Merge branch 'main' into bsoghigian/e2e/nic-gc

Azure · Feb 15, 2025 · 513a708 · 513a708
2 parents 517e6a3 + 905201d
commit 513a708
Show file tree

Hide file tree

Showing 5 changed files with 33 additions and 29 deletions.
diff --git a/.devcontainer/Dockerfile b/.devcontainer/Dockerfile
@@ -1,20 +1,6 @@
-# See here for image contents: https://github.com/devcontainers/images/tree/main/src/go
-
-# [Choice] Go version (use -bullseye variants on local arm64/Apple Silicon): 1, 1.16, 1.17, 1-bullseye, 1.16-bullseye, 1.17-bullseye, 1-buster, 1.16-buster, 1.17-buster
-ARG VARIANT="1.23-bullseye"
-FROM mcr.microsoft.com/vscode/devcontainers/go:dev-${VARIANT}
+FROM mcr.microsoft.com/oss/go/microsoft/golang:1.23.6-bookworm@sha256:2d8c09c93157b49f2f8f0523d907620d022e6d354e670b60a83125067f0c8960
 
 # [Optional] Uncomment this section to install additional OS packages.
 # graphviz for pprof
 RUN apt-get update && export DEBIAN_FRONTEND=noninteractive \
     && apt-get -y install --no-install-recommends graphviz
-
-RUN curl -Lo skaffold https://storage.googleapis.com/skaffold/releases/v2.13.0/skaffold-linux-amd64 && \
-    install skaffold /usr/local/bin/
-
-# [Optional] Uncomment the next lines to use go get to install anything else you need
-USER vscode
-RUN go install github.com/google/pprof@latest
-
-# [Optional] Uncomment this line to install global node packages.
-# RUN su vscode -c "source /usr/local/share/nvm/nvm.sh && npm install -g <your-package-here>" 2>&1
diff --git a/.devcontainer/devcontainer.json b/.devcontainer/devcontainer.json
@@ -3,10 +3,7 @@
 {
 	"name": "Go-karpenter",
 	"build": {
-		"dockerfile": "Dockerfile",
-		"args": {
-			"VARIANT": "1.23-bullseye"
-		}
+		"dockerfile": "Dockerfile"
 	},
 	"runArgs": [ "--cap-add=SYS_PTRACE", "--security-opt", "seccomp=unconfined" ],
 
@@ -52,11 +49,31 @@
 	"remoteUser": "vscode",
 
 	"features": {
-        "ghcr.io/devcontainers/features/sshd:1": {},
-	"ghcr.io/devcontainers/features/docker-outside-of-docker:1": {},
-        "ghcr.io/devcontainers/features/kubectl-helm-minikube:1": {},
-        "ghcr.io/devcontainers/features/azure-cli:1": {},
-        "ghcr.io/devcontainers-contrib/features/pre-commit:2": {},
-        "ghcr.io/marcozac/devcontainer-features/shellcheck:1": {}
+		// https://github.com/devcontainers/images/blob/main/src/go/.devcontainer/devcontainer.json
+		"ghcr.io/devcontainers/features/common-utils:2": {
+			"installZsh": "true",
+			"username": "vscode",
+			"userUid": "1000",
+			"userGid": "1000",
+			"upgradePackages": "true"
+		},
+		"ghcr.io/devcontainers/features/go:1": {
+			"version": "none"
+		},
+		"ghcr.io/devcontainers/features/node:1": {
+			"version": "none"
+		},
+		"ghcr.io/devcontainers/features/git:1": {
+			"version": "latest",
+			"ppa": "false"
+		},
+		// custom
+		"ghcr.io/devcontainers/features/sshd:1": {},
+		"ghcr.io/devcontainers/features/docker-outside-of-docker:1": {},
+		"ghcr.io/devcontainers/features/kubectl-helm-minikube:1": {},
+		"ghcr.io/devcontainers/features/azure-cli:1": {},
+		"ghcr.io/devcontainers-contrib/features/pre-commit:2": {},
+		"ghcr.io/marcozac/devcontainer-features/shellcheck:1": {},
+		"ghcr.io/rio/features/skaffold:2": {}
 	}
 }
diff --git a/Makefile-az.mk b/Makefile-az.mk
@@ -143,7 +143,7 @@ az-perm-subnet-custom: az-perm ## Create role assignments to let Karpenter manag
 	$(eval VNET_SUBNET_ID=$(shell az aks show --name $(AZURE_CLUSTER_NAME) --resource-group $(AZURE_RESOURCE_GROUP) | jq -r ".agentPoolProfiles[0].vnetSubnetId"))
 	$(eval KARPENTER_USER_ASSIGNED_CLIENT_ID=$(shell az identity show --resource-group "${AZURE_RESOURCE_GROUP}" --name "${AZURE_KARPENTER_USER_ASSIGNED_IDENTITY_NAME}" --query 'principalId' -otsv))
 	$(eval SUBNET_RESOURCE_GROUP=$(shell az network vnet subnet show --id $(VNET_SUBNET_ID) | jq -r ".resourceGroup"))
-	az role assignment create --assignee $(KARPENTER_USER_ASSIGNED_CLIENT_ID) --scope /subscriptions/$(AZURE_SUBSCRIPTION_ID)/resourceGroups/$(SUBNET_RESOURCE_GROUP) --role "Network Contributor"
+	az role assignment create --assignee-object-id $(KARPENTER_USER_ASSIGNED_CLIENT_ID) --assignee-principal-type "ServicePrincipal" --scope /subscriptions/$(AZURE_SUBSCRIPTION_ID)/resourceGroups/$(SUBNET_RESOURCE_GROUP) --role "Network Contributor"
 
