Name: copilot
Owner: Cloud Foundry
Description: Supplies data from Cloud Controller and Diego for consumption by Istio Pilot
Created: 2017-11-09 18:49:30.0
Updated: 2018-05-22 18:51:45.0
Pushed: 2018-05-22 18:51:44.0
Size: 309
Language: Go
GitHub Committers
User | Most Recent Commit | # Commits |
---|
Other Committers
User | Most Recent Commit | # Commits |
---|
To help Istio Pilot work with Cloud Foundry
You probably want to deploy this using Istio Release.
To get started:
clone https://github.com/cloudfoundry/copilot.git
opilot
et github.com/onsi/ginkgo/ginkgo
et github.com/golang/dep/cmd/dep
ensure
To run the tests:
go -r -p -race
To compile the server:
uild code.cloudfoundry.org/copilot/cmd/copilot-server
We are using a generic grpc client to interact with cloud controller grpc service (installation instructions below)
If you are developing locally, you can install grpcurl
et -u github.com/fullstorydev/grpcurl
If you are using a cloudfoundry
sudo su
/var/vcap/packages/grpcurl/bin/grpcurl
/var/vcap/jobs/pilot-discovery/config/certs/
ush ...
The following example assumes the “web” process type, but you can replace that with another type if you know what you're doing.
rt CAPI_PROCESS_GUID=$(cf curl "/v3/apps/$(cf curl "/v3/apps" | jq -r '.resources[] | select(.name == "<app-name>") | .guid')/processes" | jq -r '.resources[] | select(.type == "web") | .guid')
The CAPI Process GUID is not sufficient for routing. If you want to map/delete a route, you'll need the entire <capi-process-guid>-<version>
concatenation (the “Diego Process GUID”):
rt APP_GUID=$(cf app <my-app> --guid) # to obtain the application guid
rt CAPI_PROCESS_VERSION=$(cf curl /v2/apps/$APP_GUID | jq -r .entity.version) # to obtain the version
rt DIEGO_PROCESS_GUID="$CAPI_PROCESS_GUID-$CAPI_PROCESS_VERSION"
Given an existing route in cloud controller…
rt CAPI_ROUTE_GUID=$(cf curl /v2/routes | jq -r '.resources[] | select(.entity.host == "<hostname-of-existing-route>").metadata.guid')
(running from /var/vcap/jobs/pilot-discovery/config/certs
)
/vcap/packages/grpcurl/bin/grpcurl -cacert ./ca.crt \
ey ./client.key \
ert ./client.crt \
'{"route": {"host": "example.com", "guid": "route-guid-a"}}' \
pilot.service.cf.internal:9001 \
i.CloudControllerCopilot/UpsertRoute
(running from /var/vcap/jobs/pilot-discovery/config/certs
)
/vcap/packages/grpcurl/bin/grpcurl -cacert ./ca.crt \
ey ./client.key \
ert ./client.crt \
'{"route_mapping": {"route_guid": "route-guid-a", "capi_process_guid": "capi_guid_1"}}' \
pilot.service.cf.internal:9001 \
i.CloudControllerCopilot/MapRoute
(running from /var/vcap/jobs/pilot-discovery/config/certs
)
/vcap/packages/grpcurl/bin/grpcurl -cacert ./ca.crt \
ey ./client.key \
ert ./client.crt \
'{"capi_diego_process_association": {"capi_process_guid": "capi_guid_1", "diego_process_guids": ["diego_guid_1"]}}' \
pilot.service.cf.internal:9001 \
i.CloudControllerCopilot/UpsertCapiDiegoProcessAssociation
(running from /var/vcap/jobs/pilot-discovery/config/certs
)
/vcap/packages/grpcurl/bin/grpcurl -cacert ./ca.crt \
ey ./client.key \
ert ./client.crt \
pilot.service.cf.internal:9000 \
i.IstioCopilot/Routes
(running from /var/vcap/jobs/pilot-discovery/config/certs
)
/vcap/packages/grpcurl/bin/grpcurl -cacert ./ca.crt \
ey ./client.key \
ert ./client.crt \
'{"capi_process_guid": "capi_guid_1"}' \
pilot.service.cf.internal:9001 \
i.CloudControllerCopilot/DeleteCapiDiegoProcessAssociation
(running from /var/vcap/jobs/pilot-discovery/config/certs
)
/vcap/packages/grpcurl/bin/grpcurl -cacert ./ca.crt \
ey ./client.key \
ert ./client.crt \
'{"route_mapping": {"capi_process_guid": "capi_guid_1", "route_guid": "route-guid-a"}}' \
pilot.service.cf.internal:9001 \
i.CloudControllerCopilot/UnmapRoute
(running from /var/vcap/jobs/pilot-discovery/config/certs
)
/vcap/packages/grpcurl/bin/grpcurl -cacert ./ca.crt \
ey ./client.key \
ert ./client.crt \
'{"guid": "route-guid-a"}' \
pilot.service.cf.internal:9001 \
i.CloudControllerCopilot/DeleteRoute
(running from /var/vcap/jobs/pilot-discovery/config/certs
)
/vcap/packages/grpcurl/bin/grpcurl -cacert ./ca.crt \
ey ./client.key \
ert ./client.crt \
'{"route_mappings": [{"route_guid": "route-guid-1", "capi_process_guid": "capi-guid-1"}, \
outes": [{"host": "example.org", "guid": "route-guid-1"}], \
api_diego_process_associations": [{"capi_process_guid": "capi-guid-1", "diego_process_guids": ["diego-guid-1", "diego-guid-2"]}]}' \
pilot.service.cf.internal:9001 \
i.CloudControllerCopilot/BulkSync
(running from /var/vcap/jobs/pilot-discovery/config/certs
)
/vcap/packages/grpcurl/bin/grpcurl -cacert ./ca.crt \
ey ./client.key \
ert ./client.crt \
pilot.service.cf.internal:9001 \
i.CloudControllerCopilot/ListCfRoutes
(running from /var/vcap/jobs/pilot-discovery/config/certs
)
/vcap/packages/grpcurl/bin/grpcurl -cacert ./ca.crt \
ey ./client.key \
ert ./client.crt \
pilot.service.cf.internal:9001 \
i.CloudControllerCopilot/ListCfRouteMappings
(running from /var/vcap/jobs/pilot-discovery/config/certs
)
/vcap/packages/grpcurl/bin/grpcurl -cacert ./ca.crt \
ey ./client.key \
ert ./client.crt \
pilot.service.cf.internal:9001 \
i.CloudControllerCopilot/ListCapiDiegoProcessAssociations
To open an ssh against a copilot running in a cloud foundry:
ssh -f -L 9000:$COPILOT_IP:9000 jumpbox@$(bbl jumpbox-address) -i $JUMPBOX_PRIVATE_KEY sleep 600
this will open a tunnel for 10 minutescopilot.listen_address
is 0.0.0.0:9000
and not 127.0.0.1:9000
Now you are ready to start your own pilot:
bosh scp -r istio:/var/vcap/jobs/pilot-discovery/config /tmp/config
/tmp/config/cf_config.yml
so the IP address matches your tunnel and the cert file paths point to /tmp/configgo get -u github.com/derekparker/delve/cmd/dlv
dlv debug ./pilot/cmd/pilot-discovery/main.go -- discovery --configDir=/dev/null --registries=CloudFoundry --cfConfig=/users/pivotal/downloads/config/cf_config.yml --meshConfig=/dev/null