Skip to content

chore: add agentbaker artifact streaming combo e2es #8332

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
mxj220 wants to merge 22 commits into
base: main
Choose a base branch
from
+155 −0
Open

chore: add agentbaker artifact streaming combo e2es #8332

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
22 commits
Select commit Hold shift + click to select a range
803ebcb
chore: add agentbaker artifact streaming combo e2es
mxj220 Apr 20, 2026
6435b97
copy encryption in e2e image replication
mxj220 Apr 20, 2026
33a0aa5
nonpersistedtpm for cvm
mxj220 Apr 20, 2026
1b9462b
remove kata
mxj220 Apr 20, 2026
0c80ae6
fix cvm
mxj220 Apr 20, 2026
593fec2
fix cvm
mxj220 Apr 20, 2026
828af28
fix cvm current region
mxj220 Apr 21, 2026
8f0ff2e
fix cvm current region
mxj220 Apr 21, 2026
55495da
log cvm encryption type
mxj220 Apr 21, 2026
58efe01
copy encryption in e2e image replication
mxj220 Apr 21, 2026
1ad888f
fix conflict
mxj220 Apr 21, 2026
bcd7a6e
try ubuntu
mxj220 Apr 21, 2026
aabcb64
ubuntu log dump
mxj220 Apr 21, 2026
d4637c2
remove cvm
mxj220 Apr 21, 2026
0a37730
test only kata no AS
mxj220 Apr 21, 2026
f9d47ee
test only kata no AS, fix disk
mxj220 Apr 21, 2026
76cfb46
restore kata to kata+AS e2e
mxj220 Apr 22, 2026
4144341
moved kata e2es to Harsha's branch
mxj220 Apr 22, 2026
870dc65
fix: resolve merge conflicts with main
Copilot Apr 23, 2026
c1a6fc9
add network isolated cluster tests
mxj220 Apr 23, 2026
126b847
cleanup pr
mxj220 Apr 23, 2026
6f87ce3
remove netiso
mxj220 Apr 24, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
7 changes: 7 additions & 0 deletions e2e/config/vhd.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -60,6 +60,13 @@ var (
Distro: datamodel.AKSUbuntuContainerd2204Gen2,
Gallery: imageGalleryLinux,
}
VHDUbuntu2204Gen2TLContainerd = &Image{
Name: "2204gen2TLcontainerd",
OS: OSUbuntu,
Arch: "amd64",
Distro: datamodel.AKSUbuntuContainerd2204TLGen2,
Gallery: imageGalleryLinux,
}
VHDUbuntu2004FIPSContainerd = &Image{
Name: "2004fipscontainerd",
OS: OSUbuntu,
Expand Down
148 changes: 148 additions & 0 deletions e2e/scenario_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1350,6 +1350,154 @@ func Test_Ubuntu2404_ArtifactStreaming_ARM64_Scriptless(t *testing.T) {
})
}

func Test_Ubuntu2204_ArtifactStreaming_TrustedLaunch(t *testing.T) {
RunScenario(t, &Scenario{
Description: "tests that a new ubuntu 2204 node using artifact streaming with trusted launch can be properly bootstrapped",
Config: Config{
Comment thread
mxj220 marked this conversation as resolved.
Cluster: ClusterKubenet,
VHD: config.VHDUbuntu2204Gen2TLContainerd,
BootstrapConfigMutator: func(nbc *datamodel.NodeBootstrappingConfiguration) {
Comment thread
mxj220 marked this conversation as resolved.
Comment thread
mxj220 marked this conversation as resolved.
nbc.EnableArtifactStreaming = true
},
VMConfigMutator: func(vmss *armcompute.VirtualMachineScaleSet) {
Comment thread
mxj220 marked this conversation as resolved.
vmss.Properties = addTrustedLaunchToVMSS(vmss.Properties)
},
Validator: func(ctx context.Context, s *Scenario) {
ValidateNonEmptyDirectory(ctx, s, "/etc/overlaybd")
ValidateSystemdUnitIsRunning(ctx, s, "overlaybd-snapshotter.service")
ValidateSystemdUnitIsRunning(ctx, s, "overlaybd-tcmu.service")
ValidateSystemdUnitIsRunning(ctx, s, "acr-mirror.service")
ValidateSystemdUnitIsRunning(ctx, s, "containerd.service")
},
},
})
}