 az-perm-savm: ## Create role assignments to let Karpenter manage VMs and Network
 	# Note: savm has not been converted over to use a workload identity
@@ -157,7 +157,7 @@ az-perm-savm: ## Create role assignments to let Karpenter manage VMs and Network
 az-perm-acr:
 	$(eval KARPENTER_USER_ASSIGNED_CLIENT_ID=$(shell az identity show --resource-group "${AZURE_RESOURCE_GROUP}" --name "${AZURE_KARPENTER_USER_ASSIGNED_IDENTITY_NAME}" --query 'principalId' -otsv))
 	$(eval AZURE_ACR_ID=$(shell    az acr show --name $(AZURE_ACR_NAME)     --resource-group $(AZURE_RESOURCE_GROUP) | jq  -r ".id"))
-	az role assignment create --assignee $(KARPENTER_USER_ASSIGNED_CLIENT_ID) --scope $(AZURE_ACR_ID) --role "AcrPull"
+	az role assignment create --assignee-object-id $(KARPENTER_USER_ASSIGNED_CLIENT_ID) --assignee-principal-type "ServicePrincipal" --scope $(AZURE_ACR_ID) --role "AcrPull"
 
 az-aks-check-acr:
 	az aks check-acr --name $(AZURE_CLUSTER_NAME) --resource-group $(AZURE_RESOURCE_GROUP) --acr $(AZURE_ACR_NAME)

diff --git a/hack/deploy/create-cluster.sh b/hack/deploy/create-cluster.sh
@@ -26,13 +26,13 @@ az aks get-credentials --name "${CLUSTER_NAME}" --resource-group "${RG}" --overw
 echo "Creating federated credential linked to the Karpenter service account ..."
 az identity federated-credential create --name KARPENTER_FID --identity-name karpentermsi --resource-group "${RG}" \
   --issuer "$(jq -r ".oidcIssuerProfile.issuerUrl" <<< "$AKS_JSON")" \
-  --subject system:serviceaccount:${KARPENTER_NAMESPACE}:karpenter-sa \
+  --subject "system:serviceaccount:${KARPENTER_NAMESPACE}:karpenter-sa" \
   --audience api://AzureADTokenExchange
 
 echo "Creating role assignments to let Karpenter manage VMs and Network resources ..."
 KARPENTER_USER_ASSIGNED_CLIENT_ID=$(jq -r '.principalId' <<< "$KMSI_JSON")
 RG_MC=$(jq -r ".nodeResourceGroup" <<< "$AKS_JSON")
 RG_MC_RES=$(az group show --name "${RG_MC}" --query "id" -otsv)
 for role in "Virtual Machine Contributor" "Network Contributor" "Managed Identity Operator"; do
-  az role assignment create --assignee "${KARPENTER_USER_ASSIGNED_CLIENT_ID}" --scope "${RG_MC_RES}" --role "$role"
+  az role assignment create --assignee-object-id "${KARPENTER_USER_ASSIGNED_CLIENT_ID}" --assignee-principal-type "ServicePrincipal" --scope "${RG_MC_RES}" --role "$role"
 done
diff --git a/hack/toolchain.sh b/hack/toolchain.sh
@@ -26,6 +26,7 @@ tools() {
     go install github.com/google/go-containerregistry/cmd/[email protected]
     go install github.com/go-swagger/go-swagger/cmd/[email protected]
     go install github.com/Azure/aks-node-viewer/cmd/aks-node-viewer@latest
+    go install github.com/google/pprof@latest
 
     if ! echo "$PATH" | grep -q "${GOPATH:-undefined}/bin\|$HOME/go/bin"; then
         echo "Go workspace's \"bin\" directory is not in PATH. Run 'export PATH=\"\$PATH:\${GOPATH:-\$HOME/go}/bin\"'."