Merge branch 'master' into lily/update-contract-identity-config

Azure · Mar 25, 2024 · c6e9fcb · c6e9fcb
2 parents 82559ff + 85775bd
commit c6e9fcb
Show file tree

Hide file tree

Showing 171 changed files with 418 additions and 409 deletions.
diff --git a/.pipelines/.vsts-vhd-builder-release-windows.yaml b/.pipelines/.vsts-vhd-builder-release-windows.yaml
@@ -182,9 +182,6 @@ stages:
             docker run --rm \
             -v ${PWD}:/go/src/github.com/Azure/AgentBaker \
             -w /go/src/github.com/Azure/AgentBaker \
-            -e CLIENT_ID=${AZURE_BUILD_CLIENT_ID} \
-            -e CLIENT_SECRET="$(AZURE_BUILD_CLIENT_SECRET)" \
-            -e TENANT_ID=${AZURE_BUILD_TENANT_ID} \
             -e SUBSCRIPTION_ID="${AZURE_BUILD_SUBSCRIPTION_ID}" \
             -e PROD_SUBSCRIPTION_ID=${AZURE_PROD_SUBSCRIPTION_ID} \
             -e AZURE_RESOURCE_GROUP_NAME=${AZURE_BUILD_RESOURCE_GROUP_NAME} \

diff --git a/.pipelines/templates/.builder-release-template-windows.yaml b/.pipelines/templates/.builder-release-template-windows.yaml
@@ -92,9 +92,6 @@ steps:
       -v ${PWD}:/go/src/github.com/Azure/AgentBaker \
       -w /go/src/github.com/Azure/AgentBaker \
       -e POOL_NAME=$(AZURE_POOL_NAME) \
-      -e CLIENT_ID=${AZURE_BUILD_CLIENT_ID} \
-      -e CLIENT_SECRET="$(AZURE_BUILD_CLIENT_SECRET)" \
-      -e TENANT_ID=${AZURE_BUILD_TENANT_ID} \
       -e SUBSCRIPTION_ID="${AZURE_BUILD_SUBSCRIPTION_ID}" \
       -e AZURE_RESOURCE_GROUP_NAME=${AZURE_BUILD_RESOURCE_GROUP_NAME} \
       -e AZURE_LOCATION=${AZURE_BUILD_LOCATION} \
@@ -131,9 +128,6 @@ steps:
       docker run --rm \
       -v ${PWD}:/go/src/github.com/Azure/AgentBaker \
       -w /go/src/github.com/Azure/AgentBaker \
-      -e CLIENT_ID=${AZURE_BUILD_CLIENT_ID} \
-      -e CLIENT_SECRET="$(AZURE_BUILD_CLIENT_SECRET)" \
-      -e TENANT_ID=${AZURE_BUILD_TENANT_ID} \
       -e SUBSCRIPTION_ID="${AZURE_BUILD_SUBSCRIPTION_ID}" \
       -e AZURE_RESOURCE_GROUP_NAME=${AZURE_BUILD_RESOURCE_GROUP_NAME} \
       -e OS_DISK_URI=${OS_DISK_URI} \
@@ -183,9 +177,6 @@ steps:
         docker run --rm \
         -v ${PWD}:/go/src/github.com/Azure/AgentBaker \
         -w /go/src/github.com/Azure/AgentBaker \
-        -e CLIENT_ID=${AZURE_BUILD_CLIENT_ID} \
-        -e CLIENT_SECRET="$(AZURE_BUILD_CLIENT_SECRET)" \
-        -e TENANT_ID=${AZURE_BUILD_TENANT_ID} \
         -e SUBSCRIPTION_ID="${AZURE_BUILD_SUBSCRIPTION_ID}" \
         -e RESOURCE_GROUP_NAME="${AZURE_BUILD_RESOURCE_GROUP_NAME}" \
         -e LOCATION="${AZURE_BUILD_LOCATION}" \
@@ -221,9 +212,6 @@ steps:
       docker run --rm \
       -v ${PWD}:/go/src/github.com/Azure/AgentBaker \
       -w /go/src/github.com/Azure/AgentBaker \
-      -e CLIENT_ID=${AZURE_BUILD_CLIENT_ID} \
-      -e CLIENT_SECRET="$(AZURE_BUILD_CLIENT_SECRET)" \
-      -e TENANT_ID=${AZURE_BUILD_TENANT_ID} \
       -e SUBSCRIPTION_ID="${AZURE_BUILD_SUBSCRIPTION_ID}" \
       -e SA_NAME=${SA_NAME} \
       -e AZURE_RESOURCE_GROUP_NAME=${AZURE_BUILD_RESOURCE_GROUP_NAME} \
@@ -258,9 +246,6 @@ steps:
       docker run --rm \
       -v ${PWD}:/go/src/github.com/Azure/AgentBaker \
       -w /go/src/github.com/Azure/AgentBaker \
-      -e CLIENT_ID=${CLIENT_ID} \
-      -e CLIENT_SECRET="$(CLIENT_SECRET)" \
-      -e TENANT_ID=${TENANT_ID} \
       -e SUBSCRIPTION_ID="${AZURE_PROD_SUBSCRIPTION_ID}" \
       -e CLASSIC_SA_CONNECTION_STRING="$(CLASSIC_SA_CONNECTION_STRING)" \
       -e STORAGE_ACCT_BLOB_URL=${STORAGE_ACCT_BLOB_URL} \

