Skip to content

Commit

Permalink
feat: Update containerd config to support cache rule prefix in networ…
Browse files Browse the repository at this point in the history 
…k isolated cluster (#5918)
  • Loading branch information
@bingosummer
bingosummer authored Feb 27, 2025
1 parent 4f98a13 commit cfcf937
Show file tree
Hide file tree
Showing 276 changed files with 2,466 additions and 635 deletions.
4 changes: 3 additions & 1 deletion parts/linux/cloud-init/artifacts/cse_config.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -347,9 +347,11 @@ configureContainerdRegistryHost() {
mkdir -p "$(dirname "${CONTAINERD_CONFIG_REGISTRY_HOST_MCR}")"
touch "${CONTAINERD_CONFIG_REGISTRY_HOST_MCR}"
chmod 0644 "${CONTAINERD_CONFIG_REGISTRY_HOST_MCR}"
CONTAINER_REGISTRY_URL=$(sed 's@/@/v2/@1' <<< "${BOOTSTRAP_PROFILE_CONTAINER_REGISTRY_SERVER}/")
tee "${CONTAINERD_CONFIG_REGISTRY_HOST_MCR}" > /dev/null <<EOF
[host."https://${BOOTSTRAP_PROFILE_CONTAINER_REGISTRY_SERVER}"]
[host."https://${CONTAINER_REGISTRY_URL%/}"]
capabilities = ["pull", "resolve"]
override_path = true
EOF
}

Expand Down
8 changes: 4 additions & 4 deletions parts/linux/cloud-init/artifacts/cse_main.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -72,11 +72,11 @@ if [[ "${SHOULD_CONFIGURE_CUSTOM_CA_TRUST}" == "true" ]]; then
logs_to_events "AKS.CSE.configureCustomCaCertificate" configureCustomCaCertificate || exit $ERR_UPDATE_CA_CERTS
fi

domain_name="mcr.microsoft.com"
registry_domain_name="mcr.microsoft.com"
if [[ -n ${BOOTSTRAP_PROFILE_CONTAINER_REGISTRY_SERVER} ]]; then
domain_name="${BOOTSTRAP_PROFILE_CONTAINER_REGISTRY_SERVER%/}"
registry_domain_name="${BOOTSTRAP_PROFILE_CONTAINER_REGISTRY_SERVER%%/*}"
fi
verify_DNS_health $domain_name || exit $ERR_DNS_HEALTH_FAIL
verify_DNS_health $registry_domain_name || exit $ERR_DNS_HEALTH_FAIL

if [[ -n "${OUTBOUND_COMMAND}" ]]; then
if [[ -n "${PROXY_VARS}" ]]; then
Expand All @@ -97,7 +97,7 @@ if [[ ${ID} != "mariner" ]] && [[ ${ID} != "azurelinux" ]]; then
fi

if [[ -n ${BOOTSTRAP_PROFILE_CONTAINER_REGISTRY_SERVER} ]]; then
logs_to_events "AKS.CSE.orasLogin.oras_login_with_kubelet_identity" oras_login_with_kubelet_identity "${BOOTSTRAP_PROFILE_CONTAINER_REGISTRY_SERVER%/}" $USER_ASSIGNED_IDENTITY_ID $TENANT_ID || exit $?
logs_to_events "AKS.CSE.orasLogin.oras_login_with_kubelet_identity" oras_login_with_kubelet_identity "${registry_domain_name}" $USER_ASSIGNED_IDENTITY_ID $TENANT_ID || exit $?
fi

export -f should_skip_nvidia_drivers
Expand Down
4 changes: 2 additions & 2 deletions pkg/agent/testdata/AKSUbuntu1604+Containerd/CustomData
View file

Large diffs are not rendered by default.

