-
Notifications
You must be signed in to change notification settings - Fork 253
Expand file tree
/
Copy pathparser.go
More file actions
207 lines (198 loc) · 16.6 KB
/
parser.go
File metadata and controls
207 lines (198 loc) · 16.6 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
package parser
import (
"bytes"
"context"
_ "embed"
"fmt"
"os"
"os/exec"
"sort"
"strings"
"text/template"
aksnodeconfigv1 "github.com/Azure/agentbaker/aks-node-controller/pkg/gen/aksnodeconfig/v1"
)
var (
//go:embed templates/cse_cmd.sh.gtpl
bootstrapTrigger string
bootstrapTriggerTemplate = template.Must(template.New("triggerBootstrapScript").Funcs(getFuncMap()).Parse(bootstrapTrigger)) //nolint:gochecknoglobals
)
func executeBootstrapTemplate(inputContract *aksnodeconfigv1.Configuration) (string, error) {
var buffer bytes.Buffer
if err := bootstrapTriggerTemplate.Execute(&buffer, inputContract); err != nil {
return "", err
}
return buffer.String(), nil
}
//nolint:funlen
func getCSEEnv(config *aksnodeconfigv1.Configuration) map[string]string {
env := map[string]string{
"PROVISION_OUTPUT": "/var/log/azure/cluster-provision.log",
"MOBY_VERSION": "",
"CLOUDPROVIDER_BACKOFF": "true",
"CLOUDPROVIDER_BACKOFF_MODE": "v2",
"CLOUDPROVIDER_BACKOFF_RETRIES": "6",
"CLOUDPROVIDER_BACKOFF_EXPONENT": "0",
"CLOUDPROVIDER_BACKOFF_DURATION": "5",
"CLOUDPROVIDER_BACKOFF_JITTER": "0",
"CLOUDPROVIDER_RATELIMIT": "true",
"CLOUDPROVIDER_RATELIMIT_QPS": "10",
"CLOUDPROVIDER_RATELIMIT_QPS_WRITE": "10",
"CLOUDPROVIDER_RATELIMIT_BUCKET": "100",
"CLOUDPROVIDER_RATELIMIT_BUCKET_WRITE": "100",
"CONTAINER_RUNTIME": "containerd",
"CLI_TOOL": "ctr",
"NETWORK_MODE": "transparent",
"NEEDS_CONTAINERD": "true",
"NEEDS_DOCKER_LOGIN": "false",
"ADMINUSER": getLinuxAdminUsername(config.GetLinuxAdminUsername()),
"TENANT_ID": config.GetAuthConfig().GetTenantId(),
"KUBERNETES_VERSION": config.GetKubernetesVersion(),
"KUBE_BINARY_URL": config.GetKubeBinaryConfig().GetKubeBinaryUrl(),
"CUSTOM_KUBE_BINARY_URL": config.GetKubeBinaryConfig().GetCustomKubeBinaryUrl(),
"PRIVATE_KUBE_BINARY_URL": config.GetKubeBinaryConfig().GetPrivateKubeBinaryUrl(),
"KUBEPROXY_URL": config.GetKubeProxyUrl(),
"APISERVER_PUBLIC_KEY": config.GetApiServerConfig().GetApiServerPublicKey(),
"SUBSCRIPTION_ID": config.GetAuthConfig().GetSubscriptionId(),
"RESOURCE_GROUP": config.GetClusterConfig().GetResourceGroup(),
"LOCATION": config.GetClusterConfig().GetLocation(),
"VM_TYPE": getStringFromVMType(config.GetClusterConfig().GetVmType()),
"SUBNET": config.GetClusterConfig().GetClusterNetworkConfig().GetSubnet(),