func Test_Ubuntu2204_ArtifactStreaming_TrustedLaunch_Scriptless(t *testing.T) {
RunScenario(t, &Scenario{
Description: "tests that a new ubuntu 2204 node using artifact streaming with trusted launch can be properly bootstrapped",
Tags: Tags{
Scriptless: true,
},
Config: Config{
Cluster: ClusterKubenet,
VHD: config.VHDUbuntu2204Gen2TLContainerd,
AKSNodeConfigMutator: func(config *aksnodeconfigv1.Configuration) {
config.EnableArtifactStreaming = true
},
VMConfigMutator: func(vmss *armcompute.VirtualMachineScaleSet) {
vmss.Properties = addTrustedLaunchToVMSS(vmss.Properties)
},
Validator: func(ctx context.Context, s *Scenario) {
ValidateNonEmptyDirectory(ctx, s, "/etc/overlaybd")
ValidateSystemdUnitIsRunning(ctx, s, "overlaybd-snapshotter.service")
ValidateSystemdUnitIsRunning(ctx, s, "overlaybd-tcmu.service")
ValidateSystemdUnitIsRunning(ctx, s, "acr-mirror.service")
ValidateSystemdUnitIsRunning(ctx, s, "containerd.service")
},
},
})
}

func Test_Ubuntu2204_ArtifactStreaming_FIPS(t *testing.T) {
RunScenario(t, &Scenario{
Description: "tests that a new ubuntu 2204 FIPS node using artifact streaming can be properly bootstrapped",
Config: Config{
Cluster: ClusterKubenet,
VHD: config.VHDUbuntu2204Gen2FIPSContainerd,
BootstrapConfigMutator: func(nbc *datamodel.NodeBootstrappingConfiguration) {
nbc.EnableArtifactStreaming = true
},
VMConfigMutator: func(vmss *armcompute.VirtualMachineScaleSet) {
vmss.Properties.AdditionalCapabilities = &armcompute.AdditionalCapabilities{
EnableFips1403Encryption: to.Ptr(true),
}
settings := vmss.Properties.VirtualMachineProfile.ExtensionProfile.Extensions[0].Properties.ProtectedSettings
vmss.Properties.VirtualMachineProfile.ExtensionProfile.Extensions[0].Properties.Settings = settings
Comment thread
mxj220 marked this conversation as resolved.
vmss.Properties.VirtualMachineProfile.ExtensionProfile.Extensions[0].Properties.ProtectedSettings = nil
Comment thread
mxj220 marked this conversation as resolved.
},
Validator: func(ctx context.Context, s *Scenario) {
ValidateNonEmptyDirectory(ctx, s, "/etc/overlaybd")
ValidateSystemdUnitIsRunning(ctx, s, "overlaybd-snapshotter.service")
ValidateSystemdUnitIsRunning(ctx, s, "overlaybd-tcmu.service")
ValidateSystemdUnitIsRunning(ctx, s, "acr-mirror.service")
ValidateSystemdUnitIsRunning(ctx, s, "containerd.service")
},
},
})
}

