Skip to content

Commit

Permalink
refactor: containerd config registry host file to cse
Browse files Browse the repository at this point in the history
  • Loading branch information
@bingosummer
bingosummer committed Dec 9, 2024
1 parent c0f8cc2 commit 1a460d1
Show file tree
Hide file tree
Showing 175 changed files with 873 additions and 109 deletions.
10 changes: 10 additions & 0 deletions parts/linux/cloud-init/artifacts/cse_config.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -343,6 +343,16 @@ EOF
echo "${CONTAINERD_CONFIG_CONTENT}" | base64 -d > /etc/containerd/config.toml || exit $ERR_FILE_WATCH_TIMEOUT
fi

# TODO(binxi): need to update for sovereign cloud.
CONTAINERD_CONFIG_REGISTRY_HOST_MCR="/etc/containerd/certs.d/mcr.microsoft.com/hosts.toml"
mkdir -p "$(dirname "${CONTAINERD_CONFIG_REGISTRY_HOST_MCR}")"
touch "${CONTAINERD_CONFIG_REGISTRY_HOST_MCR}"
chmod 0644 "${CONTAINERD_CONFIG_REGISTRY_HOST_MCR}"
tee "${CONTAINERD_CONFIG_REGISTRY_HOST_MCR}" > /dev/null <<EOF
[host."https://${BOOTSTRAP_PROFILE_CONTAINER_REGISTRY_SERVER}"]
capabilities = ["pull", "resolve"]
EOF

tee "/etc/sysctl.d/99-force-bridge-forward.conf" > /dev/null <<EOF
net.ipv4.ip_forward = 1
net.ipv4.conf.all.forwarding = 1
Expand Down
12 changes: 1 addition & 11 deletions parts/linux/cloud-init/nodecustomdata.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -421,14 +421,4 @@ write_files:
encoding: gzip
owner: root
content: !!binary |
{{GetVariableProperty "cloudInitData" "customSearchDomainsScript"}}

{{- if (ne GetBootstrapProfileContainerRegistryServer "") }}
# TODO(binxi): need to update for sovereign cloud.
- path: /etc/containerd/certs.d/mcr.microsoft.com/hosts.toml
permissions: "0644"
owner: root
content: |
[host."https://{{GetBootstrapProfileContainerRegistryServer}}"]
capabilities = ["pull", "resolve"]
{{- end}}
{{GetVariableProperty "cloudInitData" "customSearchDomainsScript"}}
6 changes: 1 addition & 5 deletions pkg/agent/baker_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1598,11 +1598,7 @@ oom_score = 0
ContainerRegistryServer: "testserver.azurecr.io",
},
}
}, func(o *nodeBootstrappingOutput) {
containerdConfigFileContent := o.files["/etc/containerd/certs.d/mcr.microsoft.com/hosts.toml"].value
Expect(strings.Contains(containerdConfigFileContent, "[host.\"https://testserver.azurecr.io\"]")).To(BeTrue())
Expect(strings.Contains(containerdConfigFileContent, "capabilities = [\"pull\", \"resolve\"]")).To(BeTrue())
}),
}, nil),
Entry("AKSUbuntu2204 IMDSRestriction with enable restriction and insert to mangle table", "AKSUbuntu2204+IMDSRestrictionOnWithMangleTable", "1.24.2",
func(config *datamodel.NodeBootstrappingConfiguration) {
config.EnableIMDSRestriction = true
Expand Down
2 changes: 1 addition & 1 deletion pkg/agent/testdata/AKSUbuntu1604+Containerd/CustomData
View file

Large diffs are not rendered by default.

9 changes: 9 additions & 0 deletions pkg/agent/testdata/AKSUbuntu1604+Containerd/line70.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -327,6 +327,15 @@ EOF
echo "${CONTAINERD_CONFIG_CONTENT}" | base64 -d > /etc/containerd/config.toml || exit $ERR_FILE_WATCH_TIMEOUT
fi

CONTAINERD_CONFIG_REGISTRY_HOST_MCR="/etc/containerd/certs.d/mcr.microsoft.com/hosts.toml"
mkdir -p "$(dirname "${CONTAINERD_CONFIG_REGISTRY_HOST_MCR}")"
touch "${CONTAINERD_CONFIG_REGISTRY_HOST_MCR}"
chmod 0644 "${CONTAINERD_CONFIG_REGISTRY_HOST_MCR}"
tee "${CONTAINERD_CONFIG_REGISTRY_HOST_MCR}" > /dev/null <<EOF
[host."https://${BOOTSTRAP_PROFILE_CONTAINER_REGISTRY_SERVER}"]
capabilities = ["pull", "resolve"]
EOF

tee "/etc/sysctl.d/99-force-bridge-forward.conf" > /dev/null <<EOF
net.ipv4.ip_forward = 1
net.ipv4.conf.all.forwarding = 1
Expand Down
2 changes: 1 addition & 1 deletion pkg/agent/testdata/AKSUbuntu1604+CustomKubeletConfig+CustomLinuxOSConfig/CustomData
View file

Large diffs are not rendered by default.