"NETWORK_SECURITY_GROUP": config.GetClusterConfig().GetClusterNetworkConfig().GetSecurityGroupName(),
"VIRTUAL_NETWORK": config.GetClusterConfig().GetClusterNetworkConfig().GetVnetName(),
"VIRTUAL_NETWORK_RESOURCE_GROUP": config.GetClusterConfig().GetClusterNetworkConfig().GetVnetResourceGroup(),
"ROUTE_TABLE": config.GetClusterConfig().GetClusterNetworkConfig().GetRouteTable(),
"PRIMARY_AVAILABILITY_SET": config.GetClusterConfig().GetPrimaryAvailabilitySet(),
"PRIMARY_SCALE_SET": config.GetClusterConfig().GetPrimaryScaleSet(),
"SERVICE_PRINCIPAL_CLIENT_ID": config.GetAuthConfig().GetServicePrincipalId(),
"NETWORK_PLUGIN": getStringFromNetworkPluginType(config.GetNetworkConfig().GetNetworkPlugin()),
"VNET_CNI_PLUGINS_URL": config.GetNetworkConfig().GetVnetCniPluginsUrl(),
"LOAD_BALANCER_DISABLE_OUTBOUND_SNAT": fmt.Sprintf("%v", config.GetClusterConfig().GetLoadBalancerConfig().GetDisableOutboundSnat()),
"USE_MANAGED_IDENTITY_EXTENSION": fmt.Sprintf("%v", config.GetAuthConfig().GetUseManagedIdentityExtension()),
"USE_INSTANCE_METADATA": fmt.Sprintf("%v", config.GetClusterConfig().GetUseInstanceMetadata()),
"LOAD_BALANCER_SKU": getStringFromLoadBalancerSkuType(config.GetClusterConfig().GetLoadBalancerConfig().GetLoadBalancerSku()),
"EXCLUDE_MASTER_FROM_STANDARD_LB": fmt.Sprintf("%v", getExcludeMasterFromStandardLB(config.GetClusterConfig().GetLoadBalancerConfig())),
"MAXIMUM_LOADBALANCER_RULE_COUNT": fmt.Sprintf("%v", getMaxLBRuleCount(config.GetClusterConfig().GetLoadBalancerConfig())),
"CONTAINERD_DOWNLOAD_URL_BASE": config.GetContainerdConfig().GetContainerdDownloadUrlBase(),
"USER_ASSIGNED_IDENTITY_ID": config.GetAuthConfig().GetAssignedIdentityId(),
"API_SERVER_NAME": config.GetApiServerConfig().GetApiServerName(),
"IS_VHD": fmt.Sprintf("%v", getIsVHD(config.IsVhd)),
"GPU_NODE": fmt.Sprintf("%v", getEnableNvidia(config)),
"SGX_NODE": fmt.Sprintf("%v", getIsSgxEnabledSKU(config.GetVmSize())),
"MIG_NODE": fmt.Sprintf("%v", getIsMIGNode(config.GetGpuConfig().GetGpuInstanceProfile())),
"CONFIG_GPU_DRIVER_IF_NEEDED": fmt.Sprintf("%v", config.GetGpuConfig().GetConfigGpuDriver()),
"ENABLE_GPU_DEVICE_PLUGIN_IF_NEEDED": fmt.Sprintf("%v", config.GetGpuConfig().GetGpuDevicePlugin()),
"TELEPORTD_PLUGIN_DOWNLOAD_URL": config.GetTeleportConfig().GetTeleportdPluginDownloadUrl(),
"CREDENTIAL_PROVIDER_DOWNLOAD_URL": config.GetKubeBinaryConfig().GetLinuxCredentialProviderUrl(),
"CONTAINERD_VERSION": config.GetContainerdConfig().GetContainerdVersion(),
"CONTAINERD_PACKAGE_URL": config.GetContainerdConfig().GetContainerdPackageUrl(),
