From 1e5156e06c96ad613645228c255d6439bfdf1665 Mon Sep 17 00:00:00 2001 From: jbuns Date: Tue, 6 Oct 2020 11:09:22 +0100 Subject: [PATCH 01/14] add case for rhel|centos during update-ca-certificates --- .../pre_render_scripts/uaa/uaa/jobs/patch_pre-start.sh | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/bosh/releases/pre_render_scripts/uaa/uaa/jobs/patch_pre-start.sh b/bosh/releases/pre_render_scripts/uaa/uaa/jobs/patch_pre-start.sh index 5725a6655e..13e6f16458 100644 --- a/bosh/releases/pre_render_scripts/uaa/uaa/jobs/patch_pre-start.sh +++ b/bosh/releases/pre_render_scripts/uaa/uaa/jobs/patch_pre-start.sh @@ -16,7 +16,7 @@ fi patch --verbose "${target}" <<'EOT' --- pre-start.erb 2019-12-04 08:37:51.046503943 +0100 +++ - 2019-12-04 08:41:36.055142488 +0100 -@@ -32,9 +32,24 @@ +@@ -32,9 +32,34 @@ <% end %> log "Trying to run update-ca-certificates..." @@ -36,6 +36,11 @@ patch --verbose "${target}" <<'EOT' + mv /var/lib/ca-certificates/ca-bundle.pem /etc/ssl/certs/"$(basename "${OS_CERTS_FILE}")" + ;; + ++ *rhel|centos*) ++ timeout --signal=KILL 180s /usr/bin/update-ca-trust -f -v ++ cp /etc/ssl/certs/ca-bundle.crt ${OS_CERTS_FILE} ++ ;; ++ + *) + echo "Unsupported operating system: ${PRETTY_NAME}" + exit 42 From ddf7df77aa7425b36cc9e91f53a62693739471fc Mon Sep 17 00:00:00 2001 From: Jeff Bunagan <47635090+jbuns@users.noreply.github.com> Date: Tue, 6 Oct 2020 17:54:53 +0100 Subject: [PATCH 02/14] Update bosh/releases/pre_render_scripts/uaa/uaa/jobs/patch_pre-start.sh Co-authored-by: Mark Yen <3977982+mook-as@users.noreply.github.com> --- .../releases/pre_render_scripts/uaa/uaa/jobs/patch_pre-start.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/bosh/releases/pre_render_scripts/uaa/uaa/jobs/patch_pre-start.sh b/bosh/releases/pre_render_scripts/uaa/uaa/jobs/patch_pre-start.sh index 13e6f16458..48de30e0b5 100644 --- a/bosh/releases/pre_render_scripts/uaa/uaa/jobs/patch_pre-start.sh +++ b/bosh/releases/pre_render_scripts/uaa/uaa/jobs/patch_pre-start.sh @@ -37,7 +37,7 @@ patch --verbose "${target}" <<'EOT' + ;; + + *rhel|centos*) -+ timeout --signal=KILL 180s /usr/bin/update-ca-trust -f -v ++ timeout --signal=KILL 180s /usr/bin/update-ca-trust + cp /etc/ssl/certs/ca-bundle.crt ${OS_CERTS_FILE} + ;; + From 759eed78a8fd8367a0b9169ce0391edc46d73012 Mon Sep 17 00:00:00 2001 From: Jeff Bunagan <47635090+jbuns@users.noreply.github.com> Date: Tue, 6 Oct 2020 17:55:06 +0100 Subject: [PATCH 03/14] Update bosh/releases/pre_render_scripts/uaa/uaa/jobs/patch_pre-start.sh Co-authored-by: Mark Yen <3977982+mook-as@users.noreply.github.com> --- .../releases/pre_render_scripts/uaa/uaa/jobs/patch_pre-start.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/bosh/releases/pre_render_scripts/uaa/uaa/jobs/patch_pre-start.sh b/bosh/releases/pre_render_scripts/uaa/uaa/jobs/patch_pre-start.sh index 48de30e0b5..21d6e3e38a 100644 --- a/bosh/releases/pre_render_scripts/uaa/uaa/jobs/patch_pre-start.sh +++ b/bosh/releases/pre_render_scripts/uaa/uaa/jobs/patch_pre-start.sh @@ -36,7 +36,7 @@ patch --verbose "${target}" <<'EOT' + mv /var/lib/ca-certificates/ca-bundle.pem /etc/ssl/certs/"$(basename "${OS_CERTS_FILE}")" + ;; + -+ *rhel|centos*) ++ *rhel|centos|fedora*) + timeout --signal=KILL 180s /usr/bin/update-ca-trust + cp /etc/ssl/certs/ca-bundle.crt ${OS_CERTS_FILE} + ;; From 188beb34a663966a7f6139d3e717667d75eb3fb2 Mon Sep 17 00:00:00 2001 From: Jan Dubois Date: Tue, 6 Oct 2020 16:58:57 -0700 Subject: [PATCH 04/14] Trigger CI From a74297f31fd526bea47f2c464e653942e2845184 Mon Sep 17 00:00:00 2001 From: jbuns Date: Wed, 7 Oct 2020 10:22:09 +0100 Subject: [PATCH 05/14] Trigger CI From d90d7cf95fba933e6b668437f82200620fc85139 Mon Sep 17 00:00:00 2001 From: jbuns Date: Thu, 8 Oct 2020 09:55:01 +0100 Subject: [PATCH 06/14] fix patch_pre-start.sh --- .../releases/pre_render_scripts/uaa/uaa/jobs/patch_pre-start.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/bosh/releases/pre_render_scripts/uaa/uaa/jobs/patch_pre-start.sh b/bosh/releases/pre_render_scripts/uaa/uaa/jobs/patch_pre-start.sh index 21d6e3e38a..573b6d4d30 100644 --- a/bosh/releases/pre_render_scripts/uaa/uaa/jobs/patch_pre-start.sh +++ b/bosh/releases/pre_render_scripts/uaa/uaa/jobs/patch_pre-start.sh @@ -16,7 +16,7 @@ fi patch --verbose "${target}" <<'EOT' --- pre-start.erb 2019-12-04 08:37:51.046503943 +0100 +++ - 2019-12-04 08:41:36.055142488 +0100 -@@ -32,9 +32,34 @@ +@@ -32,9 +32,29 @@ <% end %> log "Trying to run update-ca-certificates..." From c0bffdca0ab02c73ca4a0963ef1a9b837114773c Mon Sep 17 00:00:00 2001 From: jbuns Date: Thu, 8 Oct 2020 10:16:34 +0100 Subject: [PATCH 07/14] Trigger CI From 104d1b04e9b0d2d22ad72d63c35b6adaf5dce8c8 Mon Sep 17 00:00:00 2001 From: Andreas Kupries Date: Thu, 8 Oct 2020 10:17:27 -0700 Subject: [PATCH 08/14] fix: bump brain test release to v0.0.15 Brings in a fix for the 005/metron test to handle the differences between diego and eirini app logs. --- chart/config/releases.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/chart/config/releases.yaml b/chart/config/releases.yaml index bf4a722f21..0038c0f021 100644 --- a/chart/config/releases.yaml +++ b/chart/config/releases.yaml @@ -20,7 +20,7 @@ releases: tag: 0.1.0 brain-tests: condition: testing.brain_tests.enabled - version: v0.0.14 + version: v0.0.15 bosh-dns-aliases: # not needed for kubecf; functionality provided by quarks-operator condition: false From 05558a16c49c30523b95ded7c62fd531c0c145cc Mon Sep 17 00:00:00 2001 From: Jaime Gomes Date: Thu, 8 Oct 2020 21:17:40 +0200 Subject: [PATCH 09/14] correct the RFD title to be compliant with the other ones --- doc/rfd/rfd/0000/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/rfd/rfd/0000/README.md b/doc/rfd/rfd/0000/README.md index 182276eced..a9d8951496 100644 --- a/doc/rfd/rfd/0000/README.md +++ b/doc/rfd/rfd/0000/README.md @@ -4,7 +4,7 @@ state: discussion discussion: https://github.com/cloudfoundry-incubator/kubecf/pull/1223 --- -# Request for Discussion +# RFD 0 Request for Discussion The goal is to have an constructive discussion within the team about an idea and capture it in a document known by RFD. From d7e5e80842fc4c2cbeee5ad86f5523cba6f178e3 Mon Sep 17 00:00:00 2001 From: Jaime Gomes Date: Thu, 8 Oct 2020 21:17:57 +0200 Subject: [PATCH 10/14] add RFD 0 and a link to the process and states. --- doc/rfd/README.md | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/doc/rfd/README.md b/doc/rfd/README.md index d3e32bda76..c09df7f8a7 100644 --- a/doc/rfd/README.md +++ b/doc/rfd/README.md @@ -3,8 +3,13 @@ | state | RFD | | --------- | ------------------------------------------------------------- | +| publish | [RFD 0 Request for Discussion](./rfd/0000/README.md) | | abandoned | [RFD 1 Record architecture decisions](./rfd/0001/README.md) | | publish | [RFD 2 Git Commit Messages](./rfd/0002/README.md) | | publish | [RFD 3 Deprecate Bazel](./rfd/0003/README.md) | | publish | [RFD 4 Upgrade Testing Methodology When Releasing](./rfd/0004/README.md) | | publish | [RFD 5 Limit the Languages, Data Formats, and Tools Used by KubeCF](./rfd/0005/README.md) | + +## Introduction + +To know the RFD process and states please visit the [RFD 0](./rfd/0000/README.md). From 5f7553320bfdf3d7466e2da56e0e4406e5a3b66f Mon Sep 17 00:00:00 2001 From: Jan Dubois Date: Thu, 8 Oct 2020 13:04:55 -0700 Subject: [PATCH 11/14] Use default stack list to compute imagelist.txt Only disable cflinuxfs3 when Eirini is enabled. Otherwise we will be missing all the default stack images. --- scripts/image_list.rb | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/scripts/image_list.rb b/scripts/image_list.rb index 430fbeb897..708ac2a9a3 100644 --- a/scripts/image_list.rb +++ b/scripts/image_list.rb @@ -91,7 +91,9 @@ def initialize(chart:, values:) # Provide required value to avoid schema validation failure values['system_domain'] = 'example.com' # Eirini will throw an error unless a compatible stack is selected - values['install_stacks'] = ['sle15'] + if values['features']['eirini']['enabled'] + values['install_stacks'] = ['sle15'] + end Tempfile.open(['values-', '.yaml']) do |values_file| values_file.write values.to_yaml values_file.close From 6744838b5442e8280e922c904b1038da0cabe333 Mon Sep 17 00:00:00 2001 From: Andreas Kupries Date: Thu, 8 Oct 2020 15:41:50 -0700 Subject: [PATCH 12/14] fix: disable routing api under eirini, not supported - Flag defaults to null now - Feature handling sets proper default per chosen scheduler - Reject user trying to force things - Values schema updated - Image lister has to skip the forbidden permutation. --- chart/config/unsupported.yaml | 3 +++ chart/templates/_features.tpl | 4 ++++ chart/values.schema.yaml | 9 +++++++++ chart/values.yaml | 3 ++- scripts/image_list.rb | 3 +++ 5 files changed, 21 insertions(+), 1 deletion(-) diff --git a/chart/config/unsupported.yaml b/chart/config/unsupported.yaml index 9222d61958..c9988ca820 100644 --- a/chart/config/unsupported.yaml +++ b/chart/config/unsupported.yaml @@ -10,6 +10,9 @@ unsupported: Don't use properties.diego-cell.garden.grootfs.reserved_space_for_other_jobs_in_mb. Use sizing.diego_cell.ephemeral_disk.size to set the amount of disk available to the cell. + features.routing_api.enabled && features.eirini.enabled: | + Cannot activate routing-api for eirini. It is not yet supported by this scheduler. + features.embedded_database.enabled && features.external_database.enabled: | Cannot simultaneously activate both features.embedded_database and features.external_database. diff --git a/chart/templates/_features.tpl b/chart/templates/_features.tpl index 20521da766..4e7f8a2a54 100644 --- a/chart/templates/_features.tpl +++ b/chart/templates/_features.tpl @@ -13,4 +13,8 @@ {{- else }} {{- $_ := merge $.Values (dict "features" (dict "external_blobstore" (dict "enabled" false))) }} {{- end}} + {{- /* Fix routing_api to proper (per-scheduler) default when not overriden by user */}} + {{- if kindIs "invalid" $.Values.features.routing_api.enabled }} + {{- $_ := set $.Values.features.routing_api "enabled" (not $.Values.features.eirini.enabled) }} + {{- end }} {{- end }} diff --git a/chart/values.schema.yaml b/chart/values.schema.yaml index 55ab64b3ca..8d2bb11ddd 100644 --- a/chart/values.schema.yaml +++ b/chart/values.schema.yaml @@ -306,6 +306,15 @@ properties: password: {type: string} additionalProperties: false additionalProperties: false + + routing_api: + type: object + properties: + enabled: + oneOf: + - type: boolean + - type: 'null' + additionalProperties: type: object properties: diff --git a/chart/values.yaml b/chart/values.yaml index 9c819cc0a1..0814171b8d 100644 --- a/chart/values.yaml +++ b/chart/values.yaml @@ -348,7 +348,8 @@ features: routing_api: # Enable the routing API. Disabling this will also disable TCP routing, which is used for TCP # port forwarding. - enabled: true + # Enabled by default, except under Eirini, where the routing-api is not (yet) supported. + enabled: ~ embedded_database: # Enable the embedded database. If this is disabled, then features.external_database should be # configured to use an external database. diff --git a/scripts/image_list.rb b/scripts/image_list.rb index 708ac2a9a3..53edf69079 100644 --- a/scripts/image_list.rb +++ b/scripts/image_list.rb @@ -93,6 +93,9 @@ def initialize(chart:, values:) # Eirini will throw an error unless a compatible stack is selected if values['features']['eirini']['enabled'] values['install_stacks'] = ['sle15'] + # Chart will throw an error when trying to use both eirini and + # routing_api. Avoid. + values['features']['routing_api']['enabled'] = false end Tempfile.open(['values-', '.yaml']) do |values_file| values_file.write values.to_yaml From e66448ca5b26ce2bbf9f928b7cbe7e46994cafbc Mon Sep 17 00:00:00 2001 From: Jan Dubois Date: Thu, 8 Oct 2020 17:13:33 -0700 Subject: [PATCH 13/14] Trigger CI From d5e2760eb0a6a357137f0ed7384c6d1132b8d65d Mon Sep 17 00:00:00 2001 From: CFContainerizationBot Date: Fri, 9 Oct 2020 17:32:14 +0000 Subject: [PATCH 14/14] feat: bump cf-operator https://s3.amazonaws.com/cf-operators/release/helm-charts/cf-operator-6.1.17%2B0.gec409fd7.tgz 6.1.17%2B0.gec409fd7 --- dependencies.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/dependencies.yaml b/dependencies.yaml index ab5078388d..5e9636a949 100644 --- a/dependencies.yaml +++ b/dependencies.yaml @@ -103,9 +103,9 @@ binaries: # Additional files we need to download; see http_file() invocation in WORKSPACE. external_files: cf_operator: - sha256: cb8893522bd1b81878186d866becb01bcc67f6c7dacb71e3e0a6e48e9b014410 + sha256: 9d4f8219a204b7f0b90170c4289b0df80e6da350f8941f047bc6e873ba22ad4c url: https://s3.amazonaws.com/cf-operators/release/helm-charts/cf-operator-{version}.tgz - version: 6.1.15%2B0.g89a56300 + version: 6.1.17%2B0.gec409fd7 kube_dashboard: sha256: f849252870818a2971dfc3c4f8a8c5f58a57606bc2b5f221d7ab693e1d1190e0 url: https://raw.githubusercontent.com/kubernetes/dashboard/{version}/aio/deploy/recommended.yaml