merge with dev

Azure · Nov 20, 2024 · 2e04c74 · 2e04c74
2 parents 92963b9 + b130298
commit 2e04c74
Show file tree

Hide file tree

Showing 196 changed files with 1,546 additions and 607 deletions.
diff --git a/.github/renovate.json b/.github/renovate.json
@@ -84,6 +84,10 @@
       "matchPackageNames": ["oss/kubernetes/coredns", "oss/v2/kubernetes/coredns"],
       "assignees": ["SriHarsha001"]
     },
+    {
+      "matchPackageNames": ["oss/binaries/kubernetes/azure-acr-credential-provider"],
+      "assignees": ["mainred"]
+    },
     {
       "matchPackageNames": ["moby-runc", "moby-containerd"],
       "extractVersion": "^v?(?<version>.+)$"
@@ -126,7 +130,7 @@
         "\"renovateTag\":\\s*\"OCI_registry=(?<registryUrl>[^,]+), name=(?<packageName>[^\"]+)\",\\s*\"latestVersion\":\\s*\"(?<currentValue>[^\"]+)\"(?:[^}]*\"previousLatestVersion\":\\s*\"(?<depType>[^\"]+)\")?"
       ],
       "datasourceTemplate": "docker",
-      "autoReplaceStringTemplate": "\"renovateTag\": \"OCI_registry={{{registryUrl}}}, name={{{packageName}}}\",\n          \"latestVersion\": \"{{{newValue}}}\"{{#if depType}},\n          \"previousLatestVersion\": \"{{{currentValue}}}\"{{/if}}"
+      "autoReplaceStringTemplate": "\"renovateTag\": \"OCI_registry={{{registryUrl}}}, name={{{packageName}}}\",\n                \"latestVersion\": \"{{{newValue}}}\"{{#if depType}},\n                \"previousLatestVersion\": \"{{{currentValue}}}\"{{/if}}"
     },
     {
       "customType": "regex",

diff --git a/.github/workflows/buf.yaml b/.github/workflows/buf.yaml
@@ -1,7 +1,15 @@
 name: Buf CI
 on:
   push:
+    paths:
+      - "aks-node-controller/proto/**"
+      - "aks-node-controller/buf.yaml"
+      - "aks-node-controller/buf.gen.yaml"
   pull_request:
+    paths:
+      - "aks-node-controller/proto/**"
+      - "aks-node-controller/buf.yaml"
+      - "aks-node-controller/buf.gen.yaml"
 permissions:
   contents: read
   pull-requests: write
@@ -12,4 +20,4 @@ jobs:
       - uses: actions/checkout@v4
       - uses: bufbuild/buf-action@v1
         with:
-          input: aks-node-controller
+          input: aks-node-controller
diff --git a/aks-node-controller/parser/helper.go b/aks-node-controller/parser/helper.go
@@ -173,21 +173,21 @@ func getCustomCACertsStatus(customCACerts []string) bool {
 	return len(customCACerts) > 0
 }
 
-func getEnableTLSBootstrap(bootstrapConfig *aksnodeconfigv1.TlsBootstrappingConfig) bool {
+func getEnableTLSBootstrap(bootstrapConfig *aksnodeconfigv1.BootstrappingConfig) bool {
 	return bootstrapConfig.GetTlsBootstrappingToken() != ""
 }
 
-func getEnableSecureTLSBootstrap(bootstrapConfig *aksnodeconfigv1.TlsBootstrappingConfig) bool {
+func getEnableSecureTLSBootstrap(bootstrapConfig *aksnodeconfigv1.BootstrappingConfig) bool {
 	// TODO: Change logic to default to false once Secure TLS Bootstrapping is complete
-	return bootstrapConfig.GetEnableSecureTlsBootstrapping()
+	return bootstrapConfig.GetBootstrappingAuthMethod() == aksnodeconfigv1.BootstrappingAuthMethod_BOOTSTRAPPING_AUTH_METHOD_SECURE_TLS_BOOTSTRAPPING
 }
 
-func getTLSBootstrapToken(bootstrapConfig *aksnodeconfigv1.TlsBootstrappingConfig) string {
+func getTLSBootstrapToken(bootstrapConfig *aksnodeconfigv1.BootstrappingConfig) string {
 	return bootstrapConfig.GetTlsBootstrappingToken()
 }
 