"RUNC_VERSION": config.GetRuncConfig().GetRuncVersion(),
"RUNC_PACKAGE_URL": config.GetRuncConfig().GetRuncPackageUrl(),
"ENABLE_HOSTS_CONFIG_AGENT": fmt.Sprintf("%v", config.GetEnableHostsConfigAgent()),
"DISABLE_SSH": fmt.Sprintf("%v", getDisableSSH(config)),
"TELEPORT_ENABLED": fmt.Sprintf("%v", config.GetTeleportConfig().GetStatus()),
"SHOULD_CONFIGURE_HTTP_PROXY": fmt.Sprintf("%v", getShouldConfigureHTTPProxy(config.GetHttpProxyConfig())),
"SHOULD_CONFIGURE_HTTP_PROXY_CA": fmt.Sprintf("%v", getShouldConfigureHTTPProxyCA(config.GetHttpProxyConfig())),
"HTTP_PROXY_TRUSTED_CA": removeNewlines(config.GetHttpProxyConfig().GetProxyTrustedCa()),
"SHOULD_CONFIGURE_CUSTOM_CA_TRUST": fmt.Sprintf("%v", getCustomCACertsStatus(config.GetCustomCaCerts())),
"CUSTOM_CA_TRUST_COUNT": fmt.Sprintf("%v", len(config.GetCustomCaCerts())),
"GPU_NEEDS_FABRIC_MANAGER": fmt.Sprintf("%v", getGPUNeedsFabricManager(config.GetVmSize())),
"IPV6_DUAL_STACK_ENABLED": fmt.Sprintf("%v", config.GetIpv6DualStackEnabled()),
"OUTBOUND_COMMAND": config.GetOutboundCommand(),
"ENABLE_UNATTENDED_UPGRADES": fmt.Sprintf("%v", config.GetEnableUnattendedUpgrade()),
"ENSURE_NO_DUPE_PROMISCUOUS_BRIDGE": fmt.Sprintf("%v", getEnsureNoDupePromiscuousBridge(config.GetNetworkConfig())),
"SHOULD_CONFIG_SWAP_FILE": fmt.Sprintf("%v", getEnableSwapConfig(config.GetCustomLinuxOsConfig())),
"SHOULD_CONFIG_TRANSPARENT_HUGE_PAGE": fmt.Sprintf("%v", getShouldConfigTransparentHugePage(config.GetCustomLinuxOsConfig())),
"SHOULD_CONFIG_CONTAINERD_ULIMITS": fmt.Sprintf("%v", getShouldConfigContainerdUlimits(config.GetCustomLinuxOsConfig().GetUlimitConfig())),
"CONTAINERD_ULIMITS": getUlimitContent(config.GetCustomLinuxOsConfig().GetUlimitConfig()),
"TARGET_CLOUD": getTargetCloud(config),
"TARGET_ENVIRONMENT": getTargetEnvironment(config),
"CUSTOM_ENV_JSON": config.GetCustomCloudConfig().GetCustomEnvJsonContent(),
"IS_CUSTOM_CLOUD": fmt.Sprintf("%v", getIsAksCustomCloud(config.GetCustomCloudConfig())),
"AKS_CUSTOM_CLOUD_CONTAINER_REGISTRY_DNS_SUFFIX": config.GetCustomCloudConfig().GetContainerRegistryDnsSuffix(),
"CSE_HELPERS_FILEPATH": getCSEHelpersFilepath(),
"CSE_DISTRO_HELPERS_FILEPATH": getCSEDistroHelpersFilepath(),
"CSE_INSTALL_FILEPATH": getCSEInstallFilepath(),
"CSE_DISTRO_INSTALL_FILEPATH": getCSEDistroInstallFilepath(),
"CSE_CONFIG_FILEPATH": getCSEConfigFilepath(),
"AZURE_PRIVATE_REGISTRY_SERVER": config.GetAzurePrivateRegistryServer(),
"HAS_CUSTOM_SEARCH_DOMAIN": fmt.Sprintf("%v", getHasSearchDomain(config.GetCustomSearchDomainConfig())),
"CUSTOM_SEARCH_DOMAIN_FILEPATH": getCustomSearchDomainFilepath(),
