From 72a617d01d38f1aa7056ce5e2449920a856648f0 Mon Sep 17 00:00:00 2001 From: Isaiah Raya Date: Tue, 29 Apr 2025 17:24:04 +0000 Subject: [PATCH 1/8] removed hostusers misconfigruation --- npm/azure-npm.yaml | 1 - npm/examples/azure-npm-lite.yaml | 1 - 2 files changed, 2 deletions(-) diff --git a/npm/azure-npm.yaml b/npm/azure-npm.yaml index 137a2c5665..a19a1b974e 100644 --- a/npm/azure-npm.yaml +++ b/npm/azure-npm.yaml @@ -112,7 +112,6 @@ spec: - name: tmp mountPath: /tmp hostNetwork: true - hostUsers: false nodeSelector: kubernetes.io/os: linux volumes: diff --git a/npm/examples/azure-npm-lite.yaml b/npm/examples/azure-npm-lite.yaml index 37339b0598..cbd8666536 100644 --- a/npm/examples/azure-npm-lite.yaml +++ b/npm/examples/azure-npm-lite.yaml @@ -112,7 +112,6 @@ spec: - name: tmp mountPath: /tmp hostNetwork: true - hostUsers: false nodeSelector: kubernetes.io/os: linux volumes: From 77fed05823863e70813807a7b2177323d7bd9e65 Mon Sep 17 00:00:00 2001 From: Isaiah Raya Date: Wed, 30 Apr 2025 18:00:35 +0000 Subject: [PATCH 2/8] added public ip and service tag to compile to SFI rules --- .pipelines/npm/npm-conformance-tests.yaml | 22 ++++++++++++++++++++-- .pipelines/npm/npm-scale-test.yaml | 14 +++++++++++++- 2 files changed, 33 insertions(+), 3 deletions(-) diff --git a/.pipelines/npm/npm-conformance-tests.yaml b/.pipelines/npm/npm-conformance-tests.yaml index 21a347e33a..1eac1b9925 100644 --- a/.pipelines/npm/npm-conformance-tests.yaml +++ b/.pipelines/npm/npm-conformance-tests.yaml @@ -123,6 +123,7 @@ stages: RESOURCE_GROUP: $[ stagedependencies.setup.setup.outputs['EnvironmentalVariables.RESOURCE_GROUP'] ] TAG: $[ stagedependencies.setup.setup.outputs['EnvironmentalVariables.TAG'] ] FQDN: empty + PUBLIC_IP_NAME: $(RESOURCE_GROUP)-public-ip steps: - checkout: self @@ -137,6 +138,21 @@ stages: echo created RG $(RESOURCE_GROUP) in $(LOCATION) az version + - task: AzureCLI@2 + displayName: "Create public IP with a service tag" + inputs: + azureSubscription: $(BUILD_VALIDATIONS_SERVICE_CONNECTION) + scriptType: "bash" + scriptLocation: "inlineScript" + inlineScript: | + az network public-ip create \ + --name $(PUBLIC_IP_NAME) \ + --resource-group $(RESOURCE_GROUP) \ + --allocation-method Static \ + --ip-tags 'FirstPartyUsage=/DelegatedNetworkControllerTest' \ + --location $(LOCATION) --sku Standard --tier Regional \ + --version IPv4 + - task: AzureCLI@2 displayName: "Deploy NPM to Test Cluster" inputs: @@ -166,7 +182,8 @@ stages: --network-plugin azure \ --vm-set-type VirtualMachineScaleSets \ --node-vm-size Standard_D4s_v3 \ - --node-count 1 + --node-count 1 \ + --load-balancer-outbound-ips $(PUBLIC_IP_ID) if [ $? != 0 ] then @@ -213,7 +230,8 @@ stages: az aks create --no-ssh-key \ --resource-group $(RESOURCE_GROUP) \ --name $(AZURE_CLUSTER) \ - --network-plugin azure + --network-plugin azure \ + --load-balancer-outbound-ips $(PUBLIC_IP_ID) if [ $? != 0 ] then diff --git a/.pipelines/npm/npm-scale-test.yaml b/.pipelines/npm/npm-scale-test.yaml index 99d13007b1..cfc31a9d2f 100644 --- a/.pipelines/npm/npm-scale-test.yaml +++ b/.pipelines/npm/npm-scale-test.yaml @@ -139,6 +139,17 @@ jobs: echo "Creating resource group named $(RESOURCE_GROUP)" az group create --name $(RESOURCE_GROUP) -l $(LOCATION) -o table + export PUBLIC_IP_NAME=$(RESOURCE_GROUP)-$(PROFILE)-public-ip + echo "Creating public IP with a service tag named $(PUBLIC_IP_NAME)" + az network public-ip create \ + --name $(PUBLIC_IP_NAME) \ + --resource-group $(RESOURCE_GROUP) \ + --allocation-method Static \ + --ip-tags 'FirstPartyUsage=/DelegatedNetworkControllerTest' \ + --location $(LOCATION) --sku Standard --tier Regional \ + --version IPv4 + export PUBLIC_IP_ID=$(az network public-ip show -g $(RESOURCE_GROUP) -n $(PUBLIC_IP_NAME) --query id -o tsv) + export CLUSTER_NAME=$(RESOURCE_GROUP)-$(PROFILE) echo "Creating cluster named $CLUSTER_NAME" az aks create \ @@ -152,7 +163,8 @@ jobs: --node-vm-size Standard_D4s_v3 \ --node-count 1 \ --tier standard \ - --max-pods 100 + --max-pods 100 \ + --load-balancer-outbound-ips $(PUBLIC_IP_ID) echo "Getting credentials to $CLUSTER_NAME" az aks get-credentials -g $(RESOURCE_GROUP) -n $CLUSTER_NAME --overwrite-existing --file ./kubeconfig From 24c3627a68162b381cd4e8f655d789e0f69ab0a6 Mon Sep 17 00:00:00 2001 From: Isaiah Raya Date: Wed, 30 Apr 2025 23:03:44 +0000 Subject: [PATCH 3/8] test --- .pipelines/npm/npm-scale-test.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.pipelines/npm/npm-scale-test.yaml b/.pipelines/npm/npm-scale-test.yaml index cfc31a9d2f..8cd250ca2e 100644 --- a/.pipelines/npm/npm-scale-test.yaml +++ b/.pipelines/npm/npm-scale-test.yaml @@ -140,9 +140,9 @@ jobs: az group create --name $(RESOURCE_GROUP) -l $(LOCATION) -o table export PUBLIC_IP_NAME=$(RESOURCE_GROUP)-$(PROFILE)-public-ip - echo "Creating public IP with a service tag named $(PUBLIC_IP_NAME)" + echo "Creating public IP with a service tag named $PUBLIC_IP_NAME" az network public-ip create \ - --name $(PUBLIC_IP_NAME) \ + --name $PUBLIC_IP_NAME \ --resource-group $(RESOURCE_GROUP) \ --allocation-method Static \ --ip-tags 'FirstPartyUsage=/DelegatedNetworkControllerTest' \ @@ -164,7 +164,7 @@ jobs: --node-count 1 \ --tier standard \ --max-pods 100 \ - --load-balancer-outbound-ips $(PUBLIC_IP_ID) + --load-balancer-outbound-ips $PUBLIC_IP_ID echo "Getting credentials to $CLUSTER_NAME" az aks get-credentials -g $(RESOURCE_GROUP) -n $CLUSTER_NAME --overwrite-existing --file ./kubeconfig From e484058f2a70c9ccfeaa3f6d9f5ab4a848f5394d Mon Sep 17 00:00:00 2001 From: Isaiah Raya Date: Wed, 30 Apr 2025 23:14:19 +0000 Subject: [PATCH 4/8] fixed errors in bash --- .pipelines/npm/npm-conformance-tests.yaml | 7 +++++-- .pipelines/npm/npm-scale-test.yaml | 2 +- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/.pipelines/npm/npm-conformance-tests.yaml b/.pipelines/npm/npm-conformance-tests.yaml index 1eac1b9925..9720ea18ce 100644 --- a/.pipelines/npm/npm-conformance-tests.yaml +++ b/.pipelines/npm/npm-conformance-tests.yaml @@ -166,6 +166,9 @@ stages: chmod +x kubectl echo Cluster $(AZURE_CLUSTER) echo Resource $(RESOURCE_GROUP) + echo Public IP $(PUBLIC_IP_NAME) + export PUBLIC_IP_ID=$(az network public-ip show -g $(RESOURCE_GROUP) -n $(PUBLIC_IP_NAME) --query id -o tsv) + echo Public