-func getCustomSecureTLSBootstrapAADServerAppID(bootstrapConfig *aksnodeconfigv1.TlsBootstrappingConfig) string {
-	return bootstrapConfig.GetCustomSecureTlsBootstrappingAppserverAppid()
+func getCustomSecureTLSBootstrapAADServerAppID(bootstrapConfig *aksnodeconfigv1.BootstrappingConfig) string {
+	return bootstrapConfig.GetCustomAadResource()
 }
 
 func getIsKrustlet(wr aksnodeconfigv1.WorkloadRuntime) bool {

diff --git a/aks-node-controller/parser/parser.go b/aks-node-controller/parser/parser.go
@@ -127,9 +127,9 @@ func getCSEEnv(config *aksnodeconfigv1.Configuration) map[string]string {
 		"HTTPS_PROXY_URLS":                               config.GetHttpProxyConfig().GetHttpsProxy(),
 		"NO_PROXY_URLS":                                  getStringifiedStringArray(config.GetHttpProxyConfig().GetNoProxyEntries(), ","),
 		"PROXY_VARS":                                     getProxyVariables(config.GetHttpProxyConfig()),
-		"ENABLE_TLS_BOOTSTRAPPING":                       fmt.Sprintf("%v", getEnableTLSBootstrap(config.GetTlsBootstrappingConfig())),
-		"ENABLE_SECURE_TLS_BOOTSTRAPPING":                fmt.Sprintf("%v", getEnableSecureTLSBootstrap(config.GetTlsBootstrappingConfig())),
-		"CUSTOM_SECURE_TLS_BOOTSTRAP_AAD_SERVER_APP_ID":  getCustomSecureTLSBootstrapAADServerAppID(config.GetTlsBootstrappingConfig()),
+		"ENABLE_TLS_BOOTSTRAPPING":                       fmt.Sprintf("%v", getEnableTLSBootstrap(config.GetBootstrappingConfig())),
+		"ENABLE_SECURE_TLS_BOOTSTRAPPING":                fmt.Sprintf("%v", getEnableSecureTLSBootstrap(config.GetBootstrappingConfig())),
+		"CUSTOM_SECURE_TLS_BOOTSTRAP_AAD_SERVER_APP_ID":  getCustomSecureTLSBootstrapAADServerAppID(config.GetBootstrappingConfig()),
 		"DHCPV6_SERVICE_FILEPATH":                        getDHCPV6ServiceFilepath(),
 		"DHCPV6_CONFIG_FILEPATH":                         getDHCPV6ConfigFilepath(),
 		"THP_ENABLED":                                    config.GetCustomLinuxOsConfig().GetTransparentHugepageSupport(),
@@ -149,7 +149,7 @@ func getCSEEnv(config *aksnodeconfigv1.Configuration) map[string]string {
 		"MESSAGE_OF_THE_DAY":                             config.GetMessageOfTheDay(),
 		"HAS_KUBELET_DISK_TYPE":                          fmt.Sprintf("%v", getHasKubeletDiskType(config.GetKubeletConfig())),
 		"NEEDS_CGROUPV2":                                 fmt.Sprintf("%v", config.GetNeedsCgroupv2()),
-		"TLS_BOOTSTRAP_TOKEN":                            getTLSBootstrapToken(config.GetTlsBootstrappingConfig()),
+		"TLS_BOOTSTRAP_TOKEN":                            getTLSBootstrapToken(config.GetBootstrappingConfig()),
 		"KUBELET_FLAGS":                                  createSortedKeyValuePairs(config.GetKubeletConfig().GetKubeletFlags(), " "),
 		"NETWORK_POLICY":                                 getStringFromNetworkPolicyType(config.GetNetworkConfig().GetNetworkPolicy()),
 		"KUBELET_NODE_LABELS":                            createSortedKeyValuePairs(config.GetKubeletConfig().GetKubeletNodeLabels(), ","),

diff --git a/aks-node-controller/parser/testdata/test_aksnodeconfig.json b/aks-node-controller/parser/testdata/test_aksnodeconfig.json
@@ -1,7 +1,7 @@
 {
     "version": "v0",
-    "tls_bootstrapping_config": {
-        "enable_secure_tls_bootstrapping": false
+    "bootstrapping_config": {
+        "bootstrapping_auth_method": "BOOTSTRAPPING_AUTH_METHOD_BOOTSTRAP_TOKEN"
     },
     "cluster_config": {
         "vm_type": "VM_TYPE_VMSS",

diff --git a/aks-node-controller/parser/testdata/test_aksnodeconfig_fields_missing.json b/aks-node-controller/parser/testdata/test_aksnodeconfig_fields_missing.json
@@ -1,7 +1,7 @@
 {
     "version": "v0",
-    "tls_bootstrapping_config": {
-        "enable_secure_tls_bootstrapping": false
+    "bootstrapping_config": {
+        "bootstrapping_auth_method": "BOOTSTRAPPING_AUTH_METHOD_BOOTSTRAP_TOKEN"
     },
     "cluster_config": {
         "vm_type": 2,

diff --git a/aks-node-controller/parser/testdata/test_aksnodeconfig_fields_unexpected.json b/aks-node-controller/parser/testdata/test_aksnodeconfig_fields_unexpected.json
@@ -1,7 +1,7 @@
 {
     "version": "v0",
-    "tls_bootstrapping_config": {
-        "enable_secure_tls_bootstrapping": false
+    "bootstrapping_config": {
+        "bootstrapping_auth_method": "BOOTSTRAPPING_AUTH_METHOD_BOOTSTRAP_TOKEN"
     },
     "cluster_config": {
         "vm_type": 2,