9 changes: 9 additions & 0 deletions pkg/agent/testdata/AKSUbuntu1604+CustomKubeletConfig+CustomLinuxOSConfig/line70.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -327,6 +327,15 @@ EOF
echo "${CONTAINERD_CONFIG_CONTENT}" | base64 -d > /etc/containerd/config.toml || exit $ERR_FILE_WATCH_TIMEOUT
fi

CONTAINERD_CONFIG_REGISTRY_HOST_MCR="/etc/containerd/certs.d/mcr.microsoft.com/hosts.toml"
mkdir -p "$(dirname "${CONTAINERD_CONFIG_REGISTRY_HOST_MCR}")"
touch "${CONTAINERD_CONFIG_REGISTRY_HOST_MCR}"
chmod 0644 "${CONTAINERD_CONFIG_REGISTRY_HOST_MCR}"
tee "${CONTAINERD_CONFIG_REGISTRY_HOST_MCR}" > /dev/null <<EOF
[host."https://${BOOTSTRAP_PROFILE_CONTAINER_REGISTRY_SERVER}"]
capabilities = ["pull", "resolve"]
EOF

tee "/etc/sysctl.d/99-force-bridge-forward.conf" > /dev/null <<EOF
net.ipv4.ip_forward = 1
net.ipv4.conf.all.forwarding = 1
Expand Down
2 changes: 1 addition & 1 deletion pkg/agent/testdata/AKSUbuntu1604+CustomKubeletConfig+DynamicKubeletConfig/CustomData
View file

Large diffs are not rendered by default.

9 changes: 9 additions & 0 deletions pkg/agent/testdata/AKSUbuntu1604+CustomKubeletConfig+DynamicKubeletConfig/line70.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -327,6 +327,15 @@ EOF
echo "${CONTAINERD_CONFIG_CONTENT}" | base64 -d > /etc/containerd/config.toml || exit $ERR_FILE_WATCH_TIMEOUT
fi

CONTAINERD_CONFIG_REGISTRY_HOST_MCR="/etc/containerd/certs.d/mcr.microsoft.com/hosts.toml"
mkdir -p "$(dirname "${CONTAINERD_CONFIG_REGISTRY_HOST_MCR}")"
touch "${CONTAINERD_CONFIG_REGISTRY_HOST_MCR}"
chmod 0644 "${CONTAINERD_CONFIG_REGISTRY_HOST_MCR}"
tee "${CONTAINERD_CONFIG_REGISTRY_HOST_MCR}" > /dev/null <<EOF
[host."https://${BOOTSTRAP_PROFILE_CONTAINER_REGISTRY_SERVER}"]
capabilities = ["pull", "resolve"]
EOF

tee "/etc/sysctl.d/99-force-bridge-forward.conf" > /dev/null <<EOF
net.ipv4.ip_forward = 1
net.ipv4.conf.all.forwarding = 1
Expand Down
2 changes: 1 addition & 1 deletion pkg/agent/testdata/AKSUbuntu1604+Disable1804SystemdResolved=false/CustomData
View file

Large diffs are not rendered by default.

9 changes: 9 additions & 0 deletions pkg/agent/testdata/AKSUbuntu1604+Disable1804SystemdResolved=false/line70.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -327,6 +327,15 @@ EOF
echo "${CONTAINERD_CONFIG_CONTENT}" | base64 -d > /etc/containerd/config.toml || exit $ERR_FILE_WATCH_TIMEOUT
fi

CONTAINERD_CONFIG_REGISTRY_HOST_MCR="/etc/containerd/certs.d/mcr.microsoft.com/hosts.toml"
mkdir -p "$(dirname "${CONTAINERD_CONFIG_REGISTRY_HOST_MCR}")"
touch "${CONTAINERD_CONFIG_REGISTRY_HOST_MCR}"
chmod 0644 "${CONTAINERD_CONFIG_REGISTRY_HOST_MCR}"
tee "${CONTAINERD_CONFIG_REGISTRY_HOST_MCR}" > /dev/null <<EOF
[host."https://${BOOTSTRAP_PROFILE_CONTAINER_REGISTRY_SERVER}"]
capabilities = ["pull", "resolve"]
EOF

tee "/etc/sysctl.d/99-force-bridge-forward.conf" > /dev/null <<EOF
net.ipv4.ip_forward = 1
net.ipv4.conf.all.forwarding = 1
Expand Down
2 changes: 1 addition & 1 deletion pkg/agent/testdata/AKSUbuntu1604+Disable1804SystemdResolved=true/CustomData
View file

Large diffs are not rendered by default.