8 changes: 4 additions & 4 deletions pkg/agent/testdata/AKSUbuntu1604+Containerd/line33.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -66,11 +66,11 @@ if [[ "${SHOULD_CONFIGURE_CUSTOM_CA_TRUST}" == "true" ]]; then
logs_to_events "AKS.CSE.configureCustomCaCertificate" configureCustomCaCertificate || exit $ERR_UPDATE_CA_CERTS
fi

domain_name="mcr.microsoft.com"
registry_domain_name="mcr.microsoft.com"
if [[ -n ${BOOTSTRAP_PROFILE_CONTAINER_REGISTRY_SERVER} ]]; then
domain_name="${BOOTSTRAP_PROFILE_CONTAINER_REGISTRY_SERVER%/}"
registry_domain_name="${BOOTSTRAP_PROFILE_CONTAINER_REGISTRY_SERVER%%/*}"
fi
verify_DNS_health $domain_name || exit $ERR_DNS_HEALTH_FAIL
verify_DNS_health $registry_domain_name || exit $ERR_DNS_HEALTH_FAIL

if [[ -n "${OUTBOUND_COMMAND}" ]]; then
if [[ -n "${PROXY_VARS}" ]]; then
Expand All @@ -90,7 +90,7 @@ if [[ ${ID} != "mariner" ]] && [[ ${ID} != "azurelinux" ]]; then
fi

if [[ -n ${BOOTSTRAP_PROFILE_CONTAINER_REGISTRY_SERVER} ]]; then
logs_to_events "AKS.CSE.orasLogin.oras_login_with_kubelet_identity" oras_login_with_kubelet_identity "${BOOTSTRAP_PROFILE_CONTAINER_REGISTRY_SERVER%/}" $USER_ASSIGNED_IDENTITY_ID $TENANT_ID || exit $?
logs_to_events "AKS.CSE.orasLogin.oras_login_with_kubelet_identity" oras_login_with_kubelet_identity "${registry_domain_name}" $USER_ASSIGNED_IDENTITY_ID $TENANT_ID || exit $?
fi

export -f should_skip_nvidia_drivers
Expand Down
4 changes: 3 additions & 1 deletion pkg/agent/testdata/AKSUbuntu1604+Containerd/line70.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -337,9 +337,11 @@ configureContainerdRegistryHost() {
mkdir -p "$(dirname "${CONTAINERD_CONFIG_REGISTRY_HOST_MCR}")"
touch "${CONTAINERD_CONFIG_REGISTRY_HOST_MCR}"
chmod 0644 "${CONTAINERD_CONFIG_REGISTRY_HOST_MCR}"
CONTAINER_REGISTRY_URL=$(sed 's@/@/v2/@1' <<< "${BOOTSTRAP_PROFILE_CONTAINER_REGISTRY_SERVER}/")
tee "${CONTAINERD_CONFIG_REGISTRY_HOST_MCR}" > /dev/null <<EOF
[host."https://${BOOTSTRAP_PROFILE_CONTAINER_REGISTRY_SERVER}"]
[host."https://${CONTAINER_REGISTRY_URL%/}"]
capabilities = ["pull", "resolve"]
override_path = true
EOF
}

Expand Down
4 changes: 2 additions & 2 deletions pkg/agent/testdata/AKSUbuntu1604+CustomKubeletConfig+CustomLinuxOSConfig/CustomData
View file

Large diffs are not rendered by default.

8 changes: 4 additions & 4 deletions pkg/agent/testdata/AKSUbuntu1604+CustomKubeletConfig+CustomLinuxOSConfig/line33.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -66,11 +66,11 @@ if [[ "${SHOULD_CONFIGURE_CUSTOM_CA_TRUST}" == "true" ]]; then
logs_to_events "AKS.CSE.configureCustomCaCertificate" configureCustomCaCertificate || exit $ERR_UPDATE_CA_CERTS
fi

domain_name="mcr.microsoft.com"
registry_domain_name="mcr.microsoft.com"
if [[ -n ${BOOTSTRAP_PROFILE_CONTAINER_REGISTRY_SERVER} ]]; then
domain_name="${BOOTSTRAP_PROFILE_CONTAINER_REGISTRY_SERVER%/}"
registry_domain_name="${BOOTSTRAP_PROFILE_CONTAINER_REGISTRY_SERVER%%/*}"
fi
verify_DNS_health $domain_name || exit $ERR_DNS_HEALTH_FAIL
verify_DNS_health $registry_domain_name || exit $ERR_DNS_HEALTH_FAIL

if [[ -n "${OUTBOUND_COMMAND}" ]]; then
if [[ -n "${PROXY_VARS}" ]]; then
Expand All @@ -90,7 +90,7 @@ if [[ ${ID} != "mariner" ]] && [[ ${ID} != "azurelinux" ]]; then
fi