diff --git a/e2e/scenario/base_vhd_catalog.json b/e2e/scenario/base_vhd_catalog.json
@@ -2,17 +2,17 @@
     "ubuntu1804": {
         "gen2containerd": {
             "artifactName": "1804-gen2-containerd",
-            "resourceId": "/subscriptions/8ecadfc9-d1a3-4ea4-b844-0d9f87e4d7c8/resourceGroups/aksvhdtestbuildrg/providers/Microsoft.Compute/galleries/PackerSigGalleryEastUS/images/1804Gen2/versions/1.1707351757.24005"
+            "resourceId": "/subscriptions/8ecadfc9-d1a3-4ea4-b844-0d9f87e4d7c8/resourceGroups/aksvhdtestbuildrg/providers/Microsoft.Compute/galleries/PackerSigGalleryEastUS/images/1804Gen2/versions/1.1711058371.9154"
         }
     },
     "ubuntu2204": {
         "gen2arm64containerd": {
             "artifactName": "2204-arm64-gen2-containerd",
-            "resourceId": "/subscriptions/8ecadfc9-d1a3-4ea4-b844-0d9f87e4d7c8/resourceGroups/aksvhdtestbuildrg/providers/Microsoft.Compute/galleries/PackerSigGalleryEastUS/images/2204Gen2Arm64/versions/1.1707351609.8691"
+            "resourceId": "/subscriptions/8ecadfc9-d1a3-4ea4-b844-0d9f87e4d7c8/resourceGroups/aksvhdtestbuildrg/providers/Microsoft.Compute/galleries/PackerSigGalleryEastUS/images/2204Gen2Arm64/versions/1.1711050975.24443"
         },
         "gen2containerd": {
             "artifactName": "2204-gen2-containerd",
-            "resourceId": "/subscriptions/8ecadfc9-d1a3-4ea4-b844-0d9f87e4d7c8/resourceGroups/aksvhdtestbuildrg/providers/Microsoft.Compute/galleries/PackerSigGalleryEastUS/images/2204Gen2/versions/1.1707351742.21148"
+            "resourceId": "/subscriptions/8ecadfc9-d1a3-4ea4-b844-0d9f87e4d7c8/resourceGroups/aksvhdtestbuildrg/providers/Microsoft.Compute/galleries/PackerSigGalleryEastUS/images/2204Gen2/versions/1.1711058378.5173"
         },
         "gen2containerdprivatekubepkg": {
             "resourceId": "/subscriptions/8ecadfc9-d1a3-4ea4-b844-0d9f87e4d7c8/resourceGroups/aksvhdtestbuildrg/providers/Microsoft.Compute/galleries/PackerSigGalleryEastUS/images/2204Gen2/versions/1.1704411049.2812"
@@ -21,21 +21,21 @@
     "azurelinuxv2": {
         "gen2arm64": {
             "artifactName": "azurelinuxv2-gen2-arm64",
-            "resourceId": "/subscriptions/8ecadfc9-d1a3-4ea4-b844-0d9f87e4d7c8/resourceGroups/aksvhdtestbuildrg/providers/Microsoft.Compute/galleries/PackerSigGalleryEastUS/images/AzureLinuxV2Gen2Arm64/versions/1.1707351611.19505"
+            "resourceId": "/subscriptions/8ecadfc9-d1a3-4ea4-b844-0d9f87e4d7c8/resourceGroups/aksvhdtestbuildrg/providers/Microsoft.Compute/galleries/PackerSigGalleryEastUS/images/AzureLinuxV2Gen2Arm64/versions/1.1711050992.12578"
