From 89d360820407fa1389036401bfcb0179aec45f3c Mon Sep 17 00:00:00 2001 From: Gerd Oberlechner Date: Tue, 7 Jan 2025 11:05:04 +0100 Subject: [PATCH] use istio tag instead of version for namespace labeling (#1021) Signed-off-by: Gerd Oberlechner --- backend/Makefile | 3 +-- backend/pipeline.yaml | 2 ++ cluster-service/Makefile | 5 ++--- cluster-service/pipeline.yaml | 3 +++ dev-infrastructure/Makefile | 1 + dev-infrastructure/config.tmpl.mk | 4 ++++ frontend/Makefile | 3 +-- frontend/pipeline.yaml | 2 ++ maestro/server/Makefile | 3 +-- maestro/server/pipeline.yaml | 2 ++ 10 files changed, 19 insertions(+), 9 deletions(-) diff --git a/backend/Makefile b/backend/Makefile index 89ebf5267..883b89425 100644 --- a/backend/Makefile +++ b/backend/Makefile @@ -39,10 +39,9 @@ deploy: -g ${RESOURCEGROUP} \ -n backend \ --query clientId -o tsv) && \ - ISTO_VERSION=$$(az aks show -n ${AKS_NAME} -g ${RESOURCEGROUP} --query serviceMeshProfile.istio.revisions[-1] -o tsv) && \ DB_URL=$$(az cosmosdb show -n ${DB_NAME} -g ${RESOURCEGROUP} --query documentEndpoint -o tsv) && \ kubectl create namespace aro-hcp --dry-run=client -o json | kubectl apply -f - && \ - kubectl label namespace aro-hcp "istio.io/rev=$${ISTO_VERSION}" --overwrite=true && \ + kubectl label namespace aro-hcp "istio.io/rev=${ISTO_TAG}" --overwrite=true && \ ${HELM_CMD} aro-hcp-backend-dev \ deploy/helm/backend/ \ --set configMap.databaseName=${DB_NAME} \ diff --git a/backend/pipeline.yaml b/backend/pipeline.yaml index 1e2220b98..2a2149f32 100644 --- a/backend/pipeline.yaml +++ b/backend/pipeline.yaml @@ -26,3 +26,5 @@ resourceGroups: configRef: frontend.cosmosDB.name - name: COMMIT configRef: backend.imageTag + - name: ISTO_TAG + configRef: svc.istio.tag diff --git a/cluster-service/Makefile b/cluster-service/Makefile index f47a007c1..296716dbd 100644 --- a/cluster-service/Makefile +++ b/cluster-service/Makefile @@ -4,9 +4,8 @@ ZONE_NAME ?= "${REGIONAL_DNS_SUBDOMAIN}.${BASE_DNS_ZONE_NAME}" deploy: provision-shard - @ISTO_VERSION=$(shell az aks show -n ${AKS_NAME} -g ${RESOURCEGROUP} --query serviceMeshProfile.istio.revisions[-1] -o tsv) && \ - kubectl create namespace cluster-service --dry-run=client -o json | kubectl apply -f - && \ - kubectl label namespace cluster-service "istio.io/rev=$${ISTO_VERSION}" --overwrite=true && \ + @kubectl create namespace cluster-service --dry-run=client -o json | kubectl apply -f - && \ + kubectl label namespace cluster-service "istio.io/rev=${ISTO_TAG}" --overwrite=true && \ AZURE_CS_MI_CLIENT_ID=$(shell az identity show -g ${RESOURCEGROUP} -n clusters-service --query clientId -o tsv) && \ CS_SERVICE_PRINCIPAL_CREDS_BASE64='$(shell az keyvault secret show --vault-name "${SERVICE_KV}" --name "aro-hcp-dev-sp-cs" | jq .value -r | base64 | tr -d '\n')' && \ TENANT_ID=$(shell az account show --query tenantId --output tsv) && \ diff --git a/cluster-service/pipeline.yaml b/cluster-service/pipeline.yaml index e30f15e91..a80154820 100644 --- a/cluster-service/pipeline.yaml +++ b/cluster-service/pipeline.yaml @@ -72,6 +72,9 @@ resourceGroups: configRef: clusterService.azureOperatorsManagedIdentities.imageRegistry.roleName - name: OP_CLOUD_NETWORK_CONFIG_ROLE_NAME configRef: clusterService.azureOperatorsManagedIdentities.cloudNetworkConfig.roleName + - name: ISTO_TAG + configRef: svc.istio.tag + # this is maestro consumer registration stuff # this goes away when we have a real registration process diff --git a/dev-infrastructure/Makefile