 | 425 | - name: isitio-dev-bbl-destroy 426 | serial_groups: [istio-dev] 427 | build_logs_to_retain: 100 428 | plan: 429 | - in_parallel: 430 | - get: deployments-routing 431 | - get: cf-deployment-concourse-tasks 432 | - task: destroy-istio-dev 433 | file: cf-deployment-concourse-tasks/bbl-destroy/task.yml 434 | params: 435 | BBL_STATE_DIR: istio-dev/bbl-state 436 | BBL_GCP_SERVICE_ACCOUNT_KEY: ((shared_gcp_account_creds)) 437 | GIT_COMMIT_EMAIL: cf-routing-eng@pivotal.io 438 | input_mapping: 439 | bbl-state: deployments-routing 440 | ensure: 441 | put: deployments-routing 442 | params: 443 | repository: updated-bbl-state 444 | rebase: true 445 | 446 | - name: istio-acceptance-setup 447 | serial_groups: 448 | - istio-acceptance 449 | plan: 450 | - in_parallel: 451 | - get: cf-deployment-concourse-tasks 452 | - get: deployments-routing 453 | - get: istio-release-ci 454 | - get: istio-release 455 | - task: merge-bbl-config 456 | file: istio-release-ci/ci/tasks/merge-bbl-config/task.yml 457 | input_mapping: 458 | source1: istio-release-ci 459 | source2: istio-release 460 | source3: deployments-routing 461 | params: 462 | SOURCE1_DIR: ci/tasks/bbl-configs/add-parent-dns-full 463 | SOURCE2_DIR: deploy/bbl-config 464 | SOURCE3_DIR: datadog-config 465 | - task: bbl-up 466 | file: cf-deployment-concourse-tasks/bbl-up/task.yml 467 | params: 468 | BBL_IAAS: gcp 469 | BBL_GCP_SERVICE_ACCOUNT_KEY: ((shared_gcp_account_creds)) # will change when upgrading to latest cf-deployment-concourse-tasks 470 | BBL_GCP_PROJECT_ID: cf-routing 471 | BBL_GCP_REGION: us-west1 472 | BBL_GCP_ZONE: us-west1-b 473 | BBL_LB_CERT: ../lb_certs/lb.crt 474 | BBL_LB_KEY: ../lb_certs/lb.key 475 | LB_DOMAIN: istio-acceptance.routing.cf-app.com 476 | BBL_ENV_NAME: istio-acceptance 477 | BBL_STATE_DIR: istio-acceptance/bbl-state 478 | GIT_COMMIT_EMAIL: cf-routing-eng@pivotal.io 479 | BBL_CONFIG_DIR: "." 480 | input_mapping: 481 | bbl-state: deployments-routing 482 | bbl-config: merged-bbl-config 483 | ensure: 484 | put: deployments-routing 485 | params: 486 | repository: updated-bbl-state 487 | rebase: true 488 | 489 | - name: istio-dev-bosh-cleanup 490 | serial_groups: [istio-dev] 491 | build_logs_to_retain: 100 492 | plan: 493 | - get: deployments-routing 494 | - get: cf-deployment-concourse-tasks 495 | - task: cleanup-artifacts 496 | file: cf-deployment-concourse-tasks/bosh-cleanup/task.yml 497 | params: 498 | BBL_STATE_DIR: istio-dev/bbl-state 499 | input_mapping: 500 | bbl-state: deployments-routing 501 | 502 | - name: istio-acceptance-bosh-cleanup 503 | serial_groups: [istio-acceptance] 504 | build_logs_to_retain: 100 505 | plan: 506 | - get: deployments-routing 507 | - get: cf-deployment-concourse-tasks 508 | - task: cleanup-artifacts 509 | file: cf-deployment-concourse-tasks/bosh-cleanup/task.yml 510 | params: 511 | BBL_STATE_DIR: istio-acceptance/bbl-state 512 | input_mapping: 513 | bbl-state: deployments-routing 514 | 515 | - name: update-istio-submodule 516 | plan: 517 | - in_parallel: 518 | - get: istio-source 519 | - get: istio-release 520 | - get: istio-release-upstream-untested 521 | - get: istio-release-ci 522 | - task: update-submodule 523 | input_mapping: 524 | submodule-latest: istio-source 525 | needs-bump: istio-release 526 | file: istio-release-ci/ci/tasks/bump-submodule/task.yml 527 | params: 528 | SUBMODULE_PATH: src/istio.io/istio 529 | BRANCH: develop 530 | - put: istio-release-upstream-untested 531 | params: 532 | repository: bumped 533 | force: true 534 | 535 | - name: istio-upstream-test 536 | serial_groups: [istio-upstream] 537 | plan: 538 | - in_parallel: 539 | - get: istio-source 540 | trigger: true 541 | passed: [update-istio-submodule] 542 | - get: istio-release-upstream-untested 543 | trigger: true 544 | passed: [update-istio-submodule] 545 | - get: istio-release-ci 546 | - task: get-other-submodules 547 | privileged: true 548 | config: 549 | platform: linux 550 | image_resource: 551 | type: docker-image 552 | source: 553 | repository: cloudfoundry/cf-routing-pipeline 554 | inputs: 555 | - name: istio-release-upstream-untested 556 | outputs: 557 | - name: bumped-with-submodules 558 | run: 559 | path: bash 560 | args: 561 | - -exc 562 | - | 563 | git clone istio-release-upstream-untested bumped-with-submodules 564 | cd bumped-with-submodules 565 | git submodule update --init --recursive 566 | - task: test 567 | privileged: true 568 | file: istio-release-upstream-untested/ci/istio-upstream-tests.yml 569 | input_mapping: 570 | istio-release: bumped-with-submodules 571 | 572 | - name: istio-upstream-release-test 573 | plan: 574 | - get: istio-release-upstream-untested 575 | passed: [istio-upstream-test] 576 | trigger: true 577 | - task: test 578 | privileged: true 579 | file: istio-release-upstream-untested/ci/tasks/istio-release-tests/task.yml 580 | input_mapping: 581 | istio-release: istio-release-upstream-untested 582 | 583 | - name: istio-upstream-deploy-cf 584 | serial_groups: [istio-upstream] 585 | plan: 586 | - in_parallel: 587 | - get: istio-release-upstream-untested 588 | passed: [istio-upstream-release-test] 589 | trigger: true 590 | - get: istio-release-ci 591 | - get: latest-silk 592 | trigger: true 593 | - get: cf-deployment-concourse-tasks 594 | - get: capi-develop 595 | - get: cf-deployment 596 | trigger: true 597 | - get: deployments-routing 598 | - task: merge-ops-files 599 | file: istio-release-ci/ci/tasks/merge-ops-files/task.yml 600 | input_mapping: 601 | source1: istio-release-upstream-untested 602 | params: 603 | ENVIRONMENT: istio-upstream 604 | SOURCE1_DIR: deploy/cf-deployment-operations 605 | - task: upload-stemcell 606 | file: cf-deployment-concourse-tasks/bosh-upload-stemcell-from-cf-deployment/task.yml 607 | input_mapping: 608 | bbl-state: deployments-routing 609 | params: 610 | BBL_STATE_DIR: istio-upstream/bbl-state 611 | - task: create-capi-release-with-copilot 612 | file: istio-release-ci/ci/tasks/create-release-tarball/task.yml 613 | input_mapping: 614 | release-dir: capi-develop 615 | - task: upload-capi-release-with-copilot 616 | file: istio-release-ci/ci/tasks/bosh2-command/task-with-release.yml 617 | params: 618 | ENVIRONMENT: istio-upstream 619 | COMMAND: "upload-release ./release/*.tgz" 620 | input_mapping: 621 | release: release-tarball 622 | - task: create-latest-silk-release 623 | file: istio-release-ci/ci/tasks/create-release-tarball/task.yml 624 | input_mapping: 625 | release-dir: latest-silk 626 | - task: upload-latest-silk-release 627 | file: istio-release-ci/ci/tasks/bosh2-command/task-with-release.yml 628 | params: 629 | ENVIRONMENT: istio-upstream 630 | COMMAND: "upload-release ./release/*.tgz" 631 | input_mapping: 632 | release: release-tarball 633 | - task: deploy-cf-with-created-istio-release 634 | file: cf-deployment-concourse-tasks/bosh-deploy-with-created-release/task.yml 635 | params: 636 | BBL_STATE_DIR: istio-upstream/bbl-state 637 | OPS_FILES: | 638 | use-compiled-releases.yml 639 | enable-service-discovery.yml 640 | use-latest-capi-release.yml 641 | use-latest-silk-release.yml 642 | add-istio.yml 643 | enable-sidecar-proxying.yml 644 | disable-ingress-sidecar-proxying.yml 645 | add-external-istio-lb.yml 646 | enable-tls-termination.yml 647 | add-datadog-firehose-nozzle.yml 648 | SYSTEM_DOMAIN: istio-upstream.routing.cf-app.com 649 | input_mapping: 650 | bbl-state: deployments-routing 651 | vars-store: deployments-routing 652 | vars-files: deployments-routing 653 | ops-files: merged-operations 654 | release: istio-release-upstream-untested 655 | 656 | - name: run-iats-upstream 657 | serial_groups: [istio-upstream] 658 | plan: 659 | - in_parallel: 660 | - get: istio-release-upstream-untested 661 | trigger: true 662 | passed: 663 | - istio-upstream-deploy-cf 664 | - get: istio-release-ci 665 | - get: latest-silk 666 | trigger: true 667 | passed: 668 | - istio-dev-deploy-cf 669 | - get: deployments-routing 670 | - get: istio-acceptance-tests 671 | - task: run-iats 672 | file: istio-release-ci/ci/tasks/run-iats/task.yml 673 | params: 674 | VARS_LOCATION: deployments-routing/istio-upstream/bbl-state 675 | CF_LOGIN_DOMAIN: istio-upstream.routing.cf-app.com 676 | API_DOMAIN: istio.istio-upstream.routing.cf-app.com 677 | 678 | - name: merge-istio-release-upstream-untested 679 | serial_groups: [istio-upstream] 680 | plan: 681 | - in_parallel: 682 | - get: istio-release-upstream-untested 683 | trigger: true 684 | passed: 685 | - run-iats-upstream 686 | - get: istio-release 687 | - put: istio-release 688 | params: 689 | repository: istio-release-upstream-untested 690 | 691 | - name: istio-release-test 692 | plan: 693 | - in_parallel: 694 | - get: istio-release-ci 695 | - get: istio-release 696 | trigger: true 697 | - task: test 698 | privileged: true 699 | file: istio-release-ci/ci/tasks/istio-release-tests/task.yml 700 | 701 | - name: istio-dev-deploy-cf 702 | serial_groups: 703 | - istio-dev 704 | plan: 705 | - in_parallel: 706 | - get: istio-release 707 | passed: [ istio-release-test ] 708 | trigger: true 709 | - get: istio-release-ci 710 | - get: latest-silk 711 | trigger: true 712 | - get: cf-deployment-concourse-tasks 713 | - get: capi-develop 714 | - get: cf-deployment 715 | trigger: true 716 | - get: deployments-routing 717 | - task: merge-ops-files 718 | file: istio-release-ci/ci/tasks/merge-ops-files/task.yml 719 | input_mapping: 720 | source1: istio-release 721 | params: 722 | ENVIRONMENT: istio-dev 723 | SOURCE1_DIR: deploy/cf-deployment-operations 724 | - task: upload-stemcell 725 | file: cf-deployment-concourse-tasks/bosh-upload-stemcell-from-cf-deployment/task.yml 726 | input_mapping: 727 | bbl-state: deployments-routing 728 | params: 729 | BBL_STATE_DIR: istio-dev/bbl-state 730 | - task: create-capi-release-with-copilot 731 | file: istio-release-ci/ci/tasks/create-release-tarball/task.yml 732 | input_mapping: 733 | release-dir: capi-develop 734 | - task: upload-capi-release-with-copilot 735 | file: istio-release-ci/ci/tasks/bosh2-command/task-with-release.yml 736 | params: 737 | ENVIRONMENT: istio-dev 738 | COMMAND: "upload-release ./release/*.tgz" 739 | input_mapping: 740 | release: release-tarball 741 | - task: create-latest-silk-release 742 | file: istio-release-ci/ci/tasks/create-release-tarball/task.yml 743 | input_mapping: 744 | release-dir: latest-silk 745 | - task: upload-latest-silk-release 746 | file: istio-release-ci/ci/tasks/bosh2-command/task-with-release.yml 747 | params: 748 | ENVIRONMENT: istio-dev 749 | COMMAND: "upload-release ./release/*.tgz" 750 | input_mapping: 751 | release: release-tarball 752 | - task: deploy-cf-with-created-istio-release 753 | file: cf-deployment-concourse-tasks/bosh-deploy-with-created-release/task.yml 754 | params: 755 | BBL_STATE_DIR: istio-dev/bbl-state 756 | OPS_FILES: | 757 | use-compiled-releases.yml 758 | enable-service-discovery.yml 759 | use-latest-capi-release.yml 760 | use-latest-silk-release.yml 761 | add-istio.yml 762 | enable-sidecar-proxying.yml 763 | disable-ingress-sidecar-proxying.yml 764 | add-external-istio-lb.yml 765 | enable-tls-termination.yml 766 | add-datadog-firehose-nozzle.yml 767 | add-lb-ca.yml 768 | SYSTEM_DOMAIN: istio-dev.routing.cf-app.com 769 | input_mapping: 770 | bbl-state: deployments-routing 771 | vars-store: deployments-routing 772 | vars-files: deployments-routing 773 | ops-files: merged-operations 774 | release: istio-release 775 | 776 | - name: run-iats-dev 777 | serial_groups: 778 | - istio-dev 779 | plan: 780 | - in_parallel: 781 | - get: istio-release 782 | trigger: true 783 | passed: 784 | - istio-dev-deploy-cf 785 | - get: istio-release-ci 786 | - get: latest-silk 787 | trigger: true 788 | passed: 789 | - istio-dev-deploy-cf 790 | - get: deployments-routing 791 | - get: istio-acceptance-tests 792 | - task: run-iats 793 | file: istio-release-ci/ci/tasks/run-iats/task.yml 794 | params: 795 | VARS_LOCATION: deployments-routing/istio-dev/bbl-state 796 | CF_LOGIN_DOMAIN: istio-dev.routing.cf-app.com 797 | API_DOMAIN: istio.istio-dev.routing.cf-app.com 798 | 799 | - name: run-scaling 800 | serial_groups: 801 | - istio-dev 802 | plan: 803 | - in_parallel: 804 | - get: istio-release 805 | trigger: true 806 | passed: 807 | - istio-dev-deploy-cf 808 | - get: istio-release-ci 809 | - get: deployments-routing 810 | - get: istio-scaling 811 | - task: run-scaling 812 | file: istio-release-ci/ci/tasks/run-istio-scaling/task.yml 813 | params: 814 | VARS_LOCATION: deployments-routing/istio-dev/bbl-state 815 | SYSTEM_DOMAIN: istio-dev.routing.cf-app.com 816 | NUMBER_OF_APPS: 450 817 | CLEANUP_ORG: true 818 | DEPLOYMENT_NAME: cf 819 | PASSING_THRESHOLD: 99.5 820 | DATADOG_API_KEY: ((datadog_api_key)) 821 | 822 | - name: run-sits 823 | serial_groups: 824 | - istio-dev 825 | plan: 826 | - in_parallel: 827 | - get: istio-release-ci 828 | - get: istio-release 829 | trigger: true 830 | passed: 831 | - istio-dev-deploy-cf 832 | - get: capi-develop 833 | trigger: true 834 | passed: 835 | - istio-dev-deploy-cf 836 | - get: latest-silk 837 | trigger: true 838 | passed: 839 | - istio-dev-deploy-cf 840 | - get: deployments-routing 841 | - get: sync-integration-tests 842 | trigger: true 843 | - task: run 844 | config: 845 | platform: linux 846 | image_resource: 847 | type: docker-image 848 | source: 849 | repository: cloudfoundry/cf-routing-pipeline 850 | inputs: 851 | - name: sync-integration-tests 852 | - name: deployments-routing 853 | - name: istio-release-ci 854 | params: 855 | BBL_STATE_DIR: deployments-routing/istio-dev/bbl-state 856 | CF_SYSTEM_DOMAIN: istio-dev.routing.cf-app.com 857 | CF_APPS_DOMAIN: istio.istio-dev.routing.cf-app.com 858 | RUN_ROUTING_TESTS: true 859 | run: 860 | path: bash 861 | args: 862 | - -exc 863 | - | 864 | source "${PWD}/deployments-routing/scripts/script_helpers.sh" 865 | pushd "${PWD}/deployments-routing/istio-dev" 866 | ENV=$(basename "$PWD") 867 | bosh_login $ENV 868 | popd 869 | mkdir -p "${GOPATH}/src/code.cloudfoundry.org" 870 | cp -R "${PWD}/sync-integration-tests" "${GOPATH}/src/code.cloudfoundry.org" 871 | "${GOPATH}/src/code.cloudfoundry.org/sync-integration-tests/run-against-env.sh" 872 | 873 | - name: run-cats 874 | serial_groups: [istio-dev] 875 | build_logs_to_retain: 100 876 | plan: 877 | - in_parallel: 878 | - get: istio-release-ci 879 | - get: cf-acceptance-tests 880 | - get: cf-deployment 881 | trigger: true 882 | passed: [istio-dev-deploy-cf] 883 | - get: deployments-routing 884 | - get: cf-deployment-concourse-tasks 885 | - get: istio-release 886 | passed: 887 | - run-sits 888 | - run-iats-dev 889 | - run-scaling 890 | trigger: true 891 | - task: create-integration-configs 892 | file: istio-release-ci/ci/tasks/create-integration-configs/task.yml 893 | params: 894 | ENVIRONMENT: istio-dev 895 | - task: update-integration-configs 896 | file: cf-deployment-concourse-tasks/update-integration-configs/task.yml 897 | input_mapping: 898 | bbl-state: created-integration-configs 899 | integration-configs: created-integration-configs 900 | params: 901 | BBL_STATE_DIR: istio-dev/bbl-state 902 | CATS_INTEGRATION_CONFIG_FILE: istio-dev/cats_integration_config.json 903 | GIT_COMMIT_EMAIL: cf-routing-eng@pivotal.io 904 | - task: run-cats 905 | input_mapping: 906 | integration-config: updated-integration-configs 907 | file: cf-deployment-concourse-tasks/run-cats/task.yml 908 | params: 909 | CONFIG_FILE_PATH: istio-dev/cats_integration_config.json 910 | NODES: 4 911 | 912 | - name: istio-acceptance-deploy-cf 913 | serial_groups: 914 | - istio-acceptance 915 | plan: 916 | - in_parallel: 917 | - get: istio-release 918 | trigger: true 919 | passed: 920 | - run-cats 921 | - get: istio-release-ci 922 | - get: cf-deployment-concourse-tasks 923 | - get: latest-silk 924 | trigger: true 925 | passed: 926 | - run-iats-dev 927 | - run-sits 928 | - get: capi-develop 929 | trigger: true 930 | passed: 931 | - run-sits 932 | - get: cf-deployment 933 | trigger: true 934 | passed: 935 | - istio-dev-deploy-cf 936 | - get: deployments-routing 937 | - task: merge-ops-files 938 | file: istio-release-ci/ci/tasks/merge-ops-files/task.yml 939 | input_mapping: 940 | source1: istio-release 941 | params: 942 | ENVIRONMENT: istio-acceptance 943 | SOURCE1_DIR: deploy/cf-deployment-operations 944 | - task: upload-stemcell 945 | file: cf-deployment-concourse-tasks/bosh-upload-stemcell-from-cf-deployment/task.yml 946 | input_mapping: 947 | bbl-state: deployments-routing 948 | params: 949 | BBL_STATE_DIR: istio-acceptance/bbl-state 950 | - task: create-capi-release-with-copilot 951 | file: istio-release-ci/ci/tasks/create-release-tarball/task.yml 952 | input_mapping: 953 | release-dir: capi-develop 954 | - task: upload-capi-release-with-copilot 955 | file: istio-release-ci/ci/tasks/bosh2-command/task-with-release.yml 956 | params: 957 | ENVIRONMENT: istio-acceptance 958 | COMMAND: "upload-release ./release/*.tgz" 959 | input_mapping: 960 | release: release-tarball 961 | - task: create-latest-silk-release 962 | file: istio-release-ci/ci/tasks/create-release-tarball/task.yml 963 | input_mapping: 964 | release-dir: latest-silk 965 | - task: upload-latest-silk-release 966 | file: istio-release-ci/ci/tasks/bosh2-command/task-with-release.yml 967 | params: 968 | ENVIRONMENT: istio-acceptance 969 | COMMAND: "upload-release ./release/*.tgz" 970 | input_mapping: 971 | release: release-tarball 972 | - task: deploy-cf-with-created-istio-release 973 | file: cf-deployment-concourse-tasks/bosh-deploy-with-created-release/task.yml 974 | params: 975 | BBL_STATE_DIR: istio-acceptance/bbl-state 976 | OPS_FILES: | 977 | use-compiled-releases.yml 978 | enable-service-discovery.yml 979 | use-latest-capi-release.yml 980 | use-latest-silk-release.yml 981 | add-istio.yml 982 | enable-sidecar-proxying.yml 983 | disable-ingress-sidecar-proxying.yml 984 | add-external-istio-lb.yml 985 | enable-tls-termination.yml 986 | add-datadog-firehose-nozzle.yml 987 | SYSTEM_DOMAIN: istio-acceptance.routing.cf-app.com 988 | input_mapping: 989 | bbl-state: deployments-routing 990 | vars-store: deployments-routing 991 | vars-files: deployments-routing 992 | ops-files: merged-operations 993 | release: istio-release 994 | 995 | - name: run-iats-acceptance 996 | serial_groups: 997 | - istio-acceptance 998 | plan: 999 | - in_parallel: 1000 | - get: istio-release-ci 1001 | - get: istio-release 1002 | trigger: true 1003 | passed: [istio-acceptance-deploy-cf] 1004 | - get: deployments-routing 1005 | passed: [istio-acceptance-deploy-cf] 1006 | - get: istio-acceptance-tests 1007 | - task: run-iats 1008 | file: istio-release-ci/ci/tasks/run-iats/task.yml 1009 | params: 1010 | VARS_LOCATION: deployments-routing/istio-acceptance/bbl-state 1011 | CF_LOGIN_DOMAIN: istio-acceptance.routing.cf-app.com 1012 | API_DOMAIN: istio.istio-acceptance.routing.cf-app.com 1013 | - try: 1014 | put: tracker-routing 1015 | params: 1016 | repos: 1017 | - istio-release 1018 | 1019 | - name: build-istio-release-notes 1020 | plan: 1021 | - in_parallel: 1022 | - get: istio-release-ci 1023 | - get: istio-release 1024 | trigger: true 1025 | passed: [run-iats-acceptance] 1026 | - get: deployments-routing 1027 | - get: istio-acceptance-tests 1028 | - task: build-release-notes 1029 | file: deployments-routing/ci/tasks/build-istio-release-notes/task.yml 1030 | 1031 | - name: bump-patch-and-create-final-release 1032 | serial_groups: [create-istio-final-release] 1033 | plan: 1034 | - in_parallel: 1035 | - get: final-version 1036 | params: {bump: patch} 1037 | - get: istio-release-ci 1038 | - get: istio-release-master 1039 | - get: istio-release 1040 | passed: [run-iats-acceptance] 1041 | - put: final-version 1042 | params: 1043 | file: final-version/version 1044 | - task: create-final-release 1045 | file: istio-release-ci/ci/tasks/create-final-istio-release/task.yml 1046 | input_mapping: 1047 | release-repo: istio-release 1048 | params: 1049 | GCP_BLOBSTORE_SERVICE_ACCOUNT_KEY: ((gcp_istio_blobstore_service_account_key)) 1050 | - put: istio-release-master 1051 | params: 1052 | rebase: true 1053 | repository: final-release-repo 1054 | tag: final-release-repo/version_number 1055 | tag_prefix: v 1056 | 1057 | - name: bump-minor-and-create-final-release 1058 | serial_groups: [create-istio-final-release] 1059 | plan: 1060 | - in_parallel: 1061 | - get: final-version 1062 | params: {bump: minor} 1063 | - get: istio-release-ci 1064 | - get: istio-release-master 1065 | - get: istio-release 1066 | passed: [run-iats-acceptance] 1067 | - put: final-version 1068 | params: 1069 | file: final-version/version 1070 | - task: create-final-release 1071 | file: istio-release-ci/ci/tasks/create-final-istio-release/task.yml 1072 | input_mapping: 1073 | release-repo: istio-release 1074 | params: 1075 | GCP_BLOBSTORE_SERVICE_ACCOUNT_KEY: ((gcp_istio_blobstore_service_account_key)) 1076 | - put: istio-release-master 1077 | params: 1078 | rebase: true 1079 | repository: final-release-repo 1080 | tag: final-release-repo/version_number 1081 | tag_prefix: v 1082 | 1083 | - name: bump-major-and-create-final-release 1084 | serial_groups: [create-istio-final-release] 1085 | plan: 1086 | - in_parallel: 1087 | - get: final-version 1088 | params: {bump: major} 1089 | - get: istio-release-ci 1090 | - get: istio-release-master 1091 | - get: istio-release 1092 | passed: [run-iats-acceptance] 1093 | - put: final-version 1094 | params: 1095 | file: final-version/version 1096 | - task: create-final-release 1097 | file: istio-release-ci/ci/tasks/create-final-istio-release/task.yml 1098 | input_mapping: 1099 | release-repo: istio-release 1100 | params: 1101 | GCP_BLOBSTORE_SERVICE_ACCOUNT_KEY: ((gcp_istio_blobstore_service_account_key)) 1102 | - put: istio-release-master 1103 | params: 1104 | rebase: true 1105 | repository: final-release-repo 1106 | tag: final-release-repo/version_number 1107 | tag_prefix: v 1108 | 1109 | - name: merge-master-into-develop 1110 | serial: true 1111 | serial_groups: 1112 | - create-istio-final-release 1113 | plan: 1114 | - in_parallel: 1115 | - get: deployments-routing 1116 | - get: istio-release-ci 1117 | - get: cf-routing-release-develop 1118 | resource: istio-release 1119 | params: 1120 | submodules: none 1121 | - get: cf-routing-release-master 1122 | resource: istio-release-master 1123 | trigger: true 1124 | params: 1125 | submodules: none 1126 | - task: merge-master-into-develop 1127 | file: istio-release-ci/ci/tasks/merge-routing-release-master-into-develop/task.yml 1128 | - put: istio-release 1129 | params: 1130 | repository: cf-routing-release-mergedmaster 1131 | -------------------------------------------------------------------------------- /ci/scripts/script_helpers.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | function bosh_login() { 4 | ENV=${1} 5 | DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )" 6 | DEPLOYMENT_DIR="${DIR}/../../../deployments-routing/${ENV}" 7 | if [ "$ENV" = "lite" ]; then 8 | bosh_login_lite 9 | return 10 | fi 11 | if [ -f "${DEPLOYMENT_DIR}/bosh-vars.yml" ]; then 12 | DIRECTOR_NAME=$(< "${DEPLOYMENT_DIR}/terraform.tfvars" jq -r .env_name) 13 | if [ "${ENV}" != "${DIRECTOR_NAME}" ]; then 14 | echo "Director Name does not match given env_name" 15 | return 1 16 | fi 17 | bosh_login_bosh_vars "${ENV}" 18 | else 19 | if [ ! -f "${DEPLOYMENT_DIR}/bbl-state.json" ]; then 20 | if [ ! -f "${DEPLOYMENT_DIR}/bbl-state/bbl-state.json" ]; then 21 | echo "Neither bosh-vars.yml nor bbl-state.json is found in ${DEPLOYMENT_DIR}" 22 | return 1 23 | fi 24 | fi 25 | bosh_login_bbl "${ENV}" 26 | fi 27 | } 28 | 29 | function bosh_login_bosh_vars() { 30 | ENV=${1} 31 | BOSH_CLIENT_SECRET="$(bosh int "${DEPLOYMENT_DIR}/bosh-vars.yml" --path /admin_password)" 32 | BOSH_CA_CERT="$(bosh int "${DEPLOYMENT_DIR}/bosh-vars.yml" --path /director_ssl/ca)" 33 | DIRECTOR_IP="$(bosh int "${DEPLOYMENT_DIR}/bosh-vars.yml" --path /external_ip)" 34 | BOSH_ENVIRONMENT="$(< "${DEPLOYMENT_DIR}/terraform.tfstate" jq -r .modules[0].outputs.external_ip.value)" 35 | JUMPBOX_PRIVATE_KEY="/tmp/${ENV}" 36 | bosh int "${DEPLOYMENT_DIR}/bosh-vars.yml" --path /jumpbox_ssh/private_key > "${JUMPBOX_PRIVATE_KEY}" 37 | chmod 600 "${JUMPBOX_PRIVATE_KEY}" 38 | export BOSH_CLIENT="admin" 39 | export BOSH_DEPLOYMENT="cf" 40 | export BOSH_GW_USER="jumpbox" 41 | export BOSH_GW_HOST="${DIRECTOR_IP}" 42 | export BOSH_CLIENT_SECRET 43 | export BOSH_CA_CERT 44 | export BOSH_ENVIRONMENT 45 | export JUMPBOX_PRIVATE_KEY 46 | 47 | bosh -e "${BOSH_ENVIRONMENT}" --ca-cert <(echo "${BOSH_CA_CERT}") alias-env "${ENV}" 48 | bosh login 49 | } 50 | 51 | function bosh_login_bbl() { 52 | if [ -z "${DEPLOYMENT_DIR}" ]; then 53 | echo "missing DEPLOYMENT_DIR. you probably meant to use bosh_login." 