"HTTP_PROXY_URLS": config.GetHttpProxyConfig().GetHttpProxy(),
"HTTPS_PROXY_URLS": config.GetHttpProxyConfig().GetHttpsProxy(),
"NO_PROXY_URLS": getStringifiedStringArray(config.GetHttpProxyConfig().GetNoProxyEntries(), ","),
"PROXY_VARS": getProxyVariables(config.GetHttpProxyConfig()),
"TLS_BOOTSTRAP_TOKEN": config.GetBootstrappingConfig().GetTlsBootstrappingToken(),
"ENABLE_SECURE_TLS_BOOTSTRAPPING": fmt.Sprintf("%v", getEnableSecureTLSBootstrapping(config.GetBootstrappingConfig())),
"SECURE_TLS_BOOTSTRAPPING_DEADLINE": config.GetBootstrappingConfig().GetSecureTlsBootstrappingDeadline(),
"SECURE_TLS_BOOTSTRAPPING_AAD_RESOURCE": config.GetBootstrappingConfig().GetSecureTlsBootstrappingAadResource(),
"SECURE_TLS_BOOTSTRAPPING_USER_ASSIGNED_IDENTITY_ID": config.GetBootstrappingConfig().GetSecureTlsBootstrappingUserAssignedIdentityId(),
"CUSTOM_SECURE_TLS_BOOTSTRAPPING_CLIENT_URL": config.GetBootstrappingConfig().GetSecureTlsBootstrappingCustomClientDownloadUrl(),
"ENABLE_KUBELET_SERVING_CERTIFICATE_ROTATION": fmt.Sprintf("%v", config.GetKubeletConfig().GetKubeletConfigFileConfig().GetServerTlsBootstrap()),
"DHCPV6_SERVICE_FILEPATH": getDHCPV6ServiceFilepath(),
"DHCPV6_CONFIG_FILEPATH": getDHCPV6ConfigFilepath(),
"THP_ENABLED": config.GetCustomLinuxOsConfig().GetTransparentHugepageSupport(),
"THP_DEFRAG": config.GetCustomLinuxOsConfig().GetTransparentDefrag(),
"SERVICE_PRINCIPAL_FILE_CONTENT": getServicePrincipalFileContent(config.AuthConfig),
"KUBELET_CLIENT_CONTENT": config.GetKubeletConfig().GetKubeletClientKey(),
"KUBELET_CLIENT_CERT_CONTENT": config.GetKubeletConfig().GetKubeletClientCertContent(),
"KUBELET_CONFIG_FILE_ENABLED": fmt.Sprintf("%v", config.GetKubeletConfig().GetEnableKubeletConfigFile()),
"KUBELET_CONFIG_FILE_CONTENT": getKubeletConfigFileContentBase64(config.GetKubeletConfig()),
"SWAP_FILE_SIZE_MB": fmt.Sprintf("%v", config.GetCustomLinuxOsConfig().GetSwapFileSize()),
"GPU_DRIVER_VERSION": getGpuDriverVersion(config.GetVmSize()),
"GPU_IMAGE_SHA": getGpuImageSha(config.GetVmSize()),
"GPU_INSTANCE_PROFILE": config.GetGpuConfig().GetGpuInstanceProfile(),
"GPU_DRIVER_TYPE": getGpuDriverType(config.GetVmSize()),
"CUSTOM_SEARCH_DOMAIN_NAME": config.GetCustomSearchDomainConfig().GetDomainName(),
"CUSTOM_SEARCH_REALM_USER": config.GetCustomSearchDomainConfig().GetRealmUser(),
"CUSTOM_SEARCH_REALM_PASSWORD": config.GetCustomSearchDomainConfig().GetRealmPassword(),
"MESSAGE_OF_THE_DAY": config.GetMessageOfTheDay(),
"HAS_KUBELET_DISK_TYPE": fmt.Sprintf("%v", getHasKubeletDiskType(config.GetKubeletConfig())),