         },
         "gen2": {
             "artifactName": "azurelinuxv2-gen2",
-            "resourceId": "/subscriptions/8ecadfc9-d1a3-4ea4-b844-0d9f87e4d7c8/resourceGroups/aksvhdtestbuildrg/providers/Microsoft.Compute/galleries/PackerSigGalleryEastUS/images/AzureLinuxV2Gen2/versions/1.1707351621.9878"
+            "resourceId": "/subscriptions/8ecadfc9-d1a3-4ea4-b844-0d9f87e4d7c8/resourceGroups/aksvhdtestbuildrg/providers/Microsoft.Compute/galleries/PackerSigGalleryEastUS/images/AzureLinuxV2Gen2/versions/1.1711058377.30895"
         }
     },
     "cblmarinerv2": {
         "gen2arm64": {
             "artifactName": "marinerv2-gen2-arm64",
-            "resourceId": "/subscriptions/8ecadfc9-d1a3-4ea4-b844-0d9f87e4d7c8/resourceGroups/aksvhdtestbuildrg/providers/Microsoft.Compute/galleries/PackerSigGalleryEastUS/images/CBLMarinerV2Gen2Arm64/versions/1.1707351626.25667"
+            "resourceId": "/subscriptions/8ecadfc9-d1a3-4ea4-b844-0d9f87e4d7c8/resourceGroups/aksvhdtestbuildrg/providers/Microsoft.Compute/galleries/PackerSigGalleryEastUS/images/CBLMarinerV2Gen2Arm64/versions/1.1711051003.16083"
         },
         "gen2": {
             "artifactName": "marinerv2-gen2",
-            "resourceId": "/subscriptions/8ecadfc9-d1a3-4ea4-b844-0d9f87e4d7c8/resourceGroups/aksvhdtestbuildrg/providers/Microsoft.Compute/galleries/PackerSigGalleryEastUS/images/CBLMarinerV2Gen2/versions/1.1707351721.29111"
+            "resourceId": "/subscriptions/8ecadfc9-d1a3-4ea4-b844-0d9f87e4d7c8/resourceGroups/aksvhdtestbuildrg/providers/Microsoft.Compute/galleries/PackerSigGalleryEastUS/images/CBLMarinerV2Gen2/versions/1.1711051012.17839"
         }
     }
 }
diff --git a/e2e/scenario/scenario_marinerv2.go b/e2e/scenario/scenario_marinerv2.go
@@ -16,9 +16,6 @@ func (t *Template) marinerv2() *Scenario {
 				nbc.ContainerService.Properties.AgentPoolProfiles[0].Distro = "aks-cblmariner-v2-gen2"
 				nbc.AgentPoolProfile.Distro = "aks-cblmariner-v2-gen2"
 			},
-			LiveVMValidators: []*LiveVMValidator{
-				KubenetEnsureNoDupEbtablesValidator(),
-			},
 		},
 	}
 }
diff --git a/e2e/scenario/scenario_ubuntu2204.go b/e2e/scenario/scenario_ubuntu2204.go
@@ -16,9 +16,6 @@ func (t *Template) ubuntu2204() *Scenario {
 				nbc.ContainerService.Properties.AgentPoolProfiles[0].Distro = "aks-ubuntu-containerd-22.04-gen2"
 				nbc.AgentPoolProfile.Distro = "aks-ubuntu-containerd-22.04-gen2"
 			},
-			LiveVMValidators: []*LiveVMValidator{
-				KubenetEnsureNoDupEbtablesValidator(),
-			},
 		},
 	}
 }
diff --git a/e2e/scenario/validators.go b/e2e/scenario/validators.go
@@ -2,7 +2,6 @@ package scenario
 
