diff --git a/.devcontainer/Dockerfile b/.devcontainer/Dockerfile index a0308ace4..fc8e07e18 100644 --- a/.devcontainer/Dockerfile +++ b/.devcontainer/Dockerfile @@ -1,20 +1,6 @@ -# See here for image contents: https://github.com/devcontainers/images/tree/main/src/go - -# [Choice] Go version (use -bullseye variants on local arm64/Apple Silicon): 1, 1.16, 1.17, 1-bullseye, 1.16-bullseye, 1.17-bullseye, 1-buster, 1.16-buster, 1.17-buster -ARG VARIANT="1.23-bullseye" -FROM mcr.microsoft.com/vscode/devcontainers/go:dev-${VARIANT} +FROM mcr.microsoft.com/oss/go/microsoft/golang:1.23.6-bookworm@sha256:2d8c09c93157b49f2f8f0523d907620d022e6d354e670b60a83125067f0c8960 # [Optional] Uncomment this section to install additional OS packages. # graphviz for pprof RUN apt-get update && export DEBIAN_FRONTEND=noninteractive \ && apt-get -y install --no-install-recommends graphviz - -RUN curl -Lo skaffold https://storage.googleapis.com/skaffold/releases/v2.13.0/skaffold-linux-amd64 && \ - install skaffold /usr/local/bin/ - -# [Optional] Uncomment the next lines to use go get to install anything else you need -USER vscode -RUN go install github.com/google/pprof@latest - -# [Optional] Uncomment this line to install global node packages. -# RUN su vscode -c "source /usr/local/share/nvm/nvm.sh && npm install -g " 2>&1 diff --git a/.devcontainer/devcontainer.json b/.devcontainer/devcontainer.json index 97e2e0e73..b4e942c9b 100644 --- a/.devcontainer/devcontainer.json +++ b/.devcontainer/devcontainer.json @@ -3,10 +3,7 @@ { "name": "Go-karpenter", "build": { - "dockerfile": "Dockerfile", - "args": { - "VARIANT": "1.23-bullseye" - } + "dockerfile": "Dockerfile" }, "runArgs": [ "--cap-add=SYS_PTRACE", "--security-opt", "seccomp=unconfined" ], @@ -52,11 +49,31 @@ "remoteUser": "vscode", "features": { - "ghcr.io/devcontainers/features/sshd:1": {}, - "ghcr.io/devcontainers/features/docker-outside-of-docker:1": {}, - "ghcr.io/devcontainers/features/kubectl-helm-minikube:1": {}, - "ghcr.io/devcontainers/features/azure-cli:1": {}, - "ghcr.io/devcontainers-contrib/features/pre-commit:2": {}, - "ghcr.io/marcozac/devcontainer-features/shellcheck:1": {} + // https://github.com/devcontainers/images/blob/main/src/go/.devcontainer/devcontainer.json + "ghcr.io/devcontainers/features/common-utils:2": { + "installZsh": "true", + "username": "vscode", + "userUid": "1000", + "userGid": "1000", + "upgradePackages": "true" + }, + "ghcr.io/devcontainers/features/go:1": { + "version": "none" + }, + "ghcr.io/devcontainers/features/node:1": { + "version": "none" + }, + "ghcr.io/devcontainers/features/git:1": { + "version": "latest", + "ppa": "false" + }, + // custom + "ghcr.io/devcontainers/features/sshd:1": {}, + "ghcr.io/devcontainers/features/docker-outside-of-docker:1": {}, + "ghcr.io/devcontainers/features/kubectl-helm-minikube:1": {}, + "ghcr.io/devcontainers/features/azure-cli:1": {}, + "ghcr.io/devcontainers-contrib/features/pre-commit:2": {}, + "ghcr.io/marcozac/devcontainer-features/shellcheck:1": {}, + "ghcr.io/rio/features/skaffold:2": {} } } diff --git a/Makefile-az.mk b/Makefile-az.mk index e2469ac21..a218ed35d 100755 --- a/Makefile-az.mk +++ b/Makefile-az.mk @@ -143,7 +143,7 @@ az-perm-subnet-custom: az-perm ## Create role assignments to let Karpenter manag $(eval VNET_SUBNET_ID=$(shell az aks show --name $(AZURE_CLUSTER_NAME) --resource-group $(AZURE_RESOURCE_GROUP) | jq -r ".agentPoolProfiles[0].vnetSubnetId")) $(eval KARPENTER_USER_ASSIGNED_CLIENT_ID=$(shell az identity show --resource-group "${AZURE_RESOURCE_GROUP}" --name "${AZURE_KARPENTER_USER_ASSIGNED_IDENTITY_NAME}" --query 