54 | return 55 | fi 56 | 57 | ENV=${1} 58 | local bbl_state_dir 59 | if [ -f "${DEPLOYMENT_DIR}/bbl-state.json" ]; then 60 | bbl_state_dir="${DEPLOYMENT_DIR}" 61 | else 62 | bbl_state_dir="${DEPLOYMENT_DIR}/bbl-state" 63 | fi 64 | 65 | JUMPBOX_PRIVATE_KEY="/tmp/${ENV}" 66 | touch "$JUMPBOX_PRIVATE_KEY" 67 | chmod 600 "${JUMPBOX_PRIVATE_KEY}" 68 | export JUMPBOX_PRIVATE_KEY 69 | local director_ip 70 | pushd "${bbl_state_dir}" 71 | eval "$(bbl print-env)" 72 | director_ip="$(bbl director-address | grep -o '[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}')" 73 | bbl ssh-key > "$JUMPBOX_PRIVATE_KEY" 74 | popd 75 | 76 | export BOSH_DEPLOYMENT="cf" 77 | export BOSH_GW_USER="jumpbox" 78 | export BOSH_GW_HOST="${director_ip}" 79 | 80 | 81 | bosh -e "${BOSH_ENVIRONMENT}" --ca-cert <(echo "${BOSH_CA_CERT}") alias-env "${ENV}" 82 | bosh login 83 | } 84 | 85 | function bosh_login_lite () 86 | { 87 | bosh_logout 88 | local env_dir=${HOME}/workspace/deployments-routing/lite 89 | 90 | pushd $env_dir >/dev/null 91 | BOSH_CLIENT="admin" 92 | BOSH_CLIENT_SECRET="$(bosh int ./bosh-vars.yml --path /admin_password)" 93 | BOSH_ENVIRONMENT="vbox" 94 | BOSH_CA_CERT="$(bosh int ./bosh-vars.yml --path /director_ssl/ca)" 95 | 96 | export BOSH_CLIENT 97 | export BOSH_CLIENT_SECRET 98 | export BOSH_ENVIRONMENT 99 | export BOSH_CA_CERT 100 | popd 1>/dev/null 101 | 102 | export BOSH_DEPLOYMENT=cf; 103 | } 104 | 105 | 106 | function bosh_logout () 107 | { 108 | unset BOSH_BBL_ENVIRONMENT 109 | unset BOSH_USER 110 | unset BOSH_PASSWORD 111 | unset BOSH_ENVIRONMENT 112 | unset BOSH_GW_HOST 113 | unset BOSH_GW_USER 114 | unset BOSH_GW_PRIVATE_KEY 115 | unset BOSH_CA_CERT 116 | unset BOSH_DEPLOYMENT 117 | unset BOSH_CLIENT 118 | unset BOSH_CLIENT_SECRET 119 | unset JUMPBOX_PRIVATE_KEY 120 | unset BOSH_ALL_PROXY 121 | unset CREDHUB_SERVER 122 | unset CREDHUB_CA_CERT 123 | unset CREDHUB_PROXY 124 | unset CREDHUB_CLIENT 125 | unset CREDHUB_SECRET 126 | } 127 | 128 | function extract_var() 129 | { 130 | local env=${1} 131 | local var=${2} 132 | 133 | bosh_login "${env}" > /dev/null 134 | credhub find -j -n "${var}" | jq -r .credentials[].name | xargs -n 1 -I {} credhub get -j -n {} | jq -r .value 135 | } 136 | 137 | function get_system_domain() 138 | { 139 | local env 140 | env=${1} 141 | if [ "${env}" = "lite" ]; then 142 | echo "bosh-lite.com" 143 | return 144 | fi 145 | 146 | echo "${env}.routing.cf-app.com" 147 | } 148 | 149 | function cf_login() 150 | { 151 | env=${1} 152 | local cf_admin_passsword 153 | if [ "${env}" = "lite" ]; then 154 | local env_dir=${HOME}/workspace/deployments-routing/lite 155 | cf_admin_password="$(bosh int ${env_dir}/deployment-vars.yml --path /cf_admin_password)" 156 | else 157 | cf_admin_password="$(extract_var "${env}" cf_admin_password)" 158 | fi 159 | cf api "api.$(get_system_domain "${env}")" --skip-ssl-validation 160 | cf auth admin "${cf_admin_password}" 161 | } 162 | 163 | function gke_login() 164 | { 165 | local env 166 | env=${1} 167 | gcloud container clusters get-credentials ${env} --zone=us-west1-a --project=cf-routing 168 | } 169 | 170 | function concourse_credhub_login() 171 | { 172 | local concourse_env 173 | local web_ip 174 | local credhub_address 175 | concourse_env="concourse-gcp" 176 | DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )" 177 | DEPLOYMENT_DIR="${DIR}/../../../deployments-routing/${concourse_env}" 178 | web_ip=$(bosh int "${DEPLOYMENT_DIR}/options.yml" --path /web_ip_two) 179 | credhub_address="https://${web_ip}:8844" 180 | bosh_login "${concourse_env}" > /dev/null 181 | 182 | unset CREDHUB_CA_CERT CREDHUB_CLIENT CREDHUB_SECRET CREDHUB_SERVER 183 | 184 | credhub api -s "${credhub_address}" --ca-cert=<(bosh int "${DEPLOYMENT_DIR}/credentials.yml" --path /universal_ca/ca) 185 | credhub login -u routing -p $(bosh int "${DEPLOYMENT_DIR}/credentials.yml" --path /routing_team_credhub_cli_password) 186 | } 187 | -------------------------------------------------------------------------------- /ci/tasks/bosh2-command/task: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | set -e -o pipefail 3 | 4 | source istio-release-ci/ci/scripts/script_helpers.sh 5 | 6 | ENVIRONMENT="${ENVIRONMENT:?"ENVIRONMENT not set"}" 7 | bosh_login "${ENVIRONMENT}" 8 | 9 | function cleanup() { 10 | pkill ssh || true 11 | } 12 | trap 'cleanup' EXIT 13 | 14 | if [ -n "${LOGS_DIR}" ]; then 15 | mkdir "${LOGS_DIR}" 16 | fi 17 | 18 | num_runs="${NUMBER_OF_RUNS:-1}" 19 | 20 | export BOSH_DEPLOYMENT="${DEPLOYMENT:-cf}" 21 | 22 | for ((i=0; i<${num_runs}; i++)); do 23 | echo "Starting run ${i}" 24 | bosh ${COMMAND} 25 | echo "Finished run ${i}" 26 | done 27 | -------------------------------------------------------------------------------- /ci/tasks/bosh2-command/task-with-release.yml: -------------------------------------------------------------------------------- 1 | --- 2 | platform: linux 3 | 4 | image_resource: 5 | type: docker-image 6 | source: 7 | repository: relintdockerhubpushbot/cf-deployment-concourse-tasks 8 | 9 | inputs: 10 | - name: deployments-routing 11 | - name: istio-release-ci 12 | - name: release 13 | 14 | run: 15 | path: istio-release-ci/ci/tasks/bosh2-command/task 16 | 17 | params: 18 | NUMBER_OF_RUNS: 19 | ENVIRONMENT: 20 | DEPLOYMENT: 21 | COMMAND: 22 | -------------------------------------------------------------------------------- /ci/tasks/bosh2-command/task.yml: -------------------------------------------------------------------------------- 1 | --- 2 | platform: linux 3 | 4 | image_resource: 5 | type: docker-image 6 | source: 7 | repository: relintdockerhubpushbot/cf-deployment-concourse-tasks 8 | 9 | inputs: 10 | - name: deployments-routing 11 | - name: istio-release-ci 12 | 13 | run: 14 | path: istio-release-ci/ci/tasks/bosh2-command/task 15 | 16 | params: 17 | NUMBER_OF_RUNS: 18 | ENVIRONMENT: 19 | DEPLOYMENT: 20 | COMMAND: 21 | -------------------------------------------------------------------------------- /ci/tasks/build-istio-release-notes/task: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | set -e -u 4 | set -o pipefail 5 | 6 | tmp_dir=/tmp/notes 7 | mkdir -p $tmp_dir 8 | 9 | pushd istio-release > /dev/null 10 | 11 | old_istio_release_version=$(git tag --sort=version:refname | egrep "^v\d+\.\d+\.\d+$" | tail -1) 12 | new_istio_release_version=$(git rev-parse HEAD) 13 | 14 | diff_string="$old_istio_release_version...$new_istio_release_version" 15 | echo "comparing $diff_string:" 16 | git log $diff_string | { egrep -o '\[\#(\d+)' || true; } | cut -d# -f2 | sort | uniq > $tmp_dir/stories.raw 17 | popd > /dev/null 18 | 19 | #### 20 | 21 | pushd istio-release > /dev/null 22 | copilot_diff="$(git diff ${old_istio_release_version}..HEAD src/code.cloudfoundry.org/copilot/)" 23 | if [[ -n "${copilot_diff}" ]]; then 24 | old_copilot_version="$(git diff ${old_istio_release_version}..HEAD src/code.cloudfoundry.org/copilot/ | grep "\-Subproject commit" | awk '{print $3}')" 25 | new_copilot_version="$(git diff ${old_istio_release_version}..HEAD src/code.cloudfoundry.org/copilot/ | grep "+Subproject commit" | awk '{print $3}')" 26 | 27 | echo old_copilot_version 28 | echo new_copilot_version 29 | 30 | pushd src/code.cloudfoundry.org/copilot > /dev/null 31 | diff_string="$old_copilot_version...$new_copilot_version" 32 | echo "comparing $diff_string:" 33 | git log $diff_string | { egrep -o '\[\#(\d+)' || true; } | cut -d# -f2 | sort | uniq >> $tmp_dir/stories.raw 34 | popd > /dev/null 35 | fi 36 | popd > /dev/null 37 | 38 | cat $tmp_dir/stories.raw | sort | uniq > $tmp_dir/uniq_stories.raw 39 | echo "found: " 40 | cat $tmp_dir/uniq_stories.raw 41 | 42 | while read -r story_id 43 | do 44 | curl -s https://www.pivotaltracker.com/services/v5/stories/$story_id 45 | done < $tmp_dir/uniq_stories.raw > $tmp_dir/stories.json 46 | 47 | cat $tmp_dir/stories.json | jq -r '"- "+.current_state+": ["+.name+"]("+.url+")"' > release-notes/istio-notes.md 48 | 49 | ###### 50 | echo "built: " 51 | cat release-notes/istio-notes.md 52 | 53 | 54 | ###### 55 | echo "manifest changes: " 56 | pushd istio-release > /dev/null 57 | copilot_spec_diff=$(git diff ${old_istio_release_version} ${new_istio_release_version} -- jobs/copilot/spec) 58 | pilot_spec_diff=$(git diff ${old_istio_release_version} ${new_istio_release_version} -- jobs/pilot-discovery/spec) 59 | envoy_spec_diff=$(git diff ${old_istio_release_version} ${new_istio_release_version} -- jobs/envoy/spec) 60 | if [ -z "$envoy_spec_diff" ] && [ -z "$pilot_spec_diff" ] && [ -z "$copilot_spec_diff" ] 61 | then 62 | echo empty 63 | else 64 | echo not empty 65 | fi 66 | -------------------------------------------------------------------------------- /ci/tasks/build-istio-release-notes/task.yml: -------------------------------------------------------------------------------- 1 | --- 2 | image_resource: 3 | type: docker-image 4 | source: { repository: c2cnetworking/small-git } 5 | 6 | platform: linux 7 | 8 | inputs: 9 | - name: istio-release 10 | - name: istio-release-ci 11 | 12 | outputs: 13 | - name: release-notes 14 | 15 | run: 16 | path: istio-release-ci/ci/tasks/build-istio-release-notes/task 17 | 18 | -------------------------------------------------------------------------------- /ci/tasks/bump-submodule/task: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | set -eu 3 | set -o pipefail 4 | 5 | if [ -z "$SUBMODULE_PATH" ]; then 6 | echo "SUBMODULE_PATH has not been set" 7 | exit 1 8 | fi 9 | 10 | # discover the SHA that we want to bump to 11 | pushd submodule-latest 12 | SHA="$(git rev-parse HEAD)" 13 | REMOTE=$PWD 14 | REMOTE_URL="$(git remote get-url origin)" 15 | popd 16 | 17 | 18 | pushd needs-bump 19 | git config user.name "${GIT_COMMIT_USERNAME}" 20 | git config user.email "${GIT_COMMIT_EMAIL}" 21 | 22 | git checkout "${BRANCH}" 23 | 24 | git config --file=.gitmodules submodule.${SUBMODULE_PATH}.url "${REMOTE_URL}" 25 | 26 | pushd "${SUBMODULE_PATH}" 27 | git remote add local "${REMOTE}" 28 | git fetch local 29 | git checkout "${SHA}" 30 | popd 31 | 32 | if git diff-index --quiet HEAD -- 33 | then 34 | echo "no changes in the parent repo, no commit necessary" 35 | else 36 | echo "changes detected, will commit..." 37 | git add . 38 | git commit -m "bump ${SUBMODULE_PATH} 39 | 40 | $(git diff --cached --submodule)" 41 | git log -1 --color | cat 42 | fi 43 | popd 44 | 45 | git clone needs-bump bumped 46 | -------------------------------------------------------------------------------- /ci/tasks/bump-submodule/task.yml: -------------------------------------------------------------------------------- 1 | --- 2 | platform: linux 3 | 4 | image_resource: 5 | type: docker-image 6 | source: 7 | repository: cloudfoundry/cf-routing-pipeline 8 | 9 | inputs: 10 | - name: submodule-latest 11 | - name: needs-bump 12 | - name: istio-release-ci 13 | 14 | outputs: 15 | - name: bumped 16 | 17 | run: 18 | path: istio-release-ci/ci/tasks/bump-submodule/task 19 | 20 | params: 21 | # relative path of the submodule within needs-bump input 22 | SUBMODULE_PATH: ~ 23 | 24 | # name of branch in the top-level repo on which to commit the submodule bump 25 | BRANCH: master 26 | 27 | # Identity to use for the git commit 28 | GIT_COMMIT_USERNAME: "CF Routing Team CI Bot" 29 | GIT_COMMIT_EMAIL: "cf-routing-eng@pivotal.io" 30 | -------------------------------------------------------------------------------- /ci/tasks/create-final-istio-release/task: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | set -exuo pipefail 4 | 5 | root_dir="${PWD}" 6 | release_repo_dir="${root_dir}/istio-release" 7 | master_repo_dir="${root_dir}/istio-release-master" 8 | OUTPUT_DIR="${root_dir}/final-release-repo" 9 | 10 | FINAL_VERSION=$(cat ${root_dir}/final-version/version) 11 | 12 | RELEASE_NAME="${RELEASE_NAME:?"\$RELEASE_NAME not set"}" 13 | 14 | set +x 15 | if [[ -n "${GCP_BLOBSTORE_SERVICE_ACCOUNT_KEY}" ]]; then 16 | FORMATTED_KEY="$(sed 's/^/ /' <(echo ${GCP_BLOBSTORE_SERVICE_ACCOUNT_KEY}))" 17 | cat > "${release_repo_dir}/config/private.yml" < /dev/null 29 | echo "----- Set git identity" 30 | git config user.name "${GIT_COMMIT_USERNAME}" 31 | git config user.email "${GIT_COMMIT_EMAIL}" 32 | 33 | git remote add -f master-repo ../istio-release-master 34 | git merge "master-repo/master" -m "Merge with master" 35 | 36 | git status 37 | git diff-index --quiet HEAD -- || ( echo "There are uncommitted changes! Investigate immediately." && exit 1 ) 38 | 39 | echo "----- Create final release" 40 | bosh -v 41 | bosh -n create-release --sha2 --final --version=${FINAL_VERSION} --tarball=${OUTPUT_DIR}/routing-${FINAL_VERSION}.tgz 42 | 43 | echo "----- Update master and develop branches on origin" 44 | 45 | git add .final_builds releases 46 | git commit -m "Create final release ${FINAL_VERSION}" 47 | 48 | echo "----- DEBUG: show the commit we just created" 49 | git --no-pager show HEAD 50 | cp -a ./ ${root_dir}/final-release-repo/ 51 | echo ${FINAL_VERSION} > ${root_dir}/final-release-repo/version_number 52 | popd > /dev/null 53 | 54 | shopt -s dotglob 55 | -------------------------------------------------------------------------------- /ci/tasks/create-final-istio-release/task.yml: -------------------------------------------------------------------------------- 1 | --- 2 | platform: linux 3 | 4 | image_resource: 5 | type: docker-image 6 | source: 7 | repository: relintdockerhubpushbot/cf-deployment-concourse-tasks 8 | 9 | inputs: 10 | - name: istio-release-ci 11 | - name: istio-release-master 12 | - name: istio-release 13 | - name: final-version 14 | 15 | outputs: 16 | - name: final-release-repo 17 | 18 | run: 19 | path: istio-release-ci/ci/tasks/create-final-istio-release/task 20 | 21 | params: 22 | GIT_COMMIT_USERNAME: CI Bot 23 | GIT_COMMIT_EMAIL: cf-routing-eng@pivotal.io 24 | RELEASE_NAME: istio 25 | GCP_BLOBSTORE_SERVICE_ACCOUNT_KEY: 26 | -------------------------------------------------------------------------------- /ci/tasks/create-integration-configs/task: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | set -e -o pipefail 4 | 5 | # shellcheck disable=SC1091 6 | source cf-deployment-concourse-tasks/shared-functions 7 | source istio-release-ci/ci/scripts/script_helpers.sh 8 | 9 | SYSTEM_DOMAIN="${ENVIRONMENT}.routing.cf-app.com" 10 | CF_SMOKE_TESTS_CONFIG="${ENVIRONMENT}/cf_smoke_tests_config.json" 11 | CATS_INTEGRATION_CONFIG="${ENVIRONMENT}/cats_integration_config.json" 12 | RATS_INTEGRATION_CONFIG="${ENVIRONMENT}/rats_integration_config.json" 13 | ADMIN_PASS=$(extract_var "${ENVIRONMENT}" cf_admin_password) 14 | 15 | pushd deployments-routing 16 | set_git_config 17 | 18 | echo "Creating ${CATS_INTEGRATION_CONFIG}" 19 | cat > "${CATS_INTEGRATION_CONFIG}" < "${RATS_INTEGRATION_CONFIG}" < "${CF_SMOKE_TESTS_CONFIG}" < "${tmpfile}" \ 112 | && mv "${tmpfile}" "${CF_SMOKE_TESTS_CONFIG}" 113 | 114 | git add "${CF_SMOKE_TESTS_CONFIG}" 115 | 116 | git commit -m"creating integration configs for ${ENVIRONMENT}" 117 | popd 118 | 119 | git clone deployments-routing created-integration-configs/ 120 | -------------------------------------------------------------------------------- /ci/tasks/create-integration-configs/task.yml: -------------------------------------------------------------------------------- 1 | --- 2 | platform: linux 3 | 4 | image_resource: 5 | type: docker-image 6 | source: 7 | repository: cloudfoundry/cf-routing-pipeline 8 | 9 | inputs: 10 | - name: istio-release-ci 11 | - name: deployments-routing 12 | - name: cf-deployment-concourse-tasks 13 | 14 | outputs: 15 | - name: created-integration-configs 16 | 17 | run: 18 | path: istio-release-ci/ci/tasks/create-integration-configs/task 19 | 20 | params: 21 | ISO_SEG_NAME: 22 | ISO_SEG_DOMAIN_PREFIX: iso-seg 23 | ENABLE_ISOLATION_SEGMENT_TESTS: true 24 | ENVIRONMENT: 25 | VARS_STORE_FILE: deployment-vars.yml 26 | GIT_COMMIT_EMAIL: cf-routing-eng@pivotal.io 27 | GIT_COMMIT_USERNAME: "CI Bot" 28 | -------------------------------------------------------------------------------- /ci/tasks/create-release-tarball/task: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | set -e -x -u 4 | 5 | root_dir=${PWD} 6 | RELEASE_DIR="${root_dir}/${RELEASE_DIR:?"\$RELEASE_DIR not set"}" 7 | 8 | OUTPUT_DIR=${root_dir}/release-tarball 9 | mkdir -p $OUTPUT_DIR 10 | 11 | pushd "${RELEASE_DIR}" 12 | git_describe_output=$(git describe --long --tags) 13 | major=$(echo "${git_describe_output}" | cut -f1 -d-) 14 | trimmed_major=${major%.*} 15 | patch=$(echo "${git_describe_output}" | cut -f2 -d-) 16 | 17 | echo "----- Create dev release" 18 | SHA=$(git rev-parse --short HEAD) 19 | version=$trimmed_major.$patch+$SHA 20 | 21 | bosh -v 22 | bosh --parallel 4 -n create-release --version ${version} --tarball=release-${version}.tgz --force 23 | 24 | mv *.tgz ${OUTPUT_DIR}/ 25 | popd 26 | -------------------------------------------------------------------------------- /ci/tasks/create-release-tarball/task.yml: -------------------------------------------------------------------------------- 1 | --- 2 | platform: linux 3 | 4 | image_resource: 5 | type: docker-image 6 | source: 7 | repository: cloudfoundry/cf-routing-pipeline 8 | 9 | inputs: 10 | - name: release-dir 11 | - name: deployments-routing 12 | - name: istio-release-ci 13 | 14 | outputs: 15 | - name: release-tarball 16 | 17 | run: 18 | path: istio-release-ci/ci/tasks/create-release-tarball/task 19 | 20 | params: 21 | RELEASE_DIR: release-dir 22 | -------------------------------------------------------------------------------- /ci/tasks/envoy-blob/pull-from-docker/task: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | set -euxo pipefail 3 | 4 | # discover the version from envoy-source 5 | # this will capture the semver tag if present 6 | # otherwise it will just be the commit SHA 7 | TAG="$(cat envoy-source/.git/ref)" 8 | 9 | # construct JSON to feed into the docker-image-resource 10 | # see: http://concourse.ci/implementing-resources.html 11 | SRC=" \"source\": { \"repository\": \"${DOCKER_REPO}\", \"tag\": \"${TAG}\" } " 12 | VER="$(echo "{ $SRC }" | /opt/resource/check | jq .[0])" 13 | 14 | # pull the correct version of the docker image 15 | # and extract the rootfs into the image/ directory 16 | mkdir -p "$PWD/image" 17 | echo "{ $SRC , \"version\": $VER }" | /opt/resource/in image/ 18 | 19 | ls -la image/rootfs/usr/local/bin/envoy 20 | 21 | tar -czf envoy-tarball/envoy.tgz -C image/rootfs/usr/local/bin envoy 22 | echo -n "${TAG}" > envoy-tarball/version 23 | ls -la envoy-tarball 24 | -------------------------------------------------------------------------------- /ci/tasks/envoy-blob/pull-from-docker/task.yml: -------------------------------------------------------------------------------- 1 | # this task downloads a specific version of the envoy docker image 2 | # extracts the binary and generates a tarball from it 3 | # 4 | --- 5 | platform: linux 6 | 7 | # task must run with privileged: true 8 | # see: https://github.com/concourse/docker-image-resource/issues/164 9 | 10 | image_resource: 11 | type: docker-image 12 | source: 13 | # a hack so that we can 'docker pull' from inside the task 14 | repository: concourse/docker-image-resource 15 | 16 | params: 17 | DOCKER_REPO: envoyproxy/envoy 18 | 19 | inputs: 20 | - name: istio-release-ci 21 | 22 | # will pull the envoy docker image matching this version of the source code 23 | - name: envoy-source 24 | 25 | outputs: 26 | # will drop envoy.tgz and version file into this directory 27 | - name: envoy-tarball 28 | 29 | run: 30 | path: istio-release-ci/ci/tasks/envoy-blob/pull-from-docker/task 31 | -------------------------------------------------------------------------------- /ci/tasks/envoy-blob/update/task: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | set -euo pipefail 3 | 4 | FORMATTED_KEY="$(sed 's/^/ /' <(echo $GCP_BLOBSTORE_SERVICE_ACCOUNT_KEY))" 5 | cat > $PWD/istio-release/config/private.yml < $PWD/istio-release/config/private.yml < /dev/null 6 | eval "$(bbl print-env)" 7 | cf_admin_password=$(credhub find -j -n cf_admin_password | jq -r .credentials[].name | xargs credhub get -j -n | jq -r .value) 8 | wildcard_ca=$(credhub find -j -n envoy_wildcard_ca | jq -r .credentials[].name | xargs credhub get -j -n | jq .value.ca) 9 | popd > /dev/null 10 | 11 | gopath_dir="/root/go/src/code.cloudfoundry.org" 12 | mkdir -p "${gopath_dir}" 13 | cp -R istio-acceptance-tests "${gopath_dir}" 14 | 15 | go install code.cloudfoundry.org/istio-acceptance-tests/vendor/github.com/onsi/ginkgo/ginkgo 16 | 17 | pushd "${gopath_dir}/istio-acceptance-tests" 18 | cat << EOF > "${PWD}/config.json" 19 | { 20 | "cf_system_domain": "${CF_LOGIN_DOMAIN}", 21 | "cf_istio_domain": "${API_DOMAIN}", 22 | "cf_admin_user": "${CF_ADMIN_USER}", 23 | "cf_admin_password": "${cf_admin_password}", 24 | "cf_internal_apps_domain": "${INTERNAL_DOMAIN}", 25 | "product_page_docker_tag": "${PRODUCT_PAGE_DOCKER_REPO}", 26 | "reviews_docker_tag": "${REVIEWS_DOCKER_REPO}", 27 | "ratings_docker_tag": "${RATINGS_DOCKER_REPO}", 28 | "details_docker_tag": "${DETAILS_DOCKER_REPO}", 29 | "wildcard_ca": ${wildcard_ca} 30 | } 31 | EOF 32 | 33 | CONFIG="${PWD}/config.json" ginkgo -v -r -failOnPending \ 34 | -randomizeAllSpecs -nodes="${NODES}" -keepGoing 35 | popd 36 | -------------------------------------------------------------------------------- /ci/tasks/run-iats/task.yml: -------------------------------------------------------------------------------- 1 | --- 2 | platform: linux 3 | 4 | image_resource: 5 | type: docker-image 6 | source: 7 | repository: cfrouting/cf-routing-webdriver 8 | 9 | inputs: 10 | - name: istio-release-ci 11 | - name: deployments-routing 12 | - name: istio-acceptance-tests 13 | 14 | run: 15 | path: istio-release-ci/ci/tasks/run-iats/task 16 | 17 | params: 18 | CF_LOGIN_DOMAIN: 19 | API_DOMAIN: 20 | VARS_LOCATION: 21 | CF_ADMIN_USER: admin 22 | INTERNAL_DOMAIN: apps.internal 23 | PRODUCT_PAGE_DOCKER_REPO: istio/examples-bookinfo-productpage-v1:1.8.0 24 | REVIEWS_DOCKER_REPO: istio/examples-bookinfo-reviews-v3:1.8.0 25 | RATINGS_DOCKER_REPO: istio/examples-bookinfo-ratings-v1:1.8.0 26 | DETAILS_DOCKER_REPO: istio/examples-bookinfo-details-v1:1.8.0 27 | NODES: 7 28 | -------------------------------------------------------------------------------- /ci/tasks/run-istio-scaling/task: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | set -eo pipefail 4 | 5 | pushd "${PWD}/${VARS_LOCATION}" > /dev/null 6 | eval "$(bbl print-env)" 7 | export BOSH_DEPLOYMENT=${DEPLOYMENT_NAME} 8 | cf_admin_password=$(credhub find -j -n cf_admin_password | jq -r .credentials[].name | xargs credhub get -j -n | jq -r .value) 9 | popd > /dev/null 10 | 11 | gopath_dir="/root/go/src/code.cloudfoundry.org" 12 | mkdir -p "${gopath_dir}" 13 | cp -R istio-scaling "${gopath_dir}" 14 | 15 | go install code.cloudfoundry.org/istio-scaling/vendor/github.com/onsi/ginkgo/ginkgo 16 | 17 | pushd "${gopath_dir}/istio-scaling" 18 | 19 | if [ -n "$DATADOG_API_KEY" ]; then 20 | cat << EOF > "${PWD}/config.json" 21 | { 22 | "cf_admin_user": "admin", 23 | "cf_admin_password": "$cf_admin_password", 24 | "cf_internal_apps_domain": "apps.internal", 25 | "cf_system_domain": "$SYSTEM_DOMAIN", 26 | "cf_istio_domain": "istio.$SYSTEM_DOMAIN", 27 | "cf_org_name": "scaling-test-org", 28 | "cf_space_name": "scaling-test-space", 29 | "datadog_api_key": "$DATADOG_API_KEY" 30 | } 31 | EOF 32 | else 33 | cat << EOF > "${PWD}/config.json" 34 | { 35 | "cf_admin_user": "admin", 36 | "cf_admin_password": "$cf_admin_password", 37 | "cf_internal_apps_domain": "apps.internal", 38 | "cf_system_domain": "$SYSTEM_DOMAIN", 39 | "cf_istio_domain": "istio.$SYSTEM_DOMAIN", 40 | "cf_org_name": "scaling-test-org", 41 | "cf_space_name": "scaling-test-space" 42 | } 43 | EOF 44 | fi 45 | cat << EOF > "${PWD}/plan.json" 46 | { 47 | "number_of_apps_to_push": $NUMBER_OF_APPS, 48 | "number_of_apps_to_curl": $NUMBER_OF_APPS, 49 | "passing_threshold": $PASSING_THRESHOLD, 50 | "app_instances": 1, 51 | "cleanup": $CLEANUP_ORG 52 | } 53 | EOF 54 | 55 | echo "PLAN: $(cat "${PWD}/plan.json")" 56 | CONFIG="$PWD/config.json" PLAN="$PWD/plan.json" scripts/test 57 | popd 58 | -------------------------------------------------------------------------------- /ci/tasks/run-istio-scaling/task.yml: -------------------------------------------------------------------------------- 1 | --- 2 | platform: linux 3 | 4 | image_resource: 5 | type: docker-image 6 | source: 7 | repository: cfrouting/cf-routing-webdriver 8 | 9 | inputs: 10 | - name: istio-release-ci 11 | - name: deployments-routing 12 | - name: istio-scaling 13 | 14 | run: 15 | path: istio-release-ci/ci/tasks/run-istio-scaling/task 16 | 17 | params: 18 | DEPLOYMENT_NAME: 19 | VARS_LOCATION: 20 | SYSTEM_DOMAIN: 21 | NUMBER_OF_APPS: 22 | PASSING_THRESHOLD: 23 | DATADOG_API_KEY: 24 | CLEANUP_ORG: 25 | -------------------------------------------------------------------------------- /ci/tasks/save-golang-version-to-file/task: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | set -exuo pipefail 4 | 5 | ROOT=${PWD} 6 | RELEASE_TARBALL_PATH=${ROOT}/release.tgz 7 | DATE=$(date '+%Y-%m-%d %H:%M:%S') 8 | pushd release 9 | bosh create-release --tarball="${RELEASE_TARBALL_PATH}" 10 | mkdir -p docs 11 | version=$(tar -Oxz packages/golang-1-linux.tgz < "${RELEASE_TARBALL_PATH}" | tar z --list | grep -ohE 'go[0-9]\.[0-9]{1,2}\.[0-9]{1,2}') 12 | echo "This file was updated by CI on ${DATE}" > docs/go.version 13 | echo "$version" >> docs/go.version 14 | 15 | git config user.name "${GIT_COMMIT_USERNAME}" 16 | git config user.email "${GIT_COMMIT_EMAIL}" 17 | 18 | git checkout "${BRANCH}" 19 | 20 | if [[ -n $(git status --porcelain) ]]; then 21 | echo "changes detected, will commit..." 