sigs.k8s.io/cluster-api-provider-azure@v1.14.3/templates/test/ci/cluster-template-prow-machine-pool-ci-version.yaml (about) 1 apiVersion: cluster.x-k8s.io/v1beta1 2 kind: Cluster 3 metadata: 4 labels: 5 cloud-provider: ${CLOUD_PROVIDER_AZURE_LABEL:=azure} 6 cni: calico 7 cni-windows: ${CLUSTER_NAME}-calico 8 containerd-logger: enabled 9 csi-proxy: enabled 10 windows: enabled 11 name: ${CLUSTER_NAME} 12 namespace: default 13 spec: 14 clusterNetwork: 15 pods: 16 cidrBlocks: 17 - 192.168.0.0/16 18 controlPlaneRef: 19 apiVersion: controlplane.cluster.x-k8s.io/v1beta1 20 kind: KubeadmControlPlane 21 name: ${CLUSTER_NAME}-control-plane 22 infrastructureRef: 23 apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 24 kind: AzureCluster 25 name: ${CLUSTER_NAME} 26 --- 27 apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 28 kind: AzureCluster 29 metadata: 30 name: ${CLUSTER_NAME} 31 namespace: default 32 spec: 33 additionalTags: 34 buildProvenance: ${BUILD_PROVENANCE} 35 creationTimestamp: ${TIMESTAMP} 36 jobName: ${JOB_NAME} 37 identityRef: 38 apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 39 kind: AzureClusterIdentity 40 name: ${CLUSTER_IDENTITY_NAME} 41 location: ${AZURE_LOCATION} 42 networkSpec: 43 subnets: 44 - name: control-plane-subnet 45 role: control-plane 46 - name: node-subnet 47 role: node 48 vnet: 49 name: ${AZURE_VNET_NAME:=${CLUSTER_NAME}-vnet} 50 resourceGroup: ${AZURE_RESOURCE_GROUP:=${CLUSTER_NAME}} 51 subscriptionID: ${AZURE_SUBSCRIPTION_ID} 52 --- 53 apiVersion: controlplane.cluster.x-k8s.io/v1beta1 54 kind: KubeadmControlPlane 55 metadata: 56 name: ${CLUSTER_NAME}-control-plane 57 namespace: default 58 spec: 59 kubeadmConfigSpec: 60 clusterConfiguration: 61 apiServer: 62 extraArgs: 63 cloud-provider: external 64 timeoutForControlPlane: 20m 65 controllerManager: 66 extraArgs: 67 allocate-node-cidrs: "false" 68 cloud-provider: external 69 cluster-name: ${CLUSTER_NAME} 70 v: "4" 71 etcd: 72 local: 73 dataDir: /var/lib/etcddisk/etcd 74 extraArgs: 75 quota-backend-bytes: "8589934592" 76 kubernetesVersion: ci/${CI_VERSION} 77 diskSetup: 78 filesystems: 79 - device: /dev/disk/azure/scsi1/lun0 80 extraOpts: 81 - -E 82 - lazy_itable_init=1,lazy_journal_init=1 83 filesystem: ext4 84 label: etcd_disk 85 - device: ephemeral0.1 86 filesystem: ext4 87 label: ephemeral0 88 replaceFS: ntfs 89 partitions: 90 - device: /dev/disk/azure/scsi1/lun0 91 layout: true 92 overwrite: false 93 tableType: gpt 94 files: 95 - contentFrom: 96 secret: 97 key: control-plane-azure.json 98 name: ${CLUSTER_NAME}-control-plane-azure-json 99 owner: root:root 100 path: /etc/kubernetes/azure.json 101 permissions: "0644" 102 - content: | 103 #!/bin/bash 104 105 set -o nounset 106 set -o pipefail 107 set -o errexit 108 [[ $(id -u) != 0 ]] && SUDO="sudo" || SUDO="" 109 110 az login --identity 111 echo "Use OOT credential provider" 112 mkdir -p /var/lib/kubelet/credential-provider 113 az storage blob download --blob-url "https://${AZURE_STORAGE_ACCOUNT}.blob.core.windows.net/${AZURE_BLOB_CONTAINER_NAME}/${IMAGE_TAG_ACR_CREDENTIAL_PROVIDER}/azure-acr-credential-provider" -f /var/lib/kubelet/credential-provider/acr-credential-provider --auth-mode login 114 chmod 755 /var/lib/kubelet/credential-provider/acr-credential-provider 115 az storage blob download --blob-url "https://${AZURE_STORAGE_ACCOUNT}.blob.core.windows.net/${AZURE_BLOB_CONTAINER_NAME}/${IMAGE_TAG_ACR_CREDENTIAL_PROVIDER}/credential-provider-config.yaml" -f /var/lib/kubelet/credential-provider-config.yaml --auth-mode login 116 chmod 644 /var/lib/kubelet/credential-provider-config.yaml 117 owner: root:root 118 path: /tmp/oot-cred-provider.sh 119 permissions: "0744" 120 - content: | 121 #!