 import (
 	"fmt"
-	"regexp"
 	"strings"
 )
 
@@ -127,42 +126,6 @@ func UlimitValidator(ulimits map[string]string) *LiveVMValidator {
 	}
 }
 
-// KubenetEnsureNoDupEbtablesValidator checks that ebtables rules were installed by
-// the ensure-no-dup.sh script to block duplicate packets from the promiscuous bridge.
-// This assumes at least one pod (without hostNetwork) has already run on the node.
-func KubenetEnsureNoDupEbtablesValidator() *LiveVMValidator {
-	// Use regex match for the rules because the MAC and IP addresses can vary.
-	expectedRulePatterns := []string{
-		`-j AKS-DEDUP-PROMISC`,
-		`-p IPv4 -s [0-9a-f:]+ -o veth\+ --ip-src [0-9.]+ -j ACCEPT`,
-		`-p IPv4 -s [0-9a-f:]+ -o veth\+ --ip-src [0-9.]+/[0-9]+ -j DROP`,
-	}
-	regexes := make(map[string]*regexp.Regexp, len(expectedRulePatterns))
-	for _, s := range expectedRulePatterns {
-		regexes[s] = regexp.MustCompile(s)
-	}
-
-	return &LiveVMValidator{
-		Description: "assert kubenet ensure-no-dup ebtables rules",
-		// Grep matches rules with "-" at start of line.
-		// This command will fail and be retried to account for delay between
-		// when the CNI creates the bridge and when the ensure-no-dup systemd unit completes.
-		Command: fmt.Sprintf(`ebtables -L | grep "^-"`),
-		Asserter: func(code, stdout, stderr string) error {
-			if code != "0" {
-				return fmt.Errorf("validator command terminated with exit code %q but expected code 0", code)
-			}
-
-			for pattern, re := range regexes {
-				if !re.MatchString(stdout) {
-					return fmt.Errorf("could not find expected ebtables rule matching pattern %q", pattern)
-				}
-			}
-			return nil
-		},
-	}
-}
-
 func containerdVersionValidator(version string) *LiveVMValidator {
 	return &LiveVMValidator{
 		Description: "assert containerd version",

diff --git a/e2e/windows/e2e-scenario.sh b/e2e/windows/e2e-scenario.sh
@@ -41,6 +41,19 @@ collect-logs() {
             err "Failed in deleting cse logs in remote storage. Error code is $retval."
         fi
     fi
+
+    array=(azcopy_*)
+    ${array[0]}/azcopy copy "https://${AZURE_E2E_STORAGE_ACCOUNT_NAME}.blob.core.windows.net/${AZURE_E2E_STORAGE_LOG_CONTAINER}/${DEPLOYMENT_VMSS_NAME}-provision.complete" $SCENARIO_NAME-logs/$WINDOWS_E2E_IMAGE$WINDOWS_GPU_DRIVER_SUFFIX-provision.complete || retval=$?
+    if [ "$retval" -ne 0 ]; then
+        err "Failed in downloading provision.complete. Error code is $retval."
+        exit 1
+    else
+        log "provision.complete is generated"
+        ${array[0]}/azcopy rm "https://${AZURE_E2E_STORAGE_ACCOUNT_NAME}.blob.core.windows.net/${AZURE_E2E_STORAGE_LOG_CONTAINER}/${DEPLOYMENT_VMSS_NAME}-provision.complete" || retval=$?
+        if [ "$retval" -ne 0 ]; then
+            err "Failed in deleting provision.complete in remote storage. Error code is $retval."
+        fi
+    fi
 }
 