"NEEDS_CGROUPV2": fmt.Sprintf("%v", config.GetNeedsCgroupv2()),
"KUBELET_FLAGS": getKubeletFlags(config.GetKubeletConfig()),
"NETWORK_POLICY": getStringFromNetworkPolicyType(config.GetNetworkConfig().GetNetworkPolicy()),
"KUBELET_NODE_LABELS": createSortedKeyValuePairs(config.GetKubeletConfig().GetKubeletNodeLabels(), ","),
"AZURE_ENVIRONMENT_FILEPATH": getAzureEnvironmentFilepath(config),
"KUBE_CA_CRT": config.GetKubernetesCaCert(),
"KUBENET_TEMPLATE": getKubenetTemplate(),
"CONTAINERD_CONFIG_CONTENT": getContainerdConfigBase64(config),
"CONTAINERD_CONFIG_NO_GPU_CONTENT": getNoGPUContainerdConfigBase64(config),
"IS_KATA": fmt.Sprintf("%v", config.GetIsKata()),
"ARTIFACT_STREAMING_ENABLED": fmt.Sprintf("%v", config.GetEnableArtifactStreaming()),
"SYSCTL_CONTENT": getSysctlContent(config.GetCustomLinuxOsConfig().GetSysctlConfig()),
"PRIVATE_EGRESS_PROXY_ADDRESS": config.GetPrivateEgressProxyAddress(),
"BOOTSTRAP_PROFILE_CONTAINER_REGISTRY_SERVER": config.GetBootstrapProfileContainerRegistryServer(),
"ENABLE_IMDS_RESTRICTION": fmt.Sprintf("%v", config.GetImdsRestrictionConfig().GetEnableImdsRestriction()),
"INSERT_IMDS_RESTRICTION_RULE_TO_MANGLE_TABLE": fmt.Sprintf("%v", config.GetImdsRestrictionConfig().GetInsertImdsRestrictionRuleToMangleTable()),
"PRE_PROVISION_ONLY": fmt.Sprintf("%v", config.GetPreProvisionOnly()),
"SHOULD_ENABLE_LOCALDNS": shouldEnableLocalDns(config),
"LOCALDNS_CPU_LIMIT": getLocalDnsCpuLimitInPercentage(config),
"LOCALDNS_MEMORY_LIMIT": getLocalDnsMemoryLimitInMb(config),
"LOCALDNS_GENERATED_COREFILE": getLocalDnsCorefileBase64(config),
"DISABLE_PUBKEY_AUTH": fmt.Sprintf("%v", config.GetDisablePubkeyAuth()),
}
for i, cert := range config.CustomCaCerts {
env[fmt.Sprintf("CUSTOM_CA_CERT_%d", i)] = removeNewlines(cert)
}
return env
}
func mapToEnviron(input map[string]string) []string {
var env []string
for k, v := range input {
env = append(env, fmt.Sprintf("%s=%s", k, v))
}
sort.Strings(env) // produce deterministic output
return env
}
func BuildCSECmd(ctx context.Context, config *aksnodeconfigv1.Configuration) (*exec.Cmd, error) {
triggerBootstrapScript, err := executeBootstrapTemplate(config)
if err != nil {
return nil, fmt.Errorf("failed to execute the template: %w", err)
}
// Convert to one-liner
triggerBootstrapScript = strings.ReplaceAll(triggerBootstrapScript, "\n", " ")
cmd := exec.CommandContext(ctx, "/bin/bash", "-c", triggerBootstrapScript)
env := mapToEnviron(getCSEEnv(config))
cmd.Env = append(os.Environ(), env...) // append existing environment variables
sort.Strings(cmd.Env)
return cmd, nil
}