func Test_Ubuntu2204_ArtifactStreaming_FIPS_Scriptless(t *testing.T) {
RunScenario(t, &Scenario{
Description: "tests that a new ubuntu 2204 FIPS node using artifact streaming can be properly bootstrapped",
Tags: Tags{
Scriptless: true,
},
Config: Config{
Cluster: ClusterKubenet,
VHD: config.VHDUbuntu2204Gen2FIPSContainerd,
AKSNodeConfigMutator: func(config *aksnodeconfigv1.Configuration) {
config.EnableArtifactStreaming = true
},
VMConfigMutator: func(vmss *armcompute.VirtualMachineScaleSet) {
vmss.Properties.AdditionalCapabilities = &armcompute.AdditionalCapabilities{
EnableFips1403Encryption: to.Ptr(true),
}
settings := vmss.Properties.VirtualMachineProfile.ExtensionProfile.Extensions[0].Properties.ProtectedSettings
vmss.Properties.VirtualMachineProfile.ExtensionProfile.Extensions[0].Properties.Settings = settings
vmss.Properties.VirtualMachineProfile.ExtensionProfile.Extensions[0].Properties.ProtectedSettings = nil
},
Comment thread
mxj220 marked this conversation as resolved.
Validator: func(ctx context.Context, s *Scenario) {
ValidateNonEmptyDirectory(ctx, s, "/etc/overlaybd")
ValidateSystemdUnitIsRunning(ctx, s, "overlaybd-snapshotter.service")
ValidateSystemdUnitIsRunning(ctx, s, "overlaybd-tcmu.service")
ValidateSystemdUnitIsRunning(ctx, s, "acr-mirror.service")
ValidateSystemdUnitIsRunning(ctx, s, "containerd.service")
},
},
})
}

func Test_Ubuntu2204_ArtifactStreaming_NetworkIsolatedCluster(t *testing.T) {
RunScenario(t, &Scenario{
Description: "tests that a new ubuntu 2204 node in a network isolated cluster using artifact streaming can be properly bootstrapped",
Tags: Tags{
NetworkIsolated: true,
NonAnonymousACR: true,
},
Config: Config{
Cluster: ClusterAzureNetworkIsolated,
VHD: config.VHDUbuntu2204Gen2Containerd,
BootstrapConfigMutator: func(nbc *datamodel.NodeBootstrappingConfiguration) {
nbc.EnableArtifactStreaming = true
nbc.OutboundType = datamodel.OutboundTypeBlock
nbc.ContainerService.Properties.SecurityProfile = &datamodel.SecurityProfile{
PrivateEgress: &datamodel.PrivateEgress{
Enabled: true,
ContainerRegistryServer: fmt.Sprintf("%s.azurecr.io/aks-managed-repository", config.PrivateACRNameNotAnon(config.Config.DefaultLocation)),
},
}
nbc.ContainerService.Properties.OrchestratorProfile.KubernetesConfig.UseManagedIdentity = true
nbc.AgentPoolProfile.KubernetesConfig.UseManagedIdentity = true
nbc.K8sComponents.LinuxCredentialProviderURL = fmt.Sprintf(
"https://packages.aks.azure.com/cloud-provider-azure/v%s/binaries/azure-acr-credential-provider-linux-amd64-v%s.tar.gz",
nbc.ContainerService.Properties.OrchestratorProfile.OrchestratorVersion,
nbc.ContainerService.Properties.OrchestratorProfile.OrchestratorVersion)
nbc.KubeletConfig["--image-credential-provider-config"] = "/var/lib/kubelet/credential-provider-config.yaml"
nbc.KubeletConfig["--image-credential-provider-bin-dir"] = "/var/lib/kubelet/credential-provider"
},
Validator: func(ctx context.Context, s *Scenario) {
ValidateDirectoryContent(ctx, s, "/opt/azure", []string{"outbound-check-skipped"})
ValidateNonEmptyDirectory(ctx, s, "/etc/overlaybd")
ValidateSystemdUnitIsRunning(ctx, s, "overlaybd-snapshotter.service")
ValidateSystemdUnitIsRunning(ctx, s, "overlaybd-tcmu.service")
ValidateSystemdUnitIsRunning(ctx, s, "acr-mirror.service")
ValidateSystemdUnitIsRunning(ctx, s, "containerd.service")
},
},
})
}

func Test_Ubuntu2204_ChronyRestarts_Taints_And_Tolerations(t *testing.T) {
RunScenario(t, &Scenario{
Description: "Tests that the chrony service restarts if it is killed. Also tests taints and tolerations",
Expand Down
Loading