22 | git add --all 23 | git commit -m "Update Go version file to ${version}" 24 | 25 | git log -1 --color | cat 26 | else 27 | echo "no changes in repo, no commit necessary" 28 | fi 29 | popd 30 | 31 | 32 | shopt -s dotglob 33 | cp -R release/* modified-release/ 34 | 35 | -------------------------------------------------------------------------------- /ci/tasks/save-golang-version-to-file/task.yml: -------------------------------------------------------------------------------- 1 | --- 2 | platform: linux 3 | 4 | image_resource: 5 | type: docker-image 6 | source: 7 | repository: cloudfoundry/cf-routing-pipeline 8 | 9 | inputs: 10 | - name: release 11 | - name: istio-release-ci 12 | 13 | outputs: 14 | - name: modified-release 15 | 16 | params: 17 | BRANCH: develop 18 | # Identity to use for the git commit 19 | GIT_COMMIT_USERNAME: "CF Networking Team CI Bot" 20 | GIT_COMMIT_EMAIL: "CF-Networking@pivotal.io" 21 | 22 | run: 23 | path: istio-release-ci/ci/tasks/save-golang-version-to-file/task 24 | -------------------------------------------------------------------------------- /ci/tasks/upgrade-package-in-release/task: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | set -exuo pipefail 3 | 4 | set +x 5 | if [[ -z "${GCP_BLOBSTORE_SERVICE_ACCOUNT_KEY}" ]]; then 6 | cat > ${PWD}/${RELEASE}/config/private.yml < ${PWD}/${RELEASE}/config/private.yml < 2 | -------------------------------------------------------------------------------- /jobs/copilot/templates/bbs/certs/client.crt.erb: -------------------------------------------------------------------------------- 1 | <%= p('bbs.client_cert') %> 2 | -------------------------------------------------------------------------------- /jobs/copilot/templates/bbs/certs/client.key.erb: -------------------------------------------------------------------------------- 1 | <%= p('bbs.client_key') %> 2 | -------------------------------------------------------------------------------- /jobs/copilot/templates/bpm.yml.erb: -------------------------------------------------------------------------------- 1 | --- 2 | processes: 3 | - name: copilot 4 | executable: /var/vcap/packages/copilot/bin/copilot-server 5 | args: 6 | - --config=/var/vcap/jobs/copilot/config/config.json 7 | -------------------------------------------------------------------------------- /jobs/copilot/templates/certs/cloud-controller-client-ca.crt.erb: -------------------------------------------------------------------------------- 1 | <%= p('cloud_controller_client_ca_cert') %> 2 | -------------------------------------------------------------------------------- /jobs/copilot/templates/certs/pilot-client-ca.crt.erb: -------------------------------------------------------------------------------- 1 | <%= p('pilot_client_ca_cert') %> 2 | -------------------------------------------------------------------------------- /jobs/copilot/templates/certs/server.crt.erb: -------------------------------------------------------------------------------- 1 | <%= p('server_cert') %> 2 | -------------------------------------------------------------------------------- /jobs/copilot/templates/certs/server.key.erb: -------------------------------------------------------------------------------- 1 | <%= p('server_key') %> 2 | -------------------------------------------------------------------------------- /jobs/copilot/templates/config.json.erb: -------------------------------------------------------------------------------- 1 | <% 2 | require 'json' 3 | 4 | def create_keypairs(keypairs) 5 | if !keypairs.is_a?(Array) 6 | raise 'frontend_tls_keypairs should be an array' 7 | end 8 | 9 | pairs = [] 10 | 11 | keypairs.each do |cert_pair| 12 | if !cert_pair.is_a?(Hash) || !cert_pair.key?("cert_chain") || !cert_pair.key?("private_key") 13 | raise 'must provide cert_chain and private_key with frontend_tls_keypairs' 14 | end 15 | pair = { 16 | "CertChain" => cert_pair['cert_chain'], 17 | "PrivateKey" => cert_pair['private_key'] 18 | } 19 | 20 | pairs << pair 21 | end 22 | 23 | pairs.to_json 24 | end 25 | %> 26 | { 27 | "ListenAddressForCloudController": "0.0.0.0:<%= p('listen_port_for_cloud_controller') %>", 28 | "ListenAddressForVIPResolver": "0.0.0.0:<%= p('listen_port_for_vip_resolver') %>", 29 | "ListenAddressForMCP": "0.0.0.0:<%= p('listen_port_for_mcp') %>", 30 | "PilotClientCAPath": "/var/vcap/jobs/copilot/config/certs/pilot-client-ca.crt", 31 | "CloudControllerClientCAPath": "/var/vcap/jobs/copilot/config/certs/cloud-controller-client-ca.crt", 32 | "ServerCertPath": "/var/vcap/jobs/copilot/config/certs/server.crt", 33 | "ServerKeyPath": "/var/vcap/jobs/copilot/config/certs/server.key", 34 | "VIPCIDR": "<%= p('experimental_vip_cidr') %>", 35 | "LogLevel": "<%= p('log_level') %>", 36 | "BBS": { 37 | "ServerCACertPath": "/var/vcap/jobs/copilot/config/bbs/certs/ca.crt", 38 | "ClientCertPath": "/var/vcap/jobs/copilot/config/bbs/certs/client.crt", 39 | "ClientKeyPath": "/var/vcap/jobs/copilot/config/bbs/certs/client.key", 40 | "Address": "<%= p('bbs.address') %>", 41 | "ClientSessionCacheSize": <%= p('bbs.client_session_cache_size') %>, 42 | "MaxIdleConnsPerHost": <%= p('bbs.max_idle_conns_per_host') %>, 43 | "SyncInterval": "<%= p('bbs.sync_interval') %>" 44 | }, 45 | "TLSPems": <%= create_keypairs(p('frontend_tls_keypairs')) %>, 46 | "PolicyServerAddress": "<%= p('policy_server.address') %>", 47 | "PolicyServerClientCertPath": "/var/vcap/jobs/copilot/config/policy-server/certs/client.crt", 48 | "PolicyServerClientKeyPath": "/var/vcap/jobs/copilot/config/policy-server/certs/client.key", 49 | "PolicyServerCAPath": "/var/vcap/jobs/copilot/config/policy-server/certs/ca.crt" 50 | } 51 | -------------------------------------------------------------------------------- /jobs/copilot/templates/policy-server/certs/ca.crt.erb: -------------------------------------------------------------------------------- 1 | <%= p("policy_server.server_ca_cert") %> 2 | -------------------------------------------------------------------------------- /jobs/copilot/templates/policy-server/certs/client.crt.erb: -------------------------------------------------------------------------------- 1 | <%= p("policy_server.client_cert") %> 2 | -------------------------------------------------------------------------------- /jobs/copilot/templates/policy-server/certs/client.key.erb: -------------------------------------------------------------------------------- 1 | <%= p("policy_server.client_key") %> 2 | -------------------------------------------------------------------------------- /jobs/envoy/monit: -------------------------------------------------------------------------------- 1 | check process envoy 2 | with pidfile /var/vcap/sys/run/bpm/envoy/envoy.pid 3 | start program "/var/vcap/jobs/bpm/bin/bpm start envoy" 4 | stop program "/var/vcap/jobs/bpm/bin/bpm stop envoy" 5 | group vcap 6 | -------------------------------------------------------------------------------- /jobs/envoy/spec: -------------------------------------------------------------------------------- 1 | --- 2 | name: envoy 3 | templates: 4 | bpm-pre-start.erb: bin/bpm-pre-start 5 | bpm.yml.erb: config/bpm.yml 6 | envoy.json.erb: config/envoy.json 7 | librarian.json.erb: config/librarian.json 8 | 9 | packages: 10 | - envoy 11 | - librarian 12 | 13 | consumes: 14 | - name: pilot 15 | type: pilot 16 | - name: frontend_tls_keypairs 17 | type: frontend_tls_keypairs 18 | optional: true 19 | 20 | properties: 21 | open_files: 22 | description: "The maximum number of open files." 23 | default: 1024 24 | statsd.enabled: 25 | description: Should a statsd sink be configured 26 | default: false 27 | statsd.address: 28 | description: The address of the statsd sink 29 | default: 127.0.0.1 30 | statsd.port: 31 | description: The port of the statsd sink 32 | default: 8125 33 | statsd.protocol: 34 | description: The protocol used for statsd communication 35 | default: UDP 36 | -------------------------------------------------------------------------------- /jobs/envoy/templates/bpm-pre-start.erb: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | set -e 4 | 5 | /var/vcap/packages/librarian/bin/librarian --config /var/vcap/jobs/envoy/config/librarian.json 6 | 7 | # the /etc/istio directory is created by librarian and the envoy job (run as vcap) needs to be able to read certs there 8 | # the directory is not created when the frontend_tls_keypairs array is empty (the default in the spec) 9 | 10 | <% if !link('frontend_tls_keypairs').p('frontend_tls_keypairs').empty? %> 11 | chown -R vcap:vcap /etc/istio 12 | <% end %> 13 | -------------------------------------------------------------------------------- /jobs/envoy/templates/bpm.yml.erb: -------------------------------------------------------------------------------- 1 | --- 2 | processes: 3 | - name: envoy 4 | executable: /var/vcap/packages/envoy/bin/envoy 5 | args: 6 | - -c /var/vcap/jobs/envoy/config/envoy.json 7 | - --max-obj-name-len 200 8 | capabilities: 9 | - NET_BIND_SERVICE 10 | hooks: 11 | pre_start: /var/vcap/jobs/envoy/bin/bpm-pre-start 12 | limits: 13 | open_files: <%= p('open_files') %> 14 | -------------------------------------------------------------------------------- /jobs/envoy/templates/envoy.json.erb: -------------------------------------------------------------------------------- 1 | <%= 2 | 3 | pilots = [] 4 | link("pilot").instances.each do |instance| 5 | pilots << {"socket_address": {"address": "#{instance.address}", "port_value": "15010", "protocol": "TCP"}} 6 | end 7 | 8 | config = { 9 | "node": { 10 | "id": "router~#{spec.ip}~#{spec.id}~x", 11 | "cluster": "istio-router" 12 | }, 13 | "admin": { 14 | "access_log_path": "/dev/stdout", 15 | "address": { 16 | "socket_address": { 17 | "address": "0.0.0.0", 18 | "port_value": 8001 19 | } 20 | } 21 | }, 22 | "stats_config": { 23 | "stats_matcher": { 24 | "reject_all": true 25 | } 26 | }, 27 | "static_resources": { 28 | "listeners": [ 29 | { 30 | "address": { 31 | "socket_address": { 32 | "address": "0.0.0.0", 33 | "port_value": 8002 34 | } 35 | }, 36 | "filter_chains": [ 37 | { 38 | "filters": [ 39 | "name": "envoy.http_connection_manager", 40 | "config": { 41 | "stat_prefix": "stat", 42 | "route_config": {}, 43 | "http_filters": [ 44 | { 45 | "name": "envoy.health_check", 46 | "config": { 47 | "pass_through_mode": false 48 | } 49 | } 50 | ] 51 | } 52 | ] 53 | } 54 | ] 55 | } 56 | ], 57 | "clusters": [ 58 | { 59 | "name": "pilot-sd", 60 | "type": "STATIC", 61 | "connect_timeout": { 62 | "nanos": 250_000_000 63 | }, 64 | "lb_policy": "ROUND_ROBIN", 65 | "hosts": pilots, 66 | "http2_protocol_options": {} 67 | }, 68 | ] 69 | }, 70 | "dynamic_resources": { 71 | "lds_config": { 72 | "ads": {} 73 | }, 74 | "cds_config": { 75 | "ads": {} 76 | }, 77 | "ads_config": { 78 | "api_type": "GRPC", 79 | "grpc_services": { 80 | "envoy_grpc": { 81 | "cluster_name": "pilot-sd" 82 | } 83 | } 84 | } 85 | } 86 | } 87 | 88 | if p('statsd.enabled') 89 | config["stats_sinks"] = { 90 | "name": "envoy.statsd", 91 | "config": { 92 | "address": { 93 | "socket_address": { 94 | "address": p('statsd.address'), 95 | "protocol": p('statsd.protocol'), 96 | "port_value": p('statsd.port') 97 | } 98 | } 99 | } 100 | } 101 | end 102 | config.to_json() 103 | 104 | %> 105 | 106 | -------------------------------------------------------------------------------- /jobs/envoy/templates/librarian.json.erb: -------------------------------------------------------------------------------- 1 | <% 2 | require 'json' 3 | 4 | def create_keypairs(keypairs) 5 | if !keypairs.is_a?(Array) 6 | raise "frontend_tls_keypairs should be an array: #{keypairs}" 7 | end 8 | 9 | pairs = [] 10 | 11 | keypairs.each do |cert_pair| 12 | if !cert_pair.is_a?(Hash) || !cert_pair.key?("cert_chain") || !cert_pair.key?("private_key") 13 | raise 'must provide cert_chain and private_key with frontend_tls_keypairs' 14 | end 15 | pair = { 16 | "CertChain" => cert_pair['cert_chain'], 17 | "PrivateKey" => cert_pair['private_key'] 18 | } 19 | 20 | pairs << pair 21 | end 22 | 23 | pairs.to_json 24 | end 25 | %> 26 | { 27 | "TLSPems": <%= create_keypairs(link('frontend_tls_keypairs').p('frontend_tls_keypairs')) %> 28 | } 29 | -------------------------------------------------------------------------------- /jobs/pilot-discovery/monit: -------------------------------------------------------------------------------- 1 | check process pilot-discovery 2 | with pidfile /var/vcap/sys/run/bpm/pilot-discovery/pilot-discovery.pid 3 | start program "/var/vcap/jobs/bpm/bin/bpm start pilot-discovery" 4 | stop program "/var/vcap/jobs/bpm/bin/bpm stop pilot-discovery" 5 | group vcap 6 | -------------------------------------------------------------------------------- /jobs/pilot-discovery/spec: -------------------------------------------------------------------------------- 1 | --- 2 | name: pilot-discovery 3 | templates: 4 | bpm.yml.erb: config/bpm.yml 5 | mesh-config.json.erb: config/mesh-config.json 6 | certs/ca.crt.erb: config/certs/ca.crt 7 | certs/client.crt.erb: config/certs/client.crt 8 | certs/client.key.erb: config/certs/client.key 9 | capi-cli.erb: bin/capi-cli 10 | istio-cli.erb: bin/istio-cli 11 | 12 | packages: 13 | - pilot 14 | - grpcurl 15 | - golang-1-linux 16 | 17 | provides: 18 | - name: pilot 19 | type: pilot 20 | 21 | consumes: 22 | - name: mcp_conn 23 | type: mcp_conn 24 | optional: true 25 | 26 | properties: 27 | port: 28 | description: "Listen port for pilot discovery service" 29 | default: 8080 30 | log_level: 31 | description: | 32 | Sets the log-level for all registered scopes of pilot. 33 | Can be one of debug, info, warn, error, fatal or none. 34 | The default of info is going to be extremely verbose 35 | in most cases. 