if [[ -n ${BOOTSTRAP_PROFILE_CONTAINER_REGISTRY_SERVER} ]]; then
logs_to_events "AKS.CSE.orasLogin.oras_login_with_kubelet_identity" oras_login_with_kubelet_identity "${BOOTSTRAP_PROFILE_CONTAINER_REGISTRY_SERVER%/}" $USER_ASSIGNED_IDENTITY_ID $TENANT_ID || exit $?
logs_to_events "AKS.CSE.orasLogin.oras_login_with_kubelet_identity" oras_login_with_kubelet_identity "${registry_domain_name}" $USER_ASSIGNED_IDENTITY_ID $TENANT_ID || exit $?
fi

export -f should_skip_nvidia_drivers
Expand Down
4 changes: 3 additions & 1 deletion pkg/agent/testdata/AKSUbuntu1604+CustomKubeletConfig+CustomLinuxOSConfig/line70.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -337,9 +337,11 @@ configureContainerdRegistryHost() {
mkdir -p "$(dirname "${CONTAINERD_CONFIG_REGISTRY_HOST_MCR}")"
touch "${CONTAINERD_CONFIG_REGISTRY_HOST_MCR}"
chmod 0644 "${CONTAINERD_CONFIG_REGISTRY_HOST_MCR}"
CONTAINER_REGISTRY_URL=$(sed 's@/@/v2/@1' <<< "${BOOTSTRAP_PROFILE_CONTAINER_REGISTRY_SERVER}/")
tee "${CONTAINERD_CONFIG_REGISTRY_HOST_MCR}" > /dev/null <<EOF
[host."https://${BOOTSTRAP_PROFILE_CONTAINER_REGISTRY_SERVER}"]
[host."https://${CONTAINER_REGISTRY_URL%/}"]
capabilities = ["pull", "resolve"]
override_path = true
EOF
}

Expand Down
4 changes: 2 additions & 2 deletions pkg/agent/testdata/AKSUbuntu1604+CustomKubeletConfig+DynamicKubeletConfig/CustomData
View file

Large diffs are not rendered by default.

8 changes: 4 additions & 4 deletions pkg/agent/testdata/AKSUbuntu1604+CustomKubeletConfig+DynamicKubeletConfig/line33.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -66,11 +66,11 @@ if [[ "${SHOULD_CONFIGURE_CUSTOM_CA_TRUST}" == "true" ]]; then
logs_to_events "AKS.CSE.configureCustomCaCertificate" configureCustomCaCertificate || exit $ERR_UPDATE_CA_CERTS
fi

domain_name="mcr.microsoft.com"
registry_domain_name="mcr.microsoft.com"
if [[ -n ${BOOTSTRAP_PROFILE_CONTAINER_REGISTRY_SERVER} ]]; then
domain_name="${BOOTSTRAP_PROFILE_CONTAINER_REGISTRY_SERVER%/}"
registry_domain_name="${BOOTSTRAP_PROFILE_CONTAINER_REGISTRY_SERVER%%/*}"
fi
verify_DNS_health $domain_name || exit $ERR_DNS_HEALTH_FAIL
verify_DNS_health $registry_domain_name || exit $ERR_DNS_HEALTH_FAIL

if [[ -n "${OUTBOUND_COMMAND}" ]]; then
if [[ -n "${PROXY_VARS}" ]]; then
Expand All @@ -90,7 +90,7 @@ if [[ ${ID} != "mariner" ]] && [[ ${ID} != "azurelinux" ]]; then
fi

if [[ -n ${BOOTSTRAP_PROFILE_CONTAINER_REGISTRY_SERVER} ]]; then
logs_to_events "AKS.CSE.orasLogin.oras_login_with_kubelet_identity" oras_login_with_kubelet_identity "${BOOTSTRAP_PROFILE_CONTAINER_REGISTRY_SERVER%/}" $USER_ASSIGNED_IDENTITY_ID $TENANT_ID || exit $?
logs_to_events "AKS.CSE.orasLogin.oras_login_with_kubelet_identity" oras_login_with_kubelet_identity "${registry_domain_name}" $USER_ASSIGNED_IDENTITY_ID $TENANT_ID || exit $?
fi