/bin/bash 122 123 set -o nounset 124 set -o pipefail 125 set -o errexit 126 [[ $(id -u) != 0 ]] && SUDO="sudo" || SUDO="" 127 128 # This test installs release packages or binaries that are a result of the CI and release builds. 129 # It runs '... --version' commands to verify that the binaries are correctly installed 130 # and finally uninstalls the packages. 131 # For the release packages it tests all versions in the support skew. 132 LINE_SEPARATOR="*************************************************" 133 echo "$$LINE_SEPARATOR" 134 CI_VERSION=${CI_VERSION} 135 if [[ "$${CI_VERSION}" != "" ]]; then 136 CI_DIR=/tmp/k8s-ci 137 mkdir -p $$CI_DIR 138 declare -a PACKAGES_TO_TEST=("kubectl" "kubelet" "kubeadm") 139 declare -a CONTAINERS_TO_TEST=("kube-apiserver" "kube-controller-manager" "kube-proxy" "kube-scheduler") 140 CONTAINER_EXT="tar" 141 echo "* testing CI version $$CI_VERSION" 142 # Check for semver 143 if [[ "$${CI_VERSION}" =~ ^v[0-9]+\.[0-9]+\.[0-9]+$ ]]; then 144 VERSION_WITHOUT_PREFIX="${CI_VERSION#v}" 145 DEBIAN_FRONTEND=noninteractive apt-get install -y apt-transport-https curl 146 curl -fsSL https://pkgs.k8s.io/core:/stable:/${KUBERNETES_VERSION}/deb/Release.key | gpg --dearmor -o /etc/apt/keyrings/kubernetes-apt-keyring.gpg 147 echo "deb [signed-by=/etc/apt/keyrings/kubernetes-apt-keyring.gpg] https://pkgs.k8s.io/core:/stable:/${KUBERNETES_VERSION}/deb/ /" | tee /etc/apt/sources.list.d/kubernetes.list 148 apt-get update 149 # replace . with \. 150 VERSION_REGEX="${VERSION_WITHOUT_PREFIX//./\\.}" 151 PACKAGE_VERSION="$(apt-cache madison kubelet|grep $${VERSION_REGEX}- | head -n1 | cut -d '|' -f 2 | tr -d '[:space:]')" 152 for CI_PACKAGE in "$${PACKAGES_TO_TEST[@]}"; do 153 echo "* installing package: $$CI_PACKAGE $${PACKAGE_VERSION}" 154 DEBIAN_FRONTEND=noninteractive apt-get install -y $$CI_PACKAGE=$$PACKAGE_VERSION 155 done 156 else 157 CI_URL="https://storage.googleapis.com/k8s-release-dev/ci/$${CI_VERSION}/bin/linux/amd64" 158 for CI_PACKAGE in "$${PACKAGES_TO_TEST[@]}"; do 159 echo "* downloading binary: $$CI_URL/$$CI_PACKAGE" 160 wget --inet4-only "$$CI_URL/$$CI_PACKAGE" -nv -O "$$CI_DIR/$$CI_PACKAGE" 161 chmod +x "$$CI_DIR/$$CI_PACKAGE" 162 mv "$$CI_DIR/$$CI_PACKAGE" "/usr/bin/$$CI_PACKAGE" 163 done 164 IMAGE_REGISTRY_PREFIX=registry.k8s.io 165 for CI_CONTAINER in "$${CONTAINERS_TO_TEST[@]}"; do 166 echo "* downloading package: $$CI_URL/$$CI_CONTAINER.$$CONTAINER_EXT" 167 wget --inet4-only "$$CI_URL/$$CI_CONTAINER.$$CONTAINER_EXT" -nv -O "$$CI_DIR/$$CI_CONTAINER.$$CONTAINER_EXT" 168 $${SUDO} ctr -n k8s.io images import "$$CI_DIR/$$CI_CONTAINER.$$CONTAINER_EXT" || echo "* ignoring expected 'ctr images import' result" 169 $${SUDO} ctr -n k8s.io images tag $$IMAGE_REGISTRY_PREFIX/$$CI_CONTAINER-amd64:"$${CI_VERSION//+/_}" $$IMAGE_REGISTRY_PREFIX/$$CI_CONTAINER:"$${CI_VERSION//+/_}" 170 $${SUDO} ctr -n k8s.io images tag $$IMAGE_REGISTRY_PREFIX/$$CI_CONTAINER-amd64:"$${CI_VERSION//+/_}" gcr.io/k8s-staging-ci-images/$$CI_CONTAINER:"$${CI_VERSION//+/_}" 171 done 172 fi 173 systemctl restart kubelet 174 fi 175 echo "* checking binary versions" 176 echo "ctr version: " $(ctr version) 