36 | default: info 37 | copilot.server_ca_cert: 38 | description: "PEM-encoded CA certificate used to communicate with copilot-server" 39 | copilot.client_cert: 40 | description: "PEM-encoded client certificate used to communicate with copilot-server" 41 | copilot.client_key: 42 | description: "PEM-encoded client private key used to communicate with copilot-server" 43 | copilot.address: 44 | description: "Address of the copilot-server" 45 | default: copilot.service.cf.internal:9000 46 | -------------------------------------------------------------------------------- /jobs/pilot-discovery/templates/bpm.yml.erb: -------------------------------------------------------------------------------- 1 | <% 2 | def create_log_string(level) 3 | error_message='invalid log level "%s"' % "#{level}" 4 | raise error_message unless ["debug", "info", "warn", "error", "fatal", "none"].include?(level) 5 | "default:#{level},ads:#{level},mcp:#{level},rbac:#{level},model:#{level}" 6 | end 7 | %> 8 | --- 9 | processes: 10 | - name: pilot-discovery 11 | executable: /var/vcap/packages/pilot/bin/pilot-discovery 12 | args: 13 | - discovery 14 | - --configDir=/dev/null 15 | - --registries=Mock 16 | - --meshConfig=/var/vcap/jobs/pilot-discovery/config/mesh-config.json 17 | - --plugins=health 18 | - --httpAddr=0.0.0.0:<%= p('port') %> 19 | - --mcpMaxMsgSize=8388608 20 | - --log_output_level=<%= create_log_string(p('log_level')) %> 21 | - --secureGrpcAddr= 22 | env: 23 | PILOT_ALLOW_CONCURRENT: "true" 24 | V2_REFRESH: "30s" 25 | PILOT_CACHE_SQUASH: "30" 26 | PILOT_PUSH_THROTTLE: "50" 27 | -------------------------------------------------------------------------------- /jobs/pilot-discovery/templates/capi-cli.erb: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | /var/vcap/packages/copilot/bin/capi-client \ 4 | -address <%= p('copilot.address') %> \ 5 | -client-cert /var/vcap/jobs/pilot-discovery/config/certs/client.crt \ 6 | -client-key /var/vcap/jobs/pilot-discovery/config/certs/client.key \ 7 | -server-ca /var/vcap/jobs/pilot-discovery/config/certs/ca.crt \ 8 | "$@" -------------------------------------------------------------------------------- /jobs/pilot-discovery/templates/certs/ca.crt.erb: -------------------------------------------------------------------------------- 1 | <%= p('copilot.server_ca_cert') %> 2 | -------------------------------------------------------------------------------- /jobs/pilot-discovery/templates/certs/client.crt.erb: -------------------------------------------------------------------------------- 1 | <%= p('copilot.client_cert') %> 2 | -------------------------------------------------------------------------------- /jobs/pilot-discovery/templates/certs/client.key.erb: -------------------------------------------------------------------------------- 1 | <%= p('copilot.client_key') %> 2 | -------------------------------------------------------------------------------- /jobs/pilot-discovery/templates/istio-cli.erb: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | /var/vcap/packages/copilot/bin/istio-client \ 4 | -address <%= p('copilot.address') %> \ 5 | -client-cert /var/vcap/jobs/pilot-discovery/config/certs/client.crt \ 6 | -client-key /var/vcap/jobs/pilot-discovery/config/certs/client.key \ 7 | -server-ca /var/vcap/jobs/pilot-discovery/config/certs/ca.crt \ 8 | "$@" -------------------------------------------------------------------------------- /jobs/pilot-discovery/templates/mesh-config.json.erb: -------------------------------------------------------------------------------- 1 | { 2 | "config_sources": [ 3 | { 4 | "address": "<%= link('mcp_conn').p('dns_address_for_mcp') %>:<%= link('mcp_conn').p('listen_port_for_mcp') %>", 5 | "tls_settings": { 6 | "mode": "MUTUAL", 7 | "client_certificate": "/var/vcap/jobs/pilot-discovery/config/certs/client.crt", 8 | "private_key": "/var/vcap/jobs/pilot-discovery/config/certs/client.key", 9 | "ca_certificates": "/var/vcap/jobs/pilot-discovery/config/certs/ca.crt" 10 | } 11 | } 12 | ] 13 | } 14 | -------------------------------------------------------------------------------- /packages/copilot/packaging: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | set -ex 4 | 5 | source /var/vcap/packages/golang-*-linux/bosh/compile.env 6 | 7 | mkdir -p "${GOPATH}/src" 8 | 9 | mv code.cloudfoundry.org "${GOPATH}/src" 10 | 11 | pushd "${GOPATH}/src/code.cloudfoundry.org/copilot/cmd/copilot-server" 12 | go build -o "${BOSH_INSTALL_TARGET}/bin/copilot-server" 13 | popd 14 | 15 | # clean up source artifacts 16 | rm -rf "${BOSH_INSTALL_TARGET}/src" "${BOSH_INSTALL_TARGET}/pkg" 17 | -------------------------------------------------------------------------------- /packages/copilot/spec: -------------------------------------------------------------------------------- 1 | --- 2 | name: copilot 3 | dependencies: 4 | - golang-1-linux 5 | files: 6 | - code.cloudfoundry.org/copilot/**/* 7 | -------------------------------------------------------------------------------- /packages/envoy/packaging: -------------------------------------------------------------------------------- 1 | set -e 2 | 3 | tar -xf envoy-linux/envoy-v1.11.0.tgz 4 | mkdir -p ${BOSH_INSTALL_TARGET}/bin 5 | cp envoy ${BOSH_INSTALL_TARGET}/bin 6 | -------------------------------------------------------------------------------- /packages/envoy/spec: -------------------------------------------------------------------------------- 1 | --- 2 | name: envoy 3 | 4 | files: 5 | - envoy-linux/envoy-v1.11.0.tgz 6 | 7 | -------------------------------------------------------------------------------- /packages/golang-1-linux/spec.lock: -------------------------------------------------------------------------------- 1 | name: golang-1-linux 2 | fingerprint: 67335315cb5afd81462d3b2f35ee79b09c69a909634d16a0ec45d7982a9a611e 3 | -------------------------------------------------------------------------------- /packages/grpcurl/packaging: -------------------------------------------------------------------------------- 1 | set -e 2 | 3 | mkdir -p ${BOSH_INSTALL_TARGET}/bin 4 | cp grpcurl-linux/grpcurl-5631bba11793e645e00d92882c543904426b098a ${BOSH_INSTALL_TARGET}/bin/grpcurl 5 | chmod a+x ${BOSH_INSTALL_TARGET}/bin/grpcurl 6 | -------------------------------------------------------------------------------- /packages/grpcurl/spec: -------------------------------------------------------------------------------- 1 | --- 2 | name: grpcurl 3 | 4 | files: 5 | - grpcurl-linux/grpcurl-5631bba11793e645e00d92882c543904426b098a 6 | 7 | -------------------------------------------------------------------------------- /packages/librarian/packaging: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | set -ex 4 | 5 | source /var/vcap/packages/golang-*-linux/bosh/compile.env 6 | 7 | mkdir -p "${GOPATH}/src" 8 | 9 | mv code.cloudfoundry.org "${GOPATH}/src" 10 | 11 | pushd "${GOPATH}/src/code.cloudfoundry.org/copilot/cmd/librarian" 12 | go build -o "${BOSH_INSTALL_TARGET}/bin/librarian" 13 | popd 14 | 15 | # clean up source artifacts 16 | rm -rf "${BOSH_INSTALL_TARGET}/src" "${BOSH_INSTALL_TARGET}/pkg" 17 | -------------------------------------------------------------------------------- /packages/librarian/spec: -------------------------------------------------------------------------------- 1 | --- 2 | name: librarian 3 | dependencies: 4 | - golang-1-linux 5 | files: 6 | - code.cloudfoundry.org/copilot/**/* 7 | -------------------------------------------------------------------------------- /packages/pilot/packaging: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | set -ex 4 | 5 | source /var/vcap/packages/golang-*-linux/bosh/compile.env 6 | 7 | mkdir -p "${GOPATH}/src" 8 | 9 | mv istio.io "${GOPATH}/src" 10 | 11 | pushd "${GOPATH}/src/istio.io/istio/pilot/cmd/pilot-discovery" 12 | go build -o "${BOSH_INSTALL_TARGET}/bin/pilot-discovery" 13 | popd 14 | 15 | # clean up source artifacts 16 | rm -rf "${BOSH_INSTALL_TARGET}/src" "${BOSH_INSTALL_TARGET}/pkg" 17 | -------------------------------------------------------------------------------- /packages/pilot/spec: -------------------------------------------------------------------------------- 1 | --- 2 | name: pilot 3 | 4 | dependencies: 5 | - golang-1-linux 6 | 7 | files: 8 | - istio.io/istio/**/* 9 | 10 | excluded_files: 11 | - istio.io/istio/vendor/k8s.io/helm/pkg/chartutil/testdata/joonix/charts/frobnitz 12 | -------------------------------------------------------------------------------- /releases/istio/index.yml: -------------------------------------------------------------------------------- 1 | builds: 2 | 06b10d4e-075e-4275-6ad5-5f14b8844e62: 3 | version: 1.1.0 4 | 173915f6-99b5-4e9e-5e19-98e4fdb0ccb5: 5 | version: 1.3.0 6 | 19a04534-8725-4ab6-70b0-51b157c422ac: 7 | version: 1.0.2 8 | 713956a4-e183-4b52-5b18-849bcbeef48e: 9 | version: "1" 10 | a886baec-8938-40cc-7f3b-3f2f36a2f239: 11 | version: 1.0.10 12 | d3c49e99-90af-4871-6580-009332626fdd: 13 | version: 1.2.0 14 | format-version: "2" 15 | -------------------------------------------------------------------------------- /releases/istio/istio-1.0.10.yml: -------------------------------------------------------------------------------- 1 | name: istio 2 | version: 1.0.10 3 | commit_hash: 3f4d1aa 4 | uncommitted_changes: false 5 | jobs: 6 | - name: copilot 7 | version: b5f56919af7feafd1fdeebfd856adac86dc62b05910562dfc6c068f84dfda019 8 | fingerprint: b5f56919af7feafd1fdeebfd856adac86dc62b05910562dfc6c068f84dfda019 9 | sha1: sha256:92774f1b7e26d7c02e96f3dec5685854c45ef492befd729fcd792177252f7b65 10 | - name: envoy 11 | version: e78b2a8b73deb9a0ce0b1b688ab54cd69d8db6fd548a219d7eb03288e7c96490 12 | fingerprint: e78b2a8b73deb9a0ce0b1b688ab54cd69d8db6fd548a219d7eb03288e7c96490 13 | sha1: sha256:27f4a41307e74c0ac04c4bfee330f505d6b8c074159f77d337cfaaf52fb263a5 14 | - name: pilot-discovery 15 | version: e173ed32386bb2a772a555da49ac001c2e7c599c152ab8802cdb72f0cc2fc30d 16 | fingerprint: e173ed32386bb2a772a555da49ac001c2e7c599c152ab8802cdb72f0cc2fc30d 17 | sha1: sha256:f4643233a558875d36d9cf8de88d7c25d401b22f3049053a6720853bf2b12f5d 18 | packages: 19 | - name: copilot 20 | version: 387fc2a68771c24be434b6f09a994befbfac62b13ec7951630d320b7f7be3785 21 | fingerprint: 387fc2a68771c24be434b6f09a994befbfac62b13ec7951630d320b7f7be3785 22 | sha1: sha256:34c9663b18efee18466f4df5989cf0aa325518691160f3a7aff7fdf12577483e 23 | dependencies: 24 | - golang-1-linux 25 | - name: envoy 26 | version: 776eec30022304b5342972ee5438afe2a36e89c9aa1a687812a2438f16e04401 27 | fingerprint: 776eec30022304b5342972ee5438afe2a36e89c9aa1a687812a2438f16e04401 28 | sha1: sha256:066535fd86ff8c446f25b96b1c2a7356f946616719786a8de6f36df2f7d92de3 29 | dependencies: [] 30 | - name: golang-1-linux 31 | version: 4b37d308b947ad4932c10781224b0db02ad274ca174c6851d09e49107e3eca82 32 | fingerprint: 4b37d308b947ad4932c10781224b0db02ad274ca174c6851d09e49107e3eca82 33 | sha1: sha256:edfa152be5680f6a0f74de79018f0dbda7a1fd546927b51b08c10158f057f4ab 34 | dependencies: [] 35 | - name: grpcurl 36 | version: e3fed164b4d010650526f35e86ef6212507fae22ed6b84261b938a8aba0d20e4 37 | fingerprint: e3fed164b4d010650526f35e86ef6212507fae22ed6b84261b938a8aba0d20e4 38 | sha1: sha256:f678c9c6e7e1a1a7fe964fae9ab1b59c39fa71971239cc302f1d0b377d19286d 39 | dependencies: [] 40 | - name: librarian 41 | version: 330e9b0c56ce4c1f83afe0665e73bd619faf05c2ea47e331ec5096616f023f55 42 | fingerprint: 330e9b0c56ce4c1f83afe0665e73bd619faf05c2ea47e331ec5096616f023f55 43 | sha1: sha256:61a2eb6fb78c3f060212adfe6e062be86c5543f614d2110ee40432e301f3aa57 44 | dependencies: 45 | - golang-1-linux 46 | - name: pilot 47 | version: 7f95f78d1342ce976d7f64ade0699a342387fbd29ad554c098dd3dbb6b6c0ccd 48 | fingerprint: 7f95f78d1342ce976d7f64ade0699a342387fbd29ad554c098dd3dbb6b6c0ccd 49 | sha1: sha256:2238d19a04381f15926710fa6e71e7ebb439a064227dc3c419c39813a3ea8d7b 50 | dependencies: 51 | - golang-1-linux 52 | license: 53 | version: 7765bf2fe7f1ac25a407022308d7b687d5006fc6a5e40ce7a1aa8a5a34e705d4 54 | fingerprint: 7765bf2fe7f1ac25a407022308d7b687d5006fc6a5e40ce7a1aa8a5a34e705d4 55 | sha1: sha256:1db6f4d4b23c3978c16e6f5805d12c78ee99ad7d97a5d759d5ab96ae7e81d5ac 56 | -------------------------------------------------------------------------------- /releases/istio/istio-1.0.2.yml: -------------------------------------------------------------------------------- 1 | name: istio 2 | version: 1.0.2 3 | commit_hash: cc2f76b 4 | uncommitted_changes: false 5 | jobs: 6 | - name: copilot 7 | version: b5f56919af7feafd1fdeebfd856adac86dc62b05910562dfc6c068f84dfda019 8 | fingerprint: b5f56919af7feafd1fdeebfd856adac86dc62b05910562dfc6c068f84dfda019 9 | sha1: sha256:92774f1b7e26d7c02e96f3dec5685854c45ef492befd729fcd792177252f7b65 10 | - name: envoy 11 | version: 7689163e9bf8e68bb446128d6216fb2f04c3b034dd8e7ae4085ca30b48b52197 12 | fingerprint: 7689163e9bf8e68bb446128d6216fb2f04c3b034dd8e7ae4085ca30b48b52197 13 | sha1: sha256:0ef4c43e9b2a5a484c75729cbc742a3a4a6e0c1725fac0050b6849d022af4fe6 14 | - name: pilot-discovery 15 | version: e173ed32386bb2a772a555da49ac001c2e7c599c152ab8802cdb72f0cc2fc30d 