(for Release Integration Engineers)

Maintaining cf-for-k8s

This document is intended for cf-for-k8s maintainers.


see “Dependencies”.

Smoke tests

see “Running Smoke Tests”.

Directory structure

  • config/ includes all necessary configuration for CF
    • <component>/*.yml cf-for-k8s specific configuration of component
    • <component>/_ytt_lib/ unmodified configuration fetched from components' repos (controlled via /vendir.yml)
    • values/00-values.yml specifies all possible data values used
    • *.yml configuration that glue components together
  • build/ includes building instructions for components that do not provide plain YAML or ytt templates
    • this directory is only used by cf-for-k8s maintainers
    • <component>/ in each sub-directory has specific build instructions
      • These scripts take no arguments and can be run from any directory
      • Each also runs kbld, which verifies that every image reference includes its digest
    • <component>/_vendir contains the unmodified configuration fetched from the component’s repo (controlled via /vendir.yml)
      • The structure under each component varies depending on the component’s own helm chart
    • Every <component>/ directory contains a values file used to configure helm; sometimes it’s called values.yml, but the name is always used explicitly in
    • All the components use helm to generate yaml manifests except istio, which is using its own istioctl manifest generate command

Image References

Image references are expected to use an image SHA digest. If using kbld to build images as suggested in the component development flow, the image reference should include the digest by default.

Update Example

Suppose we want to update eirini from version A to B.

  1. First update the tag field in vendir.yml under path: build/eirini/_vendir. It should currently be set to whatever the value of A is; change this to B and save the file.

  2. Run vendir sync. This should update the contents of the _vendir subdirectory of build/eirini

  3. Change to build/eirini

  4. Review local changes by running git diff _vendir/eirini/

  5. Run ./

  6. Change back to the main directory (cd ../../), kapp deploy the new version of eirini, and if everything’s good you can commit the local changes.

Pipeline Updates

The pipeline code in ci/tasks/bump-core-component/ does the above generically:

  1. It sets the tag to either the explicit release tag (e.g. v1.9.0) or a git commit SHA

  2. It updates the tag field in vendir.yml

  3. It runs vendir sync

  4. It runs if it exists

  5. It finally does a git commit to bump the new version


  • alias k=kubectl
    • useful alias
  • kubectl get pod -A -o custom-columns=',INITCONS:spec.initContainers[*].image,CONS:spec.containers[*].image'
    • show all used images in pods

CF for K8s version: v4.1.0