 E2E_RESOURCE_GROUP_NAME="$AZURE_E2E_RESOURCE_GROUP_NAME-$WINDOWS_E2E_IMAGE$WINDOWS_GPU_DRIVER_SUFFIX-$K8S_VERSION"
@@ -183,7 +196,7 @@ else
 fi
 
 log "Collect cse log"
-collect-logs 
+collect-logs
 
 cat $SCENARIO_NAME-vmss.json
 

diff --git a/e2e/windows/upload-cse-logs.ps1 b/e2e/windows/upload-cse-logs.ps1
@@ -5,4 +5,4 @@ param(
     [string]$arg4
 )
 
-Invoke-WebRequest -UseBasicParsing https://aka.ms/downloadazcopy-v10-windows -OutFile azcopy.zip;expand-archive azcopy.zip;cd .\azcopy\*; $env:AZCOPY_AUTO_LOGIN_TYPE="MSI"; $env:AZCOPY_MSI_RESOURCE_STRING=$arg4; .\azcopy.exe copy "C:\azuredata\CustomDataSetupScript.log" "https://$arg1.blob.core.windows.net/$arg2/$arg3-cse.log"
+Invoke-WebRequest -UseBasicParsing https://aka.ms/downloadazcopy-v10-windows -OutFile azcopy.zip;expand-archive azcopy.zip;cd .\azcopy\*; $env:AZCOPY_AUTO_LOGIN_TYPE="MSI"; $env:AZCOPY_MSI_RESOURCE_STRING=$arg4; .\azcopy.exe copy "C:\azuredata\CustomDataSetupScript.log" "https://$arg1.blob.core.windows.net/$arg2/$arg3-cse.log"; .\azcopy.exe copy "C:\AzureData\provision.complete" "https://$arg1.blob.core.windows.net/$arg2/$arg3-provision.complete"
diff --git a/parts/linux/cloud-init/artifacts/ensure-no-dup.sh b/parts/linux/cloud-init/artifacts/ensure-no-dup.sh
@@ -35,11 +35,8 @@ if [[ -z "${bridgeIP}" ]]; then
     exit 1
 fi
 
-# cloud-controller-manager assigns the node pod CIDR, then kubelet/containerd put it in the conflist.
-# Parse the conflist to retrieve the pod CIDR (IPv4 is always the first item in `ranges`).
-# If the field we expect isn't there, jq returns "null", so treat that as a failure.
-podSubnetAddr=$(cat /etc/cni/net.d/10-containerd-net.conflist  | jq -r ".plugins[] | select(.type == \"bridge\") | .ipam.ranges[0][0].subnet")
-if [[ -z "${podSubnetAddr}" || "${podSubnetAddr}" == 'null' ]]; then
+podSubnetAddr=$(cat /etc/cni/net.d/10-containerd-net.conflist  | jq -r ".plugins[] | select(.type == \"bridge\") | .ipam.subnet")
+if [[ -z "${podSubnetAddr}" ]]; then
     echo "could not determine this node's pod ipam subnet range from 10-containerd-net.conflist...exiting early"
     exit 1
 fi
@@ -56,4 +53,4 @@ echo "outputting newly added AKS-DEDUP-PROMISC rules:"
 ebtables -t filter -L OUTPUT 2>/dev/null
 ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null
 exit 0
-#EOF
+#EOF
diff --git a/parts/windows/kuberneteswindowssetup.ps1 b/parts/windows/kuberneteswindowssetup.ps1
@@ -59,6 +59,10 @@ param(
     [ValidateNotNullOrEmpty()]
     $LogFile,
 
