-
Notifications
You must be signed in to change notification settings - Fork 257
feat: gate custom cloud cert pull on RCV 1P opt-in #7958
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Closed
Closed
Changes from all commits
Commits
Show all changes
29 commits
Select commit
Hold shift + click to select a range
fb84663
feat(linux): gate custom cloud cert pull on RCV 1P opt-in
6e3028a
feat(windows): add RCV 1P cert refresh flow with scheduled self-refresh
5d7ad45
fix: update testdata
fc0c4bf
feat: implement retry logic for HTTP requests in RCV 1P cert retrieval
5a533c4
feat: add directory creation for RCV1P certificates if it doesn't exist
4f547f8
fix: update testdata
d79f412
feat: enhance support for Mariner and Azure Linux by adding repo depo…
580ec6f
refactor: simplify initAKSCustomCloud logic for Azure Linux Distro an…
103e28a
refactor: remove deprecated AKS custom cloud initialization scripts
2f2318f
fix: align certificate handling for Mariner and Azure Linux with upda…
b1537ca
feat: add support for ACL Linux distribution in certificate handling …
8fbc105
fix: correct condition order for CA trust store initialization in ini…
0b0dc4c
feat: enhance certificate handling by adding action-based initializat…
5d11d85
fix: correct syntax for conditional statements in init-aks-custom-clo…
5b1ed0b
fix: update compressed content in CustomData for MarinerV2+CustomCloud
c0721b0
fix: improve certificate handling by using printf for better formatti…
11a298c
fix: correct syntax for conditional statements in init-aks-custom-clo…
4a0f82d
fix: clarify intentional typo in ResourceFileName comment in process_…
d4ec340
fix: simplify grep usage for checking root cert opt-in status
4a4ae08
fix: remove redundant comment about wireserver endpoint in init-aks-c…
2042159
fix: correct extension replacement for certificate filenames in init-…
5220a08
fix: update compressed content in CustomData for MarinerV2+CustomCloud
b6d79af
fix: remove conditional block for AKSCustomCloud in cse_cmd.sh
b5717b9
chore: update code structure and remove redundant changes
4fd7a72
chore: update code structure with empty code change placeholders
2b6a547
chore: consolidate multiple empty code change entries for cleaner his…
1c596d0
chore: consolidate empty code change entries for cleaner history
fc7494e
chore: remove redundant code changes sections from the changelog
7f58679
chore: remove redundant code changes and clean up repository
File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -16,10 +16,8 @@ else | |
| exit ${cloudInitExitCode}; | ||
| fi; | ||
| {{end}} | ||
| {{if IsAKSCustomCloud}} | ||
| REPO_DEPOT_ENDPOINT="{{AKSCustomCloudRepoDepotEndpoint}}" | ||
| {{GetInitAKSCustomCloudFilepath}} >> /var/log/azure/cluster-provision.log 2>&1; | ||
|
Comment on lines
19
to
20
|
||
| {{end}} | ||
| ADMINUSER={{GetParameter "linuxAdminUsername"}} | ||
| MOBY_VERSION={{GetParameter "mobyVersion"}} | ||
| TENANT_ID={{GetVariable "tenantID"}} | ||
|
|
||
186 changes: 0 additions & 186 deletions
186
parts/linux/cloud-init/artifacts/init-aks-custom-cloud-mariner.sh
This file was deleted.
Oops, something went wrong.
Oops, something went wrong.
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This template now always emits the custom-cloud RepoDepot endpoint and executes the custom-cloud init script, even when
.CustomCloudConfigis not present /getIsAksCustomCloudis false. That can cause non-custom-cloud nodes to run custom-cloud CA/repo initialization (or to attempt to execute an empty/nonexistent init script). Restore the conditional{{if getIsAksCustomCloud .CustomCloudConfig}} ... {{end}}around these two lines.