9 changes: 9 additions & 0 deletions pkg/agent/testdata/AKSUbuntu1604+Disable1804SystemdResolved=true/line70.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -327,6 +327,15 @@ EOF
echo "${CONTAINERD_CONFIG_CONTENT}" | base64 -d > /etc/containerd/config.toml || exit $ERR_FILE_WATCH_TIMEOUT
fi

CONTAINERD_CONFIG_REGISTRY_HOST_MCR="/etc/containerd/certs.d/mcr.microsoft.com/hosts.toml"
mkdir -p "$(dirname "${CONTAINERD_CONFIG_REGISTRY_HOST_MCR}")"
touch "${CONTAINERD_CONFIG_REGISTRY_HOST_MCR}"
chmod 0644 "${CONTAINERD_CONFIG_REGISTRY_HOST_MCR}"
tee "${CONTAINERD_CONFIG_REGISTRY_HOST_MCR}" > /dev/null <<EOF
[host."https://${BOOTSTRAP_PROFILE_CONTAINER_REGISTRY_SERVER}"]
capabilities = ["pull", "resolve"]
EOF

tee "/etc/sysctl.d/99-force-bridge-forward.conf" > /dev/null <<EOF
net.ipv4.ip_forward = 1
net.ipv4.conf.all.forwarding = 1
Expand Down
2 changes: 1 addition & 1 deletion pkg/agent/testdata/AKSUbuntu1604+Docker/CustomData
View file

Large diffs are not rendered by default.

9 changes: 9 additions & 0 deletions pkg/agent/testdata/AKSUbuntu1604+Docker/line70.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -327,6 +327,15 @@ EOF
echo "${CONTAINERD_CONFIG_CONTENT}" | base64 -d > /etc/containerd/config.toml || exit $ERR_FILE_WATCH_TIMEOUT
fi

CONTAINERD_CONFIG_REGISTRY_HOST_MCR="/etc/containerd/certs.d/mcr.microsoft.com/hosts.toml"
mkdir -p "$(dirname "${CONTAINERD_CONFIG_REGISTRY_HOST_MCR}")"
touch "${CONTAINERD_CONFIG_REGISTRY_HOST_MCR}"
chmod 0644 "${CONTAINERD_CONFIG_REGISTRY_HOST_MCR}"
tee "${CONTAINERD_CONFIG_REGISTRY_HOST_MCR}" > /dev/null <<EOF
[host."https://${BOOTSTRAP_PROFILE_CONTAINER_REGISTRY_SERVER}"]
capabilities = ["pull", "resolve"]
EOF

tee "/etc/sysctl.d/99-force-bridge-forward.conf" > /dev/null <<EOF
net.ipv4.ip_forward = 1
net.ipv4.conf.all.forwarding = 1
Expand Down
2 changes: 1 addition & 1 deletion pkg/agent/testdata/AKSUbuntu1604+DynamicKubeletConfig/CustomData
View file

Large diffs are not rendered by default.

9 changes: 9 additions & 0 deletions pkg/agent/testdata/AKSUbuntu1604+DynamicKubeletConfig/line70.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -327,6 +327,15 @@ EOF
echo "${CONTAINERD_CONFIG_CONTENT}" | base64 -d > /etc/containerd/config.toml || exit $ERR_FILE_WATCH_TIMEOUT
fi

CONTAINERD_CONFIG_REGISTRY_HOST_MCR="/etc/containerd/certs.d/mcr.microsoft.com/hosts.toml"
mkdir -p "$(dirname "${CONTAINERD_CONFIG_REGISTRY_HOST_MCR}")"
touch "${CONTAINERD_CONFIG_REGISTRY_HOST_MCR}"
chmod 0644 "${CONTAINERD_CONFIG_REGISTRY_HOST_MCR}"
tee "${CONTAINERD_CONFIG_REGISTRY_HOST_MCR}" > /dev/null <<EOF
[host."https://${BOOTSTRAP_PROFILE_CONTAINER_REGISTRY_SERVER}"]
capabilities = ["pull", "resolve"]
EOF

tee "/etc/sysctl.d/99-force-bridge-forward.conf" > /dev/null <<EOF
net.ipv4.ip_forward = 1
net.ipv4.conf.all.forwarding = 1
Expand Down
2 changes: 1 addition & 1 deletion pkg/agent/testdata/AKSUbuntu1604+EnablePrivateClusterHostsConfigAgent/CustomData
View file

Large diffs are not rendered by default.