+    # C:\AzureData\provision.complete
+    # MUST keep generating this file when CSE is done and do not change the name
+    #  - It is used to avoid running CSE multiple times
+    #  - Some customers use this file to check if CSE is done
     [parameter(Mandatory=$true)]
     [ValidateNotNullOrEmpty()]
     $CSEResultFilePath,

diff --git a/pkg/agent/datamodel/linux_sig_version.json b/pkg/agent/datamodel/linux_sig_version.json
@@ -1,4 +1,4 @@
 {
     "ostype": "LinuxSIGImageVersion",
-    "version": "202403.13.0"
+    "version": "202403.19.0"
 }
diff --git a/pkg/agent/testdata/AKSUbuntu1604+Containerd/CustomData b/pkg/agent/testdata/AKSUbuntu1604+Containerd/CustomData
@@ -219,7 +219,7 @@ write_files:
   owner: root
   encoding: gzip
   content: !!binary |
-    H4sIAAAAAAAA/7yVX2/aPBTG7/MpnqZIhfeVE/q+vdkmNiHKpGqloP65olyY+EBcBTu1HTpW+O5TQtigTTc6ab0D5/g8j3/n+PjwIBxLFY65jT3Po7Hj44QsmMNEJo4M2DnaX67Yaff0ZsAGl/3e2VUH/30MBc1DlSWJJycYDlH7BEb3aGI0+gAXk/IAgKJYw3++32QJgSeGuFjAkvPX0V+lQ9ObyDLnAdgEIbkojJQMFblAhMdNFmnluFRkBMvXIq0mibSuSjlSEvl3OYXSDlmKBbkgCHIlqaYgbpLFlvhxLu6NjRRTuuAzatXqEXev8IAl7u7BDPwgTbKpVHY4whKWEopcPXCLlNBq4dZfa9z6DSwRrP/4DS81eiZt1NPiraS3FP1Gyd2vPW4tr3wctOA7k5FfxXidDrXHn9hWBW2pUKbJdGYx04J+gb6o+07h7cKGUcKtzc8e7uQPuRCGrH2Vnz2rX5b/bNCq1WWKXAk21g9PMi4xNZSCdTV8qcihPmyyd6N/boPG4/+r9W9/J6oqYIOcfcupb5RX+4MWmmxxupjPCVxBpvMTlHh+e9ZUi6tsrMi1hTBv1HEy5bPAcDUlO2yOhs1RYAsLT1jsWFv5WC6rVlstHOVT6Kjy9ussEQUcQY7MTCqCi2XOS9CRRaoFcjdYG0BhChOjZ3j51HtOj167s+G5Rx83PG9tmQuRZ34+McvJjCjmUvmVg/qiYltlYLsikKU4G8xPwOyPBuu1OyswjTm5+F8wJlNmTYStNgW7Q7vT6Q6u/4rObrFzsdPL/uAFqf7N9eDmunD0nEJJV2cuzVxRO0UPySK/JyQqNuTvk31fjfl8I7X9CP7Jw1mOvcNu/7P3PQAA//92JikohwcAAA==
+    H4sIAAAAAAAA/7yVX2/aPBTG7/MpnqZIL7yTE7r1ZpvYhCiTqpWC+ueKcmHiA3EV7NR26Fjhu08hYYM23eik9Q6c4/M753mOjg8PwrFU4Zjb2PM8Gjs+TsiCOUxk4siAnaH99ZKddE+uB2xw0e+dXnbw9lMoaB6qLEk8OcFwiNpnMLpDE6PRR7iYlAcAFMUa/tP7JksIPDHExQKWnF9Ef5MOTW8iy5wHYBOE5KIwUjJU5AIRHjVZpJXjUpERLD+LtJok0roqcqQk8u9yCqUdshQLckEQ5CSppiBuksUW/CiHe2MjxZTO+YxatXrE3QtqwBK3d2AGfpAm2VQqOxxhCUsJRa4euEVKaLVw4xeMG7+BJYLij9/wUqNn0kY9LV4LvUX0G6Xufu1h63jl46AF35mM/CqNi3SoPfySbbVWWyqUaTKdWcy0oN9Iv/Z9x3i7sGGUcGvz3sOd/CEXwpC1L6pnT/dL+08HrVpdpshJsLG+f5RxiamhFKyr4UtFDvVhk70f/X8TNB7erYrf/k5UVcBGcvY9V31DXu0vtNBk193FfE7gCjKdH6OU54+9plpcZmNFri2EeaWJkymfBXZNfdT+TjXVGkQ6S8S6X0GOzEwqgotlLoGg/yxSLZADUABguJoSJkbP8Hwjey6EXruzkWiP0Wx4XlEyFyLP/HQJlssWUcyl8it373nFtcrAdkUgS3E6mB+D2Z8z02t3VmAac3LxGzAmU2ZNhK3JA7tFu9PpDq7+CWfX4hx2ctEfPIPqX18Nrq/WFT1VoVRXZy7N3No7RffJIh99EhUX8ifHfqiW+WyD2n7X/uYtLDfZYbf/5UcAAAD//4wWzb9ZBwAA
 