b/dev-infrastructure/Makefile index d22aa2d39..16562c08c 100644 --- a/dev-infrastructure/Makefile +++ b/dev-infrastructure/Makefile @@ -213,6 +213,7 @@ svc: svc.rg configurations/svc-cluster.bicepparam \ --parameters \ persist=${PERSIST} + @TARGET_VERSION=$(ISTIO_TARGET_VERSION) ISTIOCTL_VERSION=$(ISTIOCTL_VERSION) TAG=$(ISTIO_TAG) scripts/istio.sh .PHONY: svc svc.enable-aks-metrics: diff --git a/dev-infrastructure/config.tmpl.mk b/dev-infrastructure/config.tmpl.mk index a36ad32ad..8759b7218 100644 --- a/dev-infrastructure/config.tmpl.mk +++ b/dev-infrastructure/config.tmpl.mk @@ -16,3 +16,7 @@ OIDC_STORAGE_ACCOUNT ?= {{ .oidcStorageAccountName }} CX_KV_NAME ?= {{ .cxKeyVault.name }} MSI_KV_NAME ?= {{ .msiKeyVault.name }} MGMT_KV_NAME ?= {{ .mgmtKeyVault.name }} + +ISTIO_TARGET_VERSION ?= {{ .svc.istio.targetVersion }} +ISTIOCTL_VERSION ?= {{ .svc.istio.istioctlVersion }} +ISTIO_TAG ?= {{ .svc.istio.tag }} diff --git a/frontend/Makefile b/frontend/Makefile index 1e177c3aa..fc1b62128 100644 --- a/frontend/Makefile +++ b/frontend/Makefile @@ -49,11 +49,10 @@ deploy: --name ${AKS_NAME} \ --query addonProfiles.azureKeyvaultSecretsProvider.identity.clientId \ --output tsv); \ - ISTO_VERSION=$$(az aks show -n ${AKS_NAME} -g ${RESOURCEGROUP} --query serviceMeshProfile.istio.revisions[-1] -o tsv) && \ DB_URL=$$(az cosmosdb show -n ${DB_NAME} -g ${RESOURCEGROUP} --query documentEndpoint -o tsv) && \ TENANT_ID=$(shell az account show --query tenantId --output tsv) && \ kubectl create namespace aro-hcp --dry-run=client -o json | kubectl apply -f - && \ - kubectl label namespace aro-hcp "istio.io/rev=$${ISTO_VERSION}" --overwrite=true && \ + kubectl label namespace aro-hcp "istio.io/rev=${ISTO_TAG}" --overwrite=true && \ ${HELM_CMD} aro-hcp-frontend-dev \ deploy/helm/frontend/ \ --set azure.clientId=$${SECRET_STORE_MI_CLIENT_ID} \ diff --git a/frontend/pipeline.yaml b/frontend/pipeline.yaml index a8ecd902e..3fe466fdb 100644 --- a/frontend/pipeline.yaml +++ b/frontend/pipeline.yaml @@ -30,3 +30,5 @@ resourceGroups: configRef: serviceKeyVault.name - name: CERTIFICATE_NAME configRef: frontend.cert.name + - name: ISTO_TAG + configRef: svc.istio.tag diff --git a/maestro/server/Makefile b/maestro/server/Makefile index 09f7af5b7..f17e6d4ec 100644 --- a/maestro/server/Makefile +++ b/maestro/server/Makefile @@ -2,8 +2,7 @@ deploy: @kubectl create namespace maestro --dry-run=client -o json | kubectl apply -f - - @ISTO_VERSION=$(shell az aks show -n ${AKS_NAME} -g ${SVC_RG} --query serviceMeshProfile.istio.revisions[-1] -o tsv) && \ - kubectl label ${KUBECTL_DRY_RUN} namespace maestro "istio.io/rev=$${ISTO_VERSION}" --overwrite=true + @kubectl label ${KUBECTL_DRY_RUN} namespace maestro "istio.io/rev=${ISTO_TAG}" --overwrite=true @EVENTGRID_HOSTNAME=$(shell az resource show -n ${EVENTGRID_NAME} -g ${REGION_RG} --resource-type "Microsoft.EventGrid/namespaces" --query properties.topicSpacesConfiguration.hostname -o tsv) && \ TENANT_ID=$(shell az account show --query tenantId --output tsv) && \ MAESTRO_MI_CLIENT_ID=$(shell az identity show -g "${SVC_RG}" -n maestro-server --query clientId -o tsv) && \ diff --git a/maestro/server/pipeline.yaml b/maestro/server/pipeline.yaml index 23bb724ac..b605d1797 100644 --- a/maestro/server/pipeline.yaml +++ b/maestro/server/pipeline.yaml @@ -38,3 +38,5 @@ resourceGroups: configRef: serviceKeyVault.name - name: MQTT_CLIENT_NAME configRef: maestro.serverMqttClientName + - name: ISTO_TAG + configRef: svc.istio.tag