9 changes: 9 additions & 0 deletions pkg/agent/testdata/AKSUbuntu1604+EnablePrivateClusterHostsConfigAgent/line70.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -327,6 +327,15 @@ EOF
echo "${CONTAINERD_CONFIG_CONTENT}" | base64 -d > /etc/containerd/config.toml || exit $ERR_FILE_WATCH_TIMEOUT
fi

CONTAINERD_CONFIG_REGISTRY_HOST_MCR="/etc/containerd/certs.d/mcr.microsoft.com/hosts.toml"
mkdir -p "$(dirname "${CONTAINERD_CONFIG_REGISTRY_HOST_MCR}")"
touch "${CONTAINERD_CONFIG_REGISTRY_HOST_MCR}"
chmod 0644 "${CONTAINERD_CONFIG_REGISTRY_HOST_MCR}"
tee "${CONTAINERD_CONFIG_REGISTRY_HOST_MCR}" > /dev/null <<EOF
[host."https://${BOOTSTRAP_PROFILE_CONTAINER_REGISTRY_SERVER}"]
capabilities = ["pull", "resolve"]
EOF

tee "/etc/sysctl.d/99-force-bridge-forward.conf" > /dev/null <<EOF
net.ipv4.ip_forward = 1
net.ipv4.conf.all.forwarding = 1
Expand Down
2 changes: 1 addition & 1 deletion pkg/agent/testdata/AKSUbuntu1604+GPUDedicatedVHD/CustomData
View file

Large diffs are not rendered by default.

9 changes: 9 additions & 0 deletions pkg/agent/testdata/AKSUbuntu1604+GPUDedicatedVHD/line70.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -327,6 +327,15 @@ EOF
echo "${CONTAINERD_CONFIG_CONTENT}" | base64 -d > /etc/containerd/config.toml || exit $ERR_FILE_WATCH_TIMEOUT
fi

CONTAINERD_CONFIG_REGISTRY_HOST_MCR="/etc/containerd/certs.d/mcr.microsoft.com/hosts.toml"
mkdir -p "$(dirname "${CONTAINERD_CONFIG_REGISTRY_HOST_MCR}")"
touch "${CONTAINERD_CONFIG_REGISTRY_HOST_MCR}"
chmod 0644 "${CONTAINERD_CONFIG_REGISTRY_HOST_MCR}"
tee "${CONTAINERD_CONFIG_REGISTRY_HOST_MCR}" > /dev/null <<EOF
[host."https://${BOOTSTRAP_PROFILE_CONTAINER_REGISTRY_SERVER}"]
capabilities = ["pull", "resolve"]
EOF

tee "/etc/sysctl.d/99-force-bridge-forward.conf" > /dev/null <<EOF
net.ipv4.ip_forward = 1
net.ipv4.conf.all.forwarding = 1
Expand Down
2 changes: 1 addition & 1 deletion pkg/agent/testdata/AKSUbuntu1604+K8S115/CustomData
View file

Large diffs are not rendered by default.

9 changes: 9 additions & 0 deletions pkg/agent/testdata/AKSUbuntu1604+K8S115/line70.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -327,6 +327,15 @@ EOF
echo "${CONTAINERD_CONFIG_CONTENT}" | base64 -d > /etc/containerd/config.toml || exit $ERR_FILE_WATCH_TIMEOUT
fi

CONTAINERD_CONFIG_REGISTRY_HOST_MCR="/etc/containerd/certs.d/mcr.microsoft.com/hosts.toml"
mkdir -p "$(dirname "${CONTAINERD_CONFIG_REGISTRY_HOST_MCR}")"
touch "${CONTAINERD_CONFIG_REGISTRY_HOST_MCR}"
chmod 0644 "${CONTAINERD_CONFIG_REGISTRY_HOST_MCR}"
tee "${CONTAINERD_CONFIG_REGISTRY_HOST_MCR}" > /dev/null <<EOF
[host."https://${BOOTSTRAP_PROFILE_CONTAINER_REGISTRY_SERVER}"]
capabilities = ["pull", "resolve"]
EOF

tee "/etc/sysctl.d/99-force-bridge-forward.conf" > /dev/null <<EOF
net.ipv4.ip_forward = 1
net.ipv4.conf.all.forwarding = 1
Expand Down
Loading

0 comments on commit 1a460d1

Please sign in to comment.