IP ID $PUBLIC_IP_ID if [[ $(AZURE_CLUSTER) == *ws22 ]] # * is used for pattern matching then @@ -183,7 +186,7 @@ stages: --vm-set-type VirtualMachineScaleSets \ --node-vm-size Standard_D4s_v3 \ --node-count 1 \ - --load-balancer-outbound-ips $(PUBLIC_IP_ID) + --load-balancer-outbound-ips $PUBLIC_IP_ID if [ $? != 0 ] then @@ -231,7 +234,7 @@ stages: --resource-group $(RESOURCE_GROUP) \ --name $(AZURE_CLUSTER) \ --network-plugin azure \ - --load-balancer-outbound-ips $(PUBLIC_IP_ID) + --load-balancer-outbound-ips $PUBLIC_IP_ID if [ $? != 0 ] then diff --git a/.pipelines/npm/npm-scale-test.yaml b/.pipelines/npm/npm-scale-test.yaml index 8cd250ca2e..a4e8390f69 100644 --- a/.pipelines/npm/npm-scale-test.yaml +++ b/.pipelines/npm/npm-scale-test.yaml @@ -148,7 +148,7 @@ jobs: --ip-tags 'FirstPartyUsage=/DelegatedNetworkControllerTest' \ --location $(LOCATION) --sku Standard --tier Regional \ --version IPv4 - export PUBLIC_IP_ID=$(az network public-ip show -g $(RESOURCE_GROUP) -n $(PUBLIC_IP_NAME) --query id -o tsv) + export PUBLIC_IP_ID=$(az network public-ip show -g $(RESOURCE_GROUP) -n $PUBLIC_IP_NAME --query id -o tsv) export CLUSTER_NAME=$(RESOURCE_GROUP)-$(PROFILE) echo "Creating cluster named $CLUSTER_NAME" From 3dc25fdb93fcd748186b6f83d0a573c6f0c66015 Mon Sep 17 00:00:00 2001 From: Isaiah Raya Date: Thu, 1 May 2025 17:15:30 +0000 Subject: [PATCH 5/8] added --load-balancer-sku standard --- .pipelines/npm/npm-conformance-tests.yaml | 6 +++++- .pipelines/npm/npm-scale-test.yaml | 5 ++++- 2 files changed, 9 insertions(+), 2 deletions(-) diff --git a/.pipelines/npm/npm-conformance-tests.yaml b/.pipelines/npm/npm-conformance-tests.yaml index 9720ea18ce..a379972f74 100644 --- a/.pipelines/npm/npm-conformance-tests.yaml +++ b/.pipelines/npm/npm-conformance-tests.yaml @@ -150,7 +150,9 @@ stages: --resource-group $(RESOURCE_GROUP) \ --allocation-method Static \ --ip-tags 'FirstPartyUsage=/DelegatedNetworkControllerTest' \ - --location $(LOCATION) --sku Standard --tier Regional \ + --location $(LOCATION) \ + --sku Standard \ + --tier Regional \ --version IPv4 - task: AzureCLI@2 @@ -186,6 +188,7 @@ stages: --vm-set-type VirtualMachineScaleSets \ --node-vm-size Standard_D4s_v3 \ --node-count 1 \ + --load-balancer-sku standard \ --load-balancer-outbound-ips $PUBLIC_IP_ID if [ $? != 0 ] @@ -234,6 +237,7 @@ stages: --resource-group $(RESOURCE_GROUP) \ --name $(AZURE_CLUSTER) \ --network-plugin azure \ + --load-balancer-sku standard \ --load-balancer-outbound-ips $PUBLIC_IP_ID if [ $? != 0 ] diff --git a/.pipelines/npm/npm-scale-test.yaml b/.pipelines/npm/npm-scale-test.yaml index a4e8390f69..cdbb7b6768 100644 --- a/.pipelines/npm/npm-scale-test.yaml +++ b/.pipelines/npm/npm-scale-test.yaml @@ -146,7 +146,9 @@ jobs: --resource-group $(RESOURCE_GROUP) \ --allocation-method Static \ --ip-tags 'FirstPartyUsage=/DelegatedNetworkControllerTest' \ - --location $(LOCATION) --sku Standard --tier Regional \ + --location $(LOCATION) \ + --sku Standard \ + --tier Regional \ --version IPv4 export PUBLIC_IP_ID=$(az network public-ip show -g $(RESOURCE_GROUP) -n $PUBLIC_IP_NAME --query id -o tsv) @@ -164,6 +166,7 @@ jobs: --node-count 1 \ --tier standard \ --max-pods 100 \ + --load-balancer-sku standard \ --load-balancer-outbound-ips $PUBLIC_IP_ID echo "Getting credentials to $CLUSTER_NAME" From e3fff15704feb0f5537bf8252d54a4e35cbe5af1 Mon Sep 17 00:00:00 2001 From: Isaiah Raya Date: Thu, 1 May 2025 17:18:07 +0000 Subject: [PATCH 6/8] added profile to public ip name --- .pipelines/npm/npm-conformance-tests.