'principalId' -otsv)) $(eval SUBNET_RESOURCE_GROUP=$(shell az network vnet subnet show --id $(VNET_SUBNET_ID) | jq -r ".resourceGroup")) - az role assignment create --assignee $(KARPENTER_USER_ASSIGNED_CLIENT_ID) --scope /subscriptions/$(AZURE_SUBSCRIPTION_ID)/resourceGroups/$(SUBNET_RESOURCE_GROUP) --role "Network Contributor" + az role assignment create --assignee-object-id $(KARPENTER_USER_ASSIGNED_CLIENT_ID) --assignee-principal-type "ServicePrincipal" --scope /subscriptions/$(AZURE_SUBSCRIPTION_ID)/resourceGroups/$(SUBNET_RESOURCE_GROUP) --role "Network Contributor" az-perm-savm: ## Create role assignments to let Karpenter manage VMs and Network # Note: savm has not been converted over to use a workload identity @@ -157,7 +157,7 @@ az-perm-savm: ## Create role assignments to let Karpenter manage VMs and Network az-perm-acr: $(eval KARPENTER_USER_ASSIGNED_CLIENT_ID=$(shell az identity show --resource-group "${AZURE_RESOURCE_GROUP}" --name "${AZURE_KARPENTER_USER_ASSIGNED_IDENTITY_NAME}" --query 'principalId' -otsv)) $(eval AZURE_ACR_ID=$(shell az acr show --name $(AZURE_ACR_NAME) --resource-group $(AZURE_RESOURCE_GROUP) | jq -r ".id")) - az role assignment create --assignee $(KARPENTER_USER_ASSIGNED_CLIENT_ID) --scope $(AZURE_ACR_ID) --role "AcrPull" + az role assignment create --assignee-object-id $(KARPENTER_USER_ASSIGNED_CLIENT_ID) --assignee-principal-type "ServicePrincipal" --scope $(AZURE_ACR_ID) --role "AcrPull" az-aks-check-acr: az aks check-acr --name $(AZURE_CLUSTER_NAME) --resource-group $(AZURE_RESOURCE_GROUP) --acr $(AZURE_ACR_NAME) diff --git a/hack/deploy/create-cluster.sh b/hack/deploy/create-cluster.sh index 69764fa47..a95efbcdc 100755 --- a/hack/deploy/create-cluster.sh +++ b/hack/deploy/create-cluster.sh @@ -26,7 +26,7 @@ az aks get-credentials --name "${CLUSTER_NAME}" --resource-group "${RG}" --overw echo "Creating federated credential linked to the Karpenter service account ..." az identity federated-credential create --name KARPENTER_FID --identity-name karpentermsi --resource-group "${RG}" \ --issuer "$(jq -r ".oidcIssuerProfile.issuerUrl" <<< "$AKS_JSON")" \ - --subject system:serviceaccount:${KARPENTER_NAMESPACE}:karpenter-sa \ + --subject "system:serviceaccount:${KARPENTER_NAMESPACE}:karpenter-sa" \ --audience api://AzureADTokenExchange echo "Creating role assignments to let Karpenter manage VMs and Network resources ..." @@ -34,5 +34,5 @@ KARPENTER_USER_ASSIGNED_CLIENT_ID=$(jq -r '.principalId' <<< "$KMSI_JSON") RG_MC=$(jq -r ".nodeResourceGroup" <<< "$AKS_JSON") RG_MC_RES=$(az group show --name "${RG_MC}" --query "id" -otsv) for role in "Virtual Machine Contributor" "Network Contributor" "Managed Identity Operator"; do - az role assignment create --assignee "${KARPENTER_USER_ASSIGNED_CLIENT_ID}" --scope "${RG_MC_RES}" --role "$role" + az role assignment create --assignee-object-id "${KARPENTER_USER_ASSIGNED_CLIENT_ID}" --assignee-principal-type "ServicePrincipal" --scope "${RG_MC_RES}" --role "$role" done diff --git a/hack/toolchain.sh b/hack/toolchain.sh index 6247bec81..a39f17107 100755 --- a/hack/toolchain.sh +++ b/hack/toolchain.sh @@ -26,6 +26,7 @@ tools() { go install github.com/google/go-containerregistry/cmd/crane@v0.20.2 go install github.com/go-swagger/go-swagger/cmd/swagger@v0.31.0 go install github.com/Azure/aks-node-viewer/cmd/aks-node-viewer@latest + go install github.com/google/pprof@latest if ! echo "$PATH" | grep -q "${GOPATH:-undefined}/bin\|$HOME/go/bin"; then echo "Go workspace's \"bin\" directory is not in PATH. Run 'export PATH=\"\$PATH:\${GOPATH:-\$HOME/go}/bin\"'."