 - path: /etc/systemd/system/teleportd.service
   permissions: "0644"

diff --git a/pkg/agent/testdata/AKSUbuntu1604+Containerd/line222.sh b/pkg/agent/testdata/AKSUbuntu1604+Containerd/line222.sh
@@ -30,8 +30,8 @@ if [[ -z "${bridgeIP}" ]]; then
     exit 1
 fi
 
-podSubnetAddr=$(cat /etc/cni/net.d/10-containerd-net.conflist  | jq -r ".plugins[] | select(.type == \"bridge\") | .ipam.ranges[0][0].subnet")
-if [[ -z "${podSubnetAddr}" || "${podSubnetAddr}" == 'null' ]]; then
+podSubnetAddr=$(cat /etc/cni/net.d/10-containerd-net.conflist  | jq -r ".plugins[] | select(.type == \"bridge\") | .ipam.subnet")
+if [[ -z "${podSubnetAddr}" ]]; then
     echo "could not determine this node's pod ipam subnet range from 10-containerd-net.conflist...exiting early"
     exit 1
 fi
@@ -48,4 +48,4 @@ echo "outputting newly added AKS-DEDUP-PROMISC rules:"
 ebtables -t filter -L OUTPUT 2>/dev/null
 ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null
 exit 0
-#EOF
+#EOF
diff --git a/pkg/agent/testdata/AKSUbuntu1604+CustomKubeletConfig+CustomLinuxOSConfig/CustomData b/pkg/agent/testdata/AKSUbuntu1604+CustomKubeletConfig+CustomLinuxOSConfig/CustomData
@@ -219,7 +219,7 @@ write_files:
   owner: root
   encoding: gzip
   content: !!binary |
-    H4sIAAAAAAAA/7yVX2/aPBTG7/MpnqZIhfeVE/q+vdkmNiHKpGqloP65olyY+EBcBTu1HTpW+O5TQtigTTc6ab0D5/g8j3/n+PjwIBxLFY65jT3Po7Hj44QsmMNEJo4M2DnaX67Yaff0ZsAGl/3e2VUH/30MBc1DlSWJJycYDlH7BEb3aGI0+gAXk/IAgKJYw3++32QJgSeGuFjAkvPX0V+lQ9ObyDLnAdgEIbkojJQMFblAhMdNFmnluFRkBMvXIq0mibSuSjlSEvl3OYXSDlmKBbkgCHIlqaYgbpLFlvhxLu6NjRRTuuAzatXqEXev8IAl7u7BDPwgTbKpVHY4whKWEopcPXCLlNBq4dZfa9z6DSwRrP/4DS81eiZt1NPiraS3FP1Gyd2vPW4tr3wctOA7k5FfxXidDrXHn9hWBW2pUKbJdGYx04J+gb6o+07h7cKGUcKtzc8e7uQPuRCGrH2Vnz2rX5b/bNCq1WWKXAk21g9PMi4xNZSCdTV8qcihPmyyd6N/boPG4/+r9W9/J6oqYIOcfcupb5RX+4MWmmxxupjPCVxBpvMTlHh+e9ZUi6tsrMi1hTBv1HEy5bPAcDUlO2yOhs1RYAsLT1jsWFv5WC6rVlstHOVT6Kjy9ussEQUcQY7MTCqCi2XOS9CRRaoFcjdYG0BhChOjZ3j51HtOj167s+G5Rx83PG9tmQuRZ34+McvJjCjmUvmVg/qiYltlYLsikKU4G8xPwOyPBuu1OyswjTm5+F8wJlNmTYStNgW7Q7vT6Q6u/4rObrFzsdPL/uAFqf7N9eDmunD0nEJJV2cuzVxRO0UPySK/JyQqNuTvk31fjfl8I7X9CP7Jw1mOvcNu/7P3PQAA//92JikohwcAAA==
+    H4sIAAAAAAAA/7yVX2/aPBTG7/MpnqZIL7yTE7r1ZpvYhCiTqpWC+ueKcmHiA3EV7NR26Fjhu08hYYM23eik9Q6c4/M753mOjg8PwrFU4Zjb2PM8Gjs+TsiCOUxk4siAnaH99ZKddE+uB2xw0e+dXnbw9lMoaB6qLEk8OcFwiNpnMLpDE6PRR7iYlAcAFMUa/tP7JksIPDHExQKWnF9Ef5MOTW8iy5wHYBOE5KIwUjJU5AIRHjVZpJXjUpERLD+LtJok0roqcqQk8u9yCqUdshQLckEQ5CSppiBuksUW/CiHe2MjxZTO+YxatXrE3QtqwBK3d2AGfpAm2VQqOxxhCUsJRa4euEVKaLVw4xeMG7+BJYLij9/wUqNn0kY9LV4LvUX0G6Xufu1h63jl46AF35mM/CqNi3SoPfySbbVWWyqUaTKdWcy0oN9Iv/Z9x3i7sGGUcGvz3sOd/CEXwpC1L6pnT/dL+08HrVpdpshJsLG+f5RxiamhFKyr4UtFDvVhk70f/X8TNB7erYrf/k5UVcBGcvY9V31DXu0vtNBk193FfE7gCjKdH6OU54+9plpcZmNFri2EeaWJkymfBXZNfdT+TjXVGkQ6S8S6X0GOzEwqgotlLoGg/yxSLZADUABguJoSJkbP8Hwjey6EXruzkWiP0Wx4XlEyFyLP/HQJlssWUcyl8it373nFtcrAdkUgS3E6mB+D2Z8z02t3VmAac3LxGzAmU2ZNhK3JA7tFu9PpDq7+CWfX4hx2ctEfPIPqX18Nrq/WFT1VoVRXZy7N3No7RffJIh99EhUX8ifHfqiW+WyD2n7X/uYtLDfZYbf/5UcAAAD//4wWzb9ZBwAA
 