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.pipelines/npm/npm-conformance-tests.yaml b/.pipelines/npm/npm-conformance-tests.yaml index a379972f74..b794cb32f7 100644 --- a/.pipelines/npm/npm-conformance-tests.yaml +++ b/.pipelines/npm/npm-conformance-tests.yaml @@ -123,7 +123,7 @@ stages: RESOURCE_GROUP: $[ stagedependencies.setup.setup.outputs['EnvironmentalVariables.RESOURCE_GROUP'] ] TAG: $[ stagedependencies.setup.setup.outputs['EnvironmentalVariables.TAG'] ] FQDN: empty - PUBLIC_IP_NAME: $(RESOURCE_GROUP)-public-ip + PUBLIC_IP_NAME: $(RESOURCE_GROUP)-$(PROFILE)-public-ip steps: - checkout: self From 3c19bd1ac5e86e2423034f5c45570750753bf183 Mon Sep 17 00:00:00 2001 From: Isaiah Raya Date: Thu, 1 May 2025 17:38:36 +0000 Subject: [PATCH 7/8] found issue removing unused config --- .pipelines/npm/npm-conformance-tests.yaml | 2 -- .pipelines/npm/npm-scale-test.yaml | 1 - 2 files changed, 3 deletions(-) diff --git a/.pipelines/npm/npm-conformance-tests.yaml b/.pipelines/npm/npm-conformance-tests.yaml index b794cb32f7..7423ace2c7 100644 --- a/.pipelines/npm/npm-conformance-tests.yaml +++ b/.pipelines/npm/npm-conformance-tests.yaml @@ -188,7 +188,6 @@ stages: --vm-set-type VirtualMachineScaleSets \ --node-vm-size Standard_D4s_v3 \ --node-count 1 \ - --load-balancer-sku standard \ --load-balancer-outbound-ips $PUBLIC_IP_ID if [ $? != 0 ] @@ -237,7 +236,6 @@ stages: --resource-group $(RESOURCE_GROUP) \ --name $(AZURE_CLUSTER) \ --network-plugin azure \ - --load-balancer-sku standard \ --load-balancer-outbound-ips $PUBLIC_IP_ID if [ $? != 0 ] diff --git a/.pipelines/npm/npm-scale-test.yaml b/.pipelines/npm/npm-scale-test.yaml index cdbb7b6768..f297d27baf 100644 --- a/.pipelines/npm/npm-scale-test.yaml +++ b/.pipelines/npm/npm-scale-test.yaml @@ -166,7 +166,6 @@ jobs: --node-count 1 \ --tier standard \ --max-pods 100 \ - --load-balancer-sku standard \ --load-balancer-outbound-ips $PUBLIC_IP_ID echo "Getting credentials to $CLUSTER_NAME" From 27658a892dbc6d47bfaf91118304487d43cf2002 Mon Sep 17 00:00:00 2001 From: Isaiah Raya Date: Thu, 1 May 2025 17:51:33 +0000 Subject: [PATCH 8/8] updated name so that it has a unique public ip --- .pipelines/npm/npm-conformance-tests.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.pipelines/npm/npm-conformance-tests.yaml b/.pipelines/npm/npm-conformance-tests.yaml index 7423ace2c7..ae68233dc0 100644 --- a/.pipelines/npm/npm-conformance-tests.yaml +++ b/.pipelines/npm/npm-conformance-tests.yaml @@ -108,7 +108,7 @@ stages: IS_STRESS_TEST: "false" v2-linux-stress: AZURE_CLUSTER: "conformance-v2-linux-stress" - PROFILE: "v2-background" + PROFILE: "v2-linux-stress" IS_STRESS_TEST: "true" v2-place-first: AZURE_CLUSTER: "conformance-v2-place-first"