export -f should_skip_nvidia_drivers
Expand Down
4 changes: 3 additions & 1 deletion pkg/agent/testdata/AKSUbuntu1604+CustomKubeletConfig+DynamicKubeletConfig/line70.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -337,9 +337,11 @@ configureContainerdRegistryHost() {
mkdir -p "$(dirname "${CONTAINERD_CONFIG_REGISTRY_HOST_MCR}")"
touch "${CONTAINERD_CONFIG_REGISTRY_HOST_MCR}"
chmod 0644 "${CONTAINERD_CONFIG_REGISTRY_HOST_MCR}"
CONTAINER_REGISTRY_URL=$(sed 's@/@/v2/@1' <<< "${BOOTSTRAP_PROFILE_CONTAINER_REGISTRY_SERVER}/")
tee "${CONTAINERD_CONFIG_REGISTRY_HOST_MCR}" > /dev/null <<EOF
[host."https://${BOOTSTRAP_PROFILE_CONTAINER_REGISTRY_SERVER}"]
[host."https://${CONTAINER_REGISTRY_URL%/}"]
capabilities = ["pull", "resolve"]
override_path = true
EOF
}

Expand Down
4 changes: 2 additions & 2 deletions pkg/agent/testdata/AKSUbuntu1604+Disable1804SystemdResolved=false/CustomData
View file

Large diffs are not rendered by default.

8 changes: 4 additions & 4 deletions pkg/agent/testdata/AKSUbuntu1604+Disable1804SystemdResolved=false/line33.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -66,11 +66,11 @@ if [[ "${SHOULD_CONFIGURE_CUSTOM_CA_TRUST}" == "true" ]]; then
logs_to_events "AKS.CSE.configureCustomCaCertificate" configureCustomCaCertificate || exit $ERR_UPDATE_CA_CERTS
fi

domain_name="mcr.microsoft.com"
registry_domain_name="mcr.microsoft.com"
if [[ -n ${BOOTSTRAP_PROFILE_CONTAINER_REGISTRY_SERVER} ]]; then
domain_name="${BOOTSTRAP_PROFILE_CONTAINER_REGISTRY_SERVER%/}"
registry_domain_name="${BOOTSTRAP_PROFILE_CONTAINER_REGISTRY_SERVER%%/*}"
fi
verify_DNS_health $domain_name || exit $ERR_DNS_HEALTH_FAIL
verify_DNS_health $registry_domain_name || exit $ERR_DNS_HEALTH_FAIL

if [[ -n "${OUTBOUND_COMMAND}" ]]; then
if [[ -n "${PROXY_VARS}" ]]; then
Expand All @@ -90,7 +90,7 @@ if [[ ${ID} != "mariner" ]] && [[ ${ID} != "azurelinux" ]]; then
fi

if [[ -n ${BOOTSTRAP_PROFILE_CONTAINER_REGISTRY_SERVER} ]]; then
logs_to_events "AKS.CSE.orasLogin.oras_login_with_kubelet_identity" oras_login_with_kubelet_identity "${BOOTSTRAP_PROFILE_CONTAINER_REGISTRY_SERVER%/}" $USER_ASSIGNED_IDENTITY_ID $TENANT_ID || exit $?
logs_to_events "AKS.CSE.orasLogin.oras_login_with_kubelet_identity" oras_login_with_kubelet_identity "${registry_domain_name}" $USER_ASSIGNED_IDENTITY_ID $TENANT_ID || exit $?
fi

export -f should_skip_nvidia_drivers
Expand Down
4 changes: 3 additions & 1 deletion pkg/agent/testdata/AKSUbuntu1604+Disable1804SystemdResolved=false/line70.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -337,9 +337,11 @@ configureContainerdRegistryHost() {
mkdir -p "$(dirname "${CONTAINERD_CONFIG_REGISTRY_HOST_MCR}")"
touch "${CONTAINERD_CONFIG_REGISTRY_HOST_MCR}"
chmod 0644 "${CONTAINERD_CONFIG_REGISTRY_HOST_MCR}"
CONTAINER_REGISTRY_URL=$(sed 's@/@/v2/@1' <<< "${BOOTSTRAP_PROFILE_CONTAINER_REGISTRY_SERVER}/")
tee "${CONTAINERD_CONFIG_REGISTRY_HOST_MCR}" > /dev/null <<EOF
[host."https://${BOOTSTRAP_PROFILE_CONTAINER_REGISTRY_SERVER}"]
[host."https://${CONTAINER_REGISTRY_URL%/}"]
capabilities = ["pull", "resolve"]
override_path = true
EOF
}

Expand Down
Loading

0 comments on commit cfcf937

Please sign in to comment.