 - path: /etc/systemd/system/teleportd.service
   permissions: "0644"

diff --git a/pkg/agent/testdata/AKSUbuntu1604+CustomKubeletConfig+CustomLinuxOSConfig/line222.sh b/pkg/agent/testdata/AKSUbuntu1604+CustomKubeletConfig+CustomLinuxOSConfig/line222.sh
@@ -30,8 +30,8 @@ if [[ -z "${bridgeIP}" ]]; then
     exit 1
 fi
 
-podSubnetAddr=$(cat /etc/cni/net.d/10-containerd-net.conflist  | jq -r ".plugins[] | select(.type == \"bridge\") | .ipam.ranges[0][0].subnet")
-if [[ -z "${podSubnetAddr}" || "${podSubnetAddr}" == 'null' ]]; then
+podSubnetAddr=$(cat /etc/cni/net.d/10-containerd-net.conflist  | jq -r ".plugins[] | select(.type == \"bridge\") | .ipam.subnet")
+if [[ -z "${podSubnetAddr}" ]]; then
     echo "could not determine this node's pod ipam subnet range from 10-containerd-net.conflist...exiting early"
     exit 1
 fi
@@ -48,4 +48,4 @@ echo "outputting newly added AKS-DEDUP-PROMISC rules:"
 ebtables -t filter -L OUTPUT 2>/dev/null
 ebtables -t filter -L AKS-DEDUP-PROMISC 2>/dev/null
 exit 0
-#EOF
+#EOF