16 | fingerprint: e173ed32386bb2a772a555da49ac001c2e7c599c152ab8802cdb72f0cc2fc30d 17 | sha1: sha256:f4643233a558875d36d9cf8de88d7c25d401b22f3049053a6720853bf2b12f5d 18 | packages: 19 | - name: copilot 20 | version: 387fc2a68771c24be434b6f09a994befbfac62b13ec7951630d320b7f7be3785 21 | fingerprint: 387fc2a68771c24be434b6f09a994befbfac62b13ec7951630d320b7f7be3785 22 | sha1: sha256:34c9663b18efee18466f4df5989cf0aa325518691160f3a7aff7fdf12577483e 23 | dependencies: 24 | - golang-1-linux 25 | - name: envoy 26 | version: 776eec30022304b5342972ee5438afe2a36e89c9aa1a687812a2438f16e04401 27 | fingerprint: 776eec30022304b5342972ee5438afe2a36e89c9aa1a687812a2438f16e04401 28 | sha1: sha256:066535fd86ff8c446f25b96b1c2a7356f946616719786a8de6f36df2f7d92de3 29 | dependencies: [] 30 | - name: golang-1-linux 31 | version: 4b37d308b947ad4932c10781224b0db02ad274ca174c6851d09e49107e3eca82 32 | fingerprint: 4b37d308b947ad4932c10781224b0db02ad274ca174c6851d09e49107e3eca82 33 | sha1: sha256:edfa152be5680f6a0f74de79018f0dbda7a1fd546927b51b08c10158f057f4ab 34 | dependencies: [] 35 | - name: grpcurl 36 | version: e3fed164b4d010650526f35e86ef6212507fae22ed6b84261b938a8aba0d20e4 37 | fingerprint: e3fed164b4d010650526f35e86ef6212507fae22ed6b84261b938a8aba0d20e4 38 | sha1: sha256:f678c9c6e7e1a1a7fe964fae9ab1b59c39fa71971239cc302f1d0b377d19286d 39 | dependencies: [] 40 | - name: librarian 41 | version: 330e9b0c56ce4c1f83afe0665e73bd619faf05c2ea47e331ec5096616f023f55 42 | fingerprint: 330e9b0c56ce4c1f83afe0665e73bd619faf05c2ea47e331ec5096616f023f55 43 | sha1: sha256:61a2eb6fb78c3f060212adfe6e062be86c5543f614d2110ee40432e301f3aa57 44 | dependencies: 45 | - golang-1-linux 46 | - name: pilot 47 | version: 7f95f78d1342ce976d7f64ade0699a342387fbd29ad554c098dd3dbb6b6c0ccd 48 | fingerprint: 7f95f78d1342ce976d7f64ade0699a342387fbd29ad554c098dd3dbb6b6c0ccd 49 | sha1: sha256:2238d19a04381f15926710fa6e71e7ebb439a064227dc3c419c39813a3ea8d7b 50 | dependencies: 51 | - golang-1-linux 52 | license: 53 | version: 7765bf2fe7f1ac25a407022308d7b687d5006fc6a5e40ce7a1aa8a5a34e705d4 54 | fingerprint: 7765bf2fe7f1ac25a407022308d7b687d5006fc6a5e40ce7a1aa8a5a34e705d4 55 | sha1: sha256:1db6f4d4b23c3978c16e6f5805d12c78ee99ad7d97a5d759d5ab96ae7e81d5ac 56 | -------------------------------------------------------------------------------- /releases/istio/istio-1.1.0.yml: -------------------------------------------------------------------------------- 1 | name: istio 2 | version: 1.1.0 3 | commit_hash: 8fad2bb 4 | uncommitted_changes: false 5 | jobs: 6 | - name: copilot 7 | version: b5f56919af7feafd1fdeebfd856adac86dc62b05910562dfc6c068f84dfda019 8 | fingerprint: b5f56919af7feafd1fdeebfd856adac86dc62b05910562dfc6c068f84dfda019 9 | sha1: sha256:92774f1b7e26d7c02e96f3dec5685854c45ef492befd729fcd792177252f7b65 10 | - name: envoy 11 | version: e78b2a8b73deb9a0ce0b1b688ab54cd69d8db6fd548a219d7eb03288e7c96490 12 | fingerprint: e78b2a8b73deb9a0ce0b1b688ab54cd69d8db6fd548a219d7eb03288e7c96490 13 | sha1: sha256:27f4a41307e74c0ac04c4bfee330f505d6b8c074159f77d337cfaaf52fb263a5 14 | - name: pilot-discovery 15 | version: e173ed32386bb2a772a555da49ac001c2e7c599c152ab8802cdb72f0cc2fc30d 16 | fingerprint: e173ed32386bb2a772a555da49ac001c2e7c599c152ab8802cdb72f0cc2fc30d 17 | sha1: sha256:f4643233a558875d36d9cf8de88d7c25d401b22f3049053a6720853bf2b12f5d 18 | packages: 19 | - name: copilot 20 | version: 387fc2a68771c24be434b6f09a994befbfac62b13ec7951630d320b7f7be3785 21 | fingerprint: 387fc2a68771c24be434b6f09a994befbfac62b13ec7951630d320b7f7be3785 22 | sha1: sha256:34c9663b18efee18466f4df5989cf0aa325518691160f3a7aff7fdf12577483e 23 | dependencies: 24 | - golang-1-linux 25 | - name: envoy 26 | version: 776eec30022304b5342972ee5438afe2a36e89c9aa1a687812a2438f16e04401 27 | fingerprint: 776eec30022304b5342972ee5438afe2a36e89c9aa1a687812a2438f16e04401 28 | sha1: sha256:066535fd86ff8c446f25b96b1c2a7356f946616719786a8de6f36df2f7d92de3 29 | dependencies: [] 30 | - name: golang-1-linux 31 | version: 4b37d308b947ad4932c10781224b0db02ad274ca174c6851d09e49107e3eca82 32 | fingerprint: 4b37d308b947ad4932c10781224b0db02ad274ca174c6851d09e49107e3eca82 33 | sha1: sha256:edfa152be5680f6a0f74de79018f0dbda7a1fd546927b51b08c10158f057f4ab 34 | dependencies: [] 35 | - name: grpcurl 36 | version: e3fed164b4d010650526f35e86ef6212507fae22ed6b84261b938a8aba0d20e4 37 | fingerprint: e3fed164b4d010650526f35e86ef6212507fae22ed6b84261b938a8aba0d20e4 38 | sha1: sha256:f678c9c6e7e1a1a7fe964fae9ab1b59c39fa71971239cc302f1d0b377d19286d 39 | dependencies: [] 40 | - name: librarian 41 | version: 330e9b0c56ce4c1f83afe0665e73bd619faf05c2ea47e331ec5096616f023f55 42 | fingerprint: 330e9b0c56ce4c1f83afe0665e73bd619faf05c2ea47e331ec5096616f023f55 43 | sha1: sha256:61a2eb6fb78c3f060212adfe6e062be86c5543f614d2110ee40432e301f3aa57 44 | dependencies: 45 | - golang-1-linux 46 | - name: pilot 47 | version: 7f95f78d1342ce976d7f64ade0699a342387fbd29ad554c098dd3dbb6b6c0ccd 48 | fingerprint: 7f95f78d1342ce976d7f64ade0699a342387fbd29ad554c098dd3dbb6b6c0ccd 49 | sha1: sha256:2238d19a04381f15926710fa6e71e7ebb439a064227dc3c419c39813a3ea8d7b 50 | dependencies: 51 | - golang-1-linux 52 | license: 53 | version: 7765bf2fe7f1ac25a407022308d7b687d5006fc6a5e40ce7a1aa8a5a34e705d4 54 | fingerprint: 7765bf2fe7f1ac25a407022308d7b687d5006fc6a5e40ce7a1aa8a5a34e705d4 55 | sha1: sha256:1db6f4d4b23c3978c16e6f5805d12c78ee99ad7d97a5d759d5ab96ae7e81d5ac 56 | -------------------------------------------------------------------------------- /releases/istio/istio-1.2.0.yml: -------------------------------------------------------------------------------- 1 | name: istio 2 | version: 1.2.0 3 | commit_hash: bce9cef 4 | uncommitted_changes: false 5 | jobs: 6 | - name: copilot 7 | version: b5f56919af7feafd1fdeebfd856adac86dc62b05910562dfc6c068f84dfda019 8 | fingerprint: b5f56919af7feafd1fdeebfd856adac86dc62b05910562dfc6c068f84dfda019 9 | sha1: sha256:92774f1b7e26d7c02e96f3dec5685854c45ef492befd729fcd792177252f7b65 10 | - name: envoy 11 | version: e78b2a8b73deb9a0ce0b1b688ab54cd69d8db6fd548a219d7eb03288e7c96490 12 | fingerprint: e78b2a8b73deb9a0ce0b1b688ab54cd69d8db6fd548a219d7eb03288e7c96490 13 | sha1: sha256:27f4a41307e74c0ac04c4bfee330f505d6b8c074159f77d337cfaaf52fb263a5 14 | - name: pilot-discovery 15 | version: e173ed32386bb2a772a555da49ac001c2e7c599c152ab8802cdb72f0cc2fc30d 16 | fingerprint: e173ed32386bb2a772a555da49ac001c2e7c599c152ab8802cdb72f0cc2fc30d 17 | sha1: sha256:f4643233a558875d36d9cf8de88d7c25d401b22f3049053a6720853bf2b12f5d 18 | packages: 19 | - name: copilot 20 | version: 2b8e9d77e78e2e7fb101d5534433eb28dda94fd2934ed01aa515e7b1cf7ce0f6 21 | fingerprint: 2b8e9d77e78e2e7fb101d5534433eb28dda94fd2934ed01aa515e7b1cf7ce0f6 22 | sha1: sha256:739273caea8abb86af40c83d0bfd8a6cb7fcfcfd5d4ff91417b558594adb5b17 23 | dependencies: 24 | - golang-1-linux 25 | - name: envoy 26 | version: 776eec30022304b5342972ee5438afe2a36e89c9aa1a687812a2438f16e04401 27 | fingerprint: 776eec30022304b5342972ee5438afe2a36e89c9aa1a687812a2438f16e04401 28 | sha1: sha256:066535fd86ff8c446f25b96b1c2a7356f946616719786a8de6f36df2f7d92de3 29 | dependencies: [] 30 | - name: golang-1-linux 31 | version: 4b37d308b947ad4932c10781224b0db02ad274ca174c6851d09e49107e3eca82 32 | fingerprint: 4b37d308b947ad4932c10781224b0db02ad274ca174c6851d09e49107e3eca82 33 | sha1: sha256:edfa152be5680f6a0f74de79018f0dbda7a1fd546927b51b08c10158f057f4ab 34 | dependencies: [] 35 | - name: grpcurl 36 | version: e3fed164b4d010650526f35e86ef6212507fae22ed6b84261b938a8aba0d20e4 37 | fingerprint: e3fed164b4d010650526f35e86ef6212507fae22ed6b84261b938a8aba0d20e4 38 | sha1: sha256:f678c9c6e7e1a1a7fe964fae9ab1b59c39fa71971239cc302f1d0b377d19286d 39 | dependencies: [] 40 | - name: librarian 41 | version: 1a4860d26890494e9cf800f5bd2375d191cb79e2231104aec026f4df50c16c7c 42 | fingerprint: 1a4860d26890494e9cf800f5bd2375d191cb79e2231104aec026f4df50c16c7c 43 | sha1: sha256:88b28da96c1034810baecdb5b44b3d5057c6df72890cfbe9783da0539ae49830 44 | dependencies: 45 | - golang-1-linux 46 | - name: pilot 47 | version: 7f95f78d1342ce976d7f64ade0699a342387fbd29ad554c098dd3dbb6b6c0ccd 48 | fingerprint: 7f95f78d1342ce976d7f64ade0699a342387fbd29ad554c098dd3dbb6b6c0ccd 49 | sha1: sha256:2238d19a04381f15926710fa6e71e7ebb439a064227dc3c419c39813a3ea8d7b 50 | dependencies: 51 | - golang-1-linux 52 | license: 53 | version: 7765bf2fe7f1ac25a407022308d7b687d5006fc6a5e40ce7a1aa8a5a34e705d4 54 | fingerprint: 7765bf2fe7f1ac25a407022308d7b687d5006fc6a5e40ce7a1aa8a5a34e705d4 55 | sha1: sha256:1db6f4d4b23c3978c16e6f5805d12c78ee99ad7d97a5d759d5ab96ae7e81d5ac 56 | -------------------------------------------------------------------------------- /releases/istio/istio-1.3.0.yml: -------------------------------------------------------------------------------- 1 | name: istio 2 | version: 1.3.0 3 | commit_hash: 84fffcd 4 | uncommitted_changes: false 5 | jobs: 6 | - name: copilot 7 | version: b5f56919af7feafd1fdeebfd856adac86dc62b05910562dfc6c068f84dfda019 8 | fingerprint: b5f56919af7feafd1fdeebfd856adac86dc62b05910562dfc6c068f84dfda019 9 | sha1: sha256:92774f1b7e26d7c02e96f3dec5685854c45ef492befd729fcd792177252f7b65 10 | packages: 11 | - copilot 12 | - golang-1-linux 13 | - name: envoy 14 | version: e78b2a8b73deb9a0ce0b1b688ab54cd69d8db6fd548a219d7eb03288e7c96490 15 | fingerprint: e78b2a8b73deb9a0ce0b1b688ab54cd69d8db6fd548a219d7eb03288e7c96490 16 | sha1: sha256:27f4a41307e74c0ac04c4bfee330f505d6b8c074159f77d337cfaaf52fb263a5 17 | packages: 18 | - envoy 19 | - librarian 20 | - name: pilot-discovery 21 | version: e173ed32386bb2a772a555da49ac001c2e7c599c152ab8802cdb72f0cc2fc30d 22 | fingerprint: e173ed32386bb2a772a555da49ac001c2e7c599c152ab8802cdb72f0cc2fc30d 23 | sha1: sha256:f4643233a558875d36d9cf8de88d7c25d401b22f3049053a6720853bf2b12f5d 24 | packages: 25 | - pilot 26 | - grpcurl 27 | - golang-1-linux 28 | packages: 29 | - name: copilot 30 | version: df5915f95cc0b12429eca579f24c891b7d52ebeda450dd1105224a2d0b97d59c 31 | fingerprint: df5915f95cc0b12429eca579f24c891b7d52ebeda450dd1105224a2d0b97d59c 32 | sha1: sha256:88ded12236794b42204639ef205ef15efe93c6ee4af91cfcfbc486dd77d7a9e6 33 | dependencies: 34 | - golang-1-linux 35 | - name: envoy 36 | version: d34f134e050b5216c71d0075f625edee69d2001aa121caea26271755193a2908 37 | fingerprint: d34f134e050b5216c71d0075f625edee69d2001aa121caea26271755193a2908 38 | sha1: sha256:913ca42c50a26196f0cfd1f048e629762d8e6167b7a0e26f8283878563d14eb8 39 | dependencies: [] 40 | - name: golang-1-linux 41 | version: 67335315cb5afd81462d3b2f35ee79b09c69a909634d16a0ec45d7982a9a611e 42 | fingerprint: 67335315cb5afd81462d3b2f35ee79b09c69a909634d16a0ec45d7982a9a611e 43 | sha1: sha256:30f7672b2c30c975c16e2d7e2ed5feadb373c2be064e11068839c5d28b5fe8f9 44 | dependencies: [] 45 | - name: grpcurl 46 | version: e3fed164b4d010650526f35e86ef6212507fae22ed6b84261b938a8aba0d20e4 47 | fingerprint: e3fed164b4d010650526f35e86ef6212507fae22ed6b84261b938a8aba0d20e4 48 | sha1: sha256:f678c9c6e7e1a1a7fe964fae9ab1b59c39fa71971239cc302f1d0b377d19286d 49 | dependencies: [] 50 | - name: librarian 51 | version: ab545b73a0e4e9259e771b00efc5cfef796f53339a2f4989dc7af7514648e687 52 | fingerprint: ab545b73a0e4e9259e771b00efc5cfef796f53339a2f4989dc7af7514648e687 53 | sha1: sha256:1bd3c56e9f97f6b2fbf999c9a892adad9e4b46f9a4178e75e60e7f309e3b47d0 54 | dependencies: 55 | - golang-1-linux 56 | - name: pilot 57 | version: 0e44be3c2977c8a4d6775630eeda5fe1f744fd21b278c4c63463a9657ca06d0b 58 | fingerprint: 0e44be3c2977c8a4d6775630eeda5fe1f744fd21b278c4c63463a9657ca06d0b 59 | sha1: sha256:6487b9271b75e851c8dfda60e0d7da7bc594dd6bda998fd551fbc241d59be854 60 | dependencies: 61 | - golang-1-linux 62 | license: 63 | version: 7765bf2fe7f1ac25a407022308d7b687d5006fc6a5e40ce7a1aa8a5a34e705d4 64 | fingerprint: 7765bf2fe7f1ac25a407022308d7b687d5006fc6a5e40ce7a1aa8a5a34e705d4 65 | sha1: sha256:1db6f4d4b23c3978c16e6f5805d12c78ee99ad7d97a5d759d5ab96ae7e81d5ac 66 | -------------------------------------------------------------------------------- /releases/istio/istio-1.yml: -------------------------------------------------------------------------------- 1 | name: istio 2 | version: "1" 3 | commit_hash: 61d62a9 4 | uncommitted_changes: false 5 | jobs: 6 | - name: copilot 7 | version: 7d3f9353e31e5c015590abceef039d5a4f49ab5fe6e77fc7ced3d2d209b5436b 8 | fingerprint: 7d3f9353e31e5c015590abceef039d5a4f49ab5fe6e77fc7ced3d2d209b5436b 9 | sha1: sha256:e08b1026bae836fb90087b375d2e2cc90f0207dd3e091d18db9e704ba023806c 10 | - name: envoy 11 | version: db49a607c408a6b27531fbee13ee47fa852c5788748f6dc3e4cdbfc6f2349ee9 12 | fingerprint: db49a607c408a6b27531fbee13ee47fa852c5788748f6dc3e4cdbfc6f2349ee9 13 | sha1: sha256:62b8ef26d4a4c92f5feb14eb989fd3880fb7cd28b1852376df4c1c68408e3c7a 14 | - name: pilot-discovery 15 | version: 4d46a078ce9876d64338569ce917ad3edd37f2ab8117002933ee9c9d0c5b93e3 16 | fingerprint: 4d46a078ce9876d64338569ce917ad3edd37f2ab8117002933ee9c9d0c5b93e3 17 | sha1: sha256:815c0d680aa834e98c9f076f3ab856e99aa32324c91bb132beef204b668995d5 18 | packages: 19 | - name: copilot 20 | version: 5285e58ce75d7234ae7516c6639503faae15e1aeec8cb6662e5eb8626b704182 21 | fingerprint: 5285e58ce75d7234ae7516c6639503faae15e1aeec8cb6662e5eb8626b704182 22 | sha1: sha256:a1c4fde505d55d63fe66a2117da2d445efe616dc925d0ce4fdb4d42d543e66ef 23 | dependencies: 24 | - golang-1-linux 25 | - name: envoy 26 | version: 7b8aae86953f0e3376e66800bc59361c5117f43b4f87e36a2ac65998bafa1849 27 | fingerprint: 7b8aae86953f0e3376e66800bc59361c5117f43b4f87e36a2ac65998bafa1849 28 | sha1: sha256:999df67c3077aa82aaa5c15ed6776500862ea1a8fb7ec6603b6d10d278eb1c80 29 | dependencies: [] 30 | - name: golang-1-linux 31 | version: 3ebf8d2b96ce770b0017661484a557e3d44b4508 32 | fingerprint: 3ebf8d2b96ce770b0017661484a557e3d44b4508 33 | sha1: 2baa73e173490135011eb2f29c9d2f240e68664b 34 | dependencies: [] 35 | - name: grpcurl 36 | version: 54415abfa9e50302dbd57d057d05ad4c21ad29ab47f63ed56ae5b6ceddfd0241 37 | fingerprint: 54415abfa9e50302dbd57d057d05ad4c21ad29ab47f63ed56ae5b6ceddfd0241 38 | sha1: sha256:3bff0508e18be72a99aa0f4ffdac5cbbe7ceaa6e6f33bcc9d72c65ee4767db5b 39 | dependencies: [] 40 | - name: librarian 41 | version: a099e581681ba77ec55e8e5b25578fe2bae8a59e1bd24132dfaeb7c7e0acd26d 42 | fingerprint: a099e581681ba77ec55e8e5b25578fe2bae8a59e1bd24132dfaeb7c7e0acd26d 43 | sha1: sha256:2acf6d395bf5f174112d6810511c0e5e4c5c0d2a63057dd155b926f209b9ced6 44 | dependencies: 45 | - golang-1-linux 46 | - name: pilot 47 | version: 1b5eaddb97f7cc7bb3a07cea478eaef12b56cbb07bf59a49909674a454b52db1 48 | fingerprint: 1b5eaddb97f7cc7bb3a07cea478eaef12b56cbb07bf59a49909674a454b52db1 49 | sha1: sha256:7bf033bd1652c7aae08cc0e5877e4d46b685111a95d1ebdb6ddd02f76d10d107 50 | dependencies: 51 | - golang-1-linux 52 | license: 53 | version: 7765bf2fe7f1ac25a407022308d7b687d5006fc6a5e40ce7a1aa8a5a34e705d4 54 | fingerprint: 7765bf2fe7f1ac25a407022308d7b687d5006fc6a5e40ce7a1aa8a5a34e705d4 55 | sha1: sha256:1db6f4d4b23c3978c16e6f5805d12c78ee99ad7d97a5d759d5ab96ae7e81d5ac 56 | -------------------------------------------------------------------------------- /scripts/commit-with-submodule-log: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | set -e -x 4 | 5 | git ci -t <($(dirname $0)/submodule-log "$@" ) 6 | -------------------------------------------------------------------------------- /scripts/submodule-log: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | for submodule in $(git diff --cached --submodule | grep '^Submodule' | awk '{print $2}'); do 4 | echo "bump $(basename "${submodule}")" 5 | done 6 | 7 | echo 8 | echo 9 | 10 | if [ "$#" != "0" ]; then 11 | for id in "$@"; do 12 | echo "[finishes #${id}]" 13 | done 14 | 15 | echo 16 | fi 17 | 18 | git submodule status | awk '{print $2}' | xargs git diff --cached --submodule 19 | -------------------------------------------------------------------------------- /scripts/test: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | set -euo pipefail 4 | 5 | ROOT="$(cd "$(dirname "${0}")/.." && pwd)" 6 | 7 | pushd "${ROOT}" > /dev/null 8 | bundle 9 | bundle exec rspec "${ROOT}/spec" 10 | 11 | pushd ./src/code.cloudfoundry.org/copilot > /dev/null 12 | ginkgo -r -p --randomizeAllSpecs --randomizeSuites --failOnPending --trace --race --progress 13 | popd > /dev/null 14 | popd > /dev/null 15 | -------------------------------------------------------------------------------- /scripts/update: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | set -ex 3 | 4 | function has_upstream() { 5 | git rev-parse @{u} > /dev/null 2>&1 6 | } 7 | 8 | has_upstream && git pull 9 | 10 | git submodule sync 11 | git submodule update --init --recursive 12 | 13 | echo "Istio Release has been updated" 14 | -------------------------------------------------------------------------------- /spec/copilot.json.erb_spec.rb: -------------------------------------------------------------------------------- 1 | # rubocop:disable LineLength 2 | # rubocop:disable BlockLength 3 | require 'rspec' 4 | require 'yaml' 5 | require 'bosh/template/test' 6 | require 'json' 7 | 8 | TEST_CERT = 'some 9 | 10 | multiline 11 | 12 | cert'.freeze 13 | 14 | TEST_KEY = 'some 15 | 16 | multi line key'.freeze 17 | 18 | describe 'config.json.erb' do 19 | let(:deployment_manifest_fragment) do 20 | { 21 | 'listen_port_for_mcp' => 9009, 22 | 'pilot_client_ca_cert' => 'pilot-ca', 23 | 'listen_port_for_cloud_controller' => 9001, 24 | 'listen_port_for_vip_resolver' => 9002, 25 | 'cloud_controller_ca_cert' => 'cc-ca', 26 | 'server_cert' => 'server-cert', 27 | 'server_key' => 'server-key', 28 | 'experimental_vip_cidr' => '127.128.0.0/9', 29 | 'log_level' => 'fatal', 30 | 'bbs' => { 31 | 'sync_interval' => '30s', 32 | 'server_ca_cert' => 'bbs-ca', 33 | 'client_cert' => 'bbs-client', 34 | 'client_key' => 'bbs-key', 35 | 'address' => 'https://bbs.service.cf.internal:8889', 36 | 'client_session_cache_size' => 0, 37 | 'max_idle_conns_per_host' => 0 38 | }, 39 | 'frontend_tls_keypairs' => [ 40 | { 41 | 'cert_chain' => 'test-chain', 42 | 'private_key' => 'test-key' 43 | }, 44 | { 45 | 'cert_chain' => 'test-chain2', 46 | 'private_key' => 'test-key2' 47 | } 48 | ] 49 | } 50 | end 51 | 52 | let(:release_path) { File.join(File.dirname(__FILE__), '..') } 53 | let(:release) { Bosh::Template::Test::ReleaseDir.new(release_path) } 54 | let(:job) { release.job('copilot') } 55 | 56 | subject(:parsed_yaml) do 57 | template = job.template('config/config.json') 58 | JSON.parse(template.render(deployment_manifest_fragment)) 59 | end 60 | 61 | context 'given a generally valid manifest' do 62 | context 'frontend_tls_keypairs' do 63 | context 'when correct frontend_tls_keypairs is provided' do 64 | it 'should configure the property' do 65 | expect(parsed_yaml['TLSPems'].length).to eq(2) 66 | expect(parsed_yaml['TLSPems'][0]).to eq('CertChain' => 'test-chain', 67 | 'PrivateKey' => 'test-key') 68 | expect(parsed_yaml['TLSPems'][1]).to eq('CertChain' => 'test-chain2', 69 | 'PrivateKey' => 'test-key2') 70 | end 71 | end 72 | 73 | context 'when an incorrect frontend_tls_keypairs value is provided with missing cert' do 74 | before do 75 | deployment_manifest_fragment['frontend_tls_keypairs'] = [{ 'private_key' => 'test-key' }] 76 | end 77 | 78 | it 'should error' do 79 | expect { raise parsed_yaml }.to raise_error(RuntimeError, 'must provide cert_chain and private_key with frontend_tls_keypairs') 80 | end 81 | end 82 | 83 | context 'when an incorrect frontend_tls_keypairs value is provided with missing key' do 84 | before do 85 | deployment_manifest_fragment['frontend_tls_keypairs'] = [{ 'cert_chain' => 'test-chain' }] 86 | end 87 | 88 | it 'should error' do 89 | expect { raise parsed_yaml }.to raise_error(RuntimeError, 'must provide cert_chain and private_key with frontend_tls_keypairs') 90 | end 91 | end 92 | 93 | context 'when an incorrect frontend_tls_keypairs value is provided as wrong format' do 94 | before do 95 | deployment_manifest_fragment['frontend_tls_keypairs'] = ['cert'] 96 | end 97 | it 'should error' do 98 | expect { raise parsed_yaml }.to raise_error(RuntimeError, 'must provide cert_chain and private_key with frontend_tls_keypairs') 99 | end 100 | end 101 | 102 | context 'when an incorrect frontend_tls_keypairs value is not provided as an array' do 103 | before do 104 | deployment_manifest_fragment['frontend_tls_keypairs'] = 'cert' 105 | end 106 | it 'should error' do 107 | expect { raise parsed_yaml }.to raise_error(RuntimeError, 'frontend_tls_keypairs should be an array') 108 | end 109 | end 110 | end 111 | end 112 | end 113 | -------------------------------------------------------------------------------- /spec/envoy.json.erb_spec.rb: -------------------------------------------------------------------------------- 1 | # rubocop:disable LineLength 2 | # rubocop:disable BlockLength 3 | require 'rspec' 4 | require 'yaml' 5 | require 'bosh/template/evaluation_context' 6 | require 'json' 7 | 8 | TEST_CERT = 'some 9 | 10 | multiline 11 | 12 | cert'.freeze 13 | 14 | TEST_KEY = 'some 15 | 16 | multi line key'.freeze 17 | 18 | describe 'envoy.json.erb' do 19 | let(:deployment_manifest_fragment) do 20 | { 21 | 'index' => 0, 22 | 'job' => { 'name' => 'i_like_bosh' }, 23 | 'properties' => { 24 | 'statsd' => { 'enabled' => false } 25 | } 26 | } 27 | end 28 | 29 | let(:erb_yaml) do 30 | File.read(File.join(File.dirname(__FILE__), '../jobs/envoy/templates/envoy.json.erb')) 31 | end 32 | 33 | subject(:parsed_yaml) do 34 | binding = Bosh::Template::EvaluationContext.new(deployment_manifest_fragment, nil).get_binding 35 | eval( 36 | 'class Link 37 | def instances() 38 | [] 39 | end 40 | end 41 | def link(s) 42 | return Link.new() 43 | end', binding) 44 | JSON.parse(ERB.new(erb_yaml).result(binding)) 45 | end 46 | 47 | context 'given a generally valid manifest' do 48 | it 'should disable statistics gathering' do 49 | expect(parsed_yaml['stats_config']).not_to eq(nil) 50 | expect(parsed_yaml['stats_config']['stats_matcher']).not_to eq(nil) 51 | expect(parsed_yaml['stats_config']['stats_matcher']['reject_all']).to eq(true) 52 | end 53 | 54 | context 'when statsd is not configured' do 55 | it 'should not configure the property stats_sinks' do 56 | expect(parsed_yaml['stats_sinks']).to eq(nil) 57 | end 58 | end 59 | context 'when statsd is configured' do 60 | let(:deployment_manifest_fragment) do 61 | { 62 | 'index' => 0, 63 | 'job' => { 'name' => 'i_like_bosh' }, 64 | 'properties' => { 65 | 'statsd' => { 66 | 'enabled' => true, 67 | 'address' => '127.0.0.1', 68 | 'port' => 8125, 69 | 'protocol' => 'TCP', 70 | } 71 | } 72 | } 73 | end 74 | it 'should configure the statsd' do 75 | expect(parsed_yaml['stats_sinks']).not_to eq(nil) 76 | expect(parsed_yaml['stats_sinks']["config"]["address"]["socket_address"]["address"]).to eq("127.0.0.1") 77 | expect(parsed_yaml['stats_sinks']["config"]["address"]["socket_address"]["port_value"]).to eq(8125) 78 | expect(parsed_yaml['stats_sinks']["config"]["address"]["socket_address"]["protocol"]).to eq("TCP") 79 | end 80 | end 81 | end 82 | end 83 | -------------------------------------------------------------------------------- /spec/envoy/bpm.yml.erb_spec.rb: -------------------------------------------------------------------------------- 1 | # rubocop:disable BlockLength 2 | # rubocop:disable LineLength 3 | require 'rspec' 4 | require 'yaml' 5 | require 'bosh/template/test' 6 | 7 | describe 'bpm.yml.erb' do 8 | let(:deployment_manifest_fragment) do 9 | { 10 | } 11 | end 12 | 13 | let(:release_path) { File.join(File.dirname(__FILE__), '../..') } 14 | let(:release) { Bosh::Template::Test::ReleaseDir.new(release_path) } 15 | let(:job) { release.job('envoy') } 16 | 17 | subject(:parsed_yaml) do 18 | template = job.template('config/bpm.yml') 19 | YAML.safe_load(template.render(deployment_manifest_fragment)) 20 | end 21 | 22 | context 'given a generally valid manifest' do 23 | it 'renders' do 24 | expect(parsed_yaml).to eq( 25 | 'processes' => [ 26 | { 27 | 'args' => [ 28 | '-c /var/vcap/jobs/envoy/config/envoy.json', 29 | '--max-obj-name-len 200' 30 | ], 31 | 'capabilities' => ['NET_BIND_SERVICE'], 32 | 'executable' => '/var/vcap/packages/envoy/bin/envoy', 33 | 'hooks' => { 'pre_start' => '/var/vcap/jobs/envoy/bin/bpm-pre-start' }, 34 | 'limits' => { 'open_files' => 1024 }, 35 | 'name' => 'envoy' 36 | } 37 | ] 38 | ) 39 | end 40 | 41 | context 'when overriding open files' do 42 | before do 43 | deployment_manifest_fragment['open_files'] = 42 44 | end 45 | 46 | it 'renders accordingly' do 47 | expect(parsed_yaml['processes'][0]['limits']['open_files']).to eq(42) 48 | end 49 | end 50 | end 51 | end 52 | -------------------------------------------------------------------------------- /test-upstream-linux.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | set -euo pipefail 4 | 5 | cd "$(dirname "$0")" 6 | export GOPATH=${PWD} 7 | export PATH=$PATH:$GOPATH/bin 8 | 9 | pushd src/istio.io/istio 10 | export KUBECONFIG=$PWD/.circleci/config 11 | make localTestEnv 12 | make pilot-test 13 | make test/local/cloudfoundry/e2e_pilotv2 14 | popd 15 | -------------------------------------------------------------------------------- /test-upstream-mac.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | set -euo pipefail 4 | 5 | ROOT="$(dirname "$0")" 6 | 7 | IMAGE="$(bosh int $ROOT/ci/istio-upstream-tests.yml --path /image_resource/source/repository)" 8 | TAG="$(bosh int $ROOT/ci/istio-upstream-tests.yml --path /image_resource/source/tag)" 9 | 10 | cd $ROOT 11 | 12 | docker run --privileged=true --rm -v "${PWD}":/workspace/istio-release "$IMAGE:$TAG" /bin/bash /workspace/istio-release/test-upstream-linux.sh 13 | --------------------------------------------------------------------------------