177 echo "kubeadm version: " $(kubeadm version -o=short) 178 echo "kubectl version: " $(kubectl version --client=true) 179 echo "kubelet version: " $(kubelet --version) 180 echo "$$LINE_SEPARATOR" 181 owner: root:root 182 path: /tmp/kubeadm-bootstrap.sh 183 permissions: "0744" 184 initConfiguration: 185 nodeRegistration: 186 kubeletExtraArgs: 187 cloud-provider: external 188 image-credential-provider-bin-dir: /var/lib/kubelet/credential-provider 189 image-credential-provider-config: /var/lib/kubelet/credential-provider-config.yaml 190 name: '{{ ds.meta_data["local_hostname"] }}' 191 joinConfiguration: 192 nodeRegistration: 193 kubeletExtraArgs: 194 cloud-provider: external 195 image-credential-provider-bin-dir: /var/lib/kubelet/credential-provider 196 image-credential-provider-config: /var/lib/kubelet/credential-provider-config.yaml 197 name: '{{ ds.meta_data["local_hostname"] }}' 198 mounts: 199 - - LABEL=etcd_disk 200 - /var/lib/etcddisk 201 postKubeadmCommands: [] 202 preKubeadmCommands: 203 - bash -c /tmp/oot-cred-provider.sh 204 - bash -c /tmp/kubeadm-bootstrap.sh 205 verbosity: 5 206 machineTemplate: 207 infrastructureRef: 208 apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 209 kind: AzureMachineTemplate 210 name: ${CLUSTER_NAME}-control-plane 211 replicas: ${CONTROL_PLANE_MACHINE_COUNT:=1} 212 version: ${KUBERNETES_VERSION} 213 --- 214 apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 215 kind: AzureMachineTemplate 216 metadata: 217 name: ${CLUSTER_NAME}-control-plane 218 namespace: default 219 spec: 220 template: 221 spec: 222 dataDisks: 223 - diskSizeGB: 256 224 lun: 0 225 nameSuffix: etcddisk 226 image: 227 marketplace: 228 offer: capi 229 publisher: cncf-upstream 230 sku: ubuntu-2204-gen1 231 version: latest 232 osDisk: 233 diskSizeGB: 128 234 osType: Linux 235 sshPublicKey: ${AZURE_SSH_PUBLIC_KEY_B64:=""} 236 vmSize: ${AZURE_CONTROL_PLANE_MACHINE_TYPE} 237 --- 238 apiVersion: cluster.x-k8s.io/v1beta1 239 kind: MachinePool 240 metadata: 241 name: ${CLUSTER_NAME}-mp-0 242 namespace: default 243 spec: 244 clusterName: ${CLUSTER_NAME} 245 replicas: ${WORKER_MACHINE_COUNT:=2} 246 template: 247 spec: 248 bootstrap: 249 configRef: 250 apiVersion: bootstrap.cluster.x-k8s.io/v1beta1 251 kind: KubeadmConfig 252 name: ${CLUSTER_NAME}-mp-0 253 clusterName: ${CLUSTER_NAME} 254 infrastructureRef: 255 apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 256 kind: AzureMachinePool 257 name: ${CLUSTER_NAME}-mp-0 258 version: ${KUBERNETES_VERSION} 259 --- 260 apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 261 kind: AzureMachinePool 262 metadata: 263 name: ${CLUSTER_NAME}-mp-0 264 namespace: default 265 spec: 266 location: ${AZURE_LOCATION} 267 strategy: 268 rollingUpdate: 269 deletePolicy: Oldest 270 maxSurge: 25% 271 maxUnavailable: 1 272 type: RollingUpdate 273 template: 274 image: 275 marketplace: 276 offer: capi 277 publisher: cncf-upstream 278 sku: ubuntu-2204-gen1 279 version: latest 280 osDisk: 281 diskSizeGB: 30 282 managedDisk: 283 storageAccountType: Premium_LRS 284 osType: Linux 285 sshPublicKey: ${AZURE_SSH_PUBLIC_KEY_B64:=""} 286 vmExtensions: 287 - name: CustomScript 288 protectedSettings: 289 commandToExecute: | 290 #!/bin/sh 291 echo "This script is a no-op used for extension testing purposes ..." 292 touch test_file 293 publisher: Microsoft.Azure.Extensions 294 version: "2.1" 295 vmSize: ${AZURE_NODE_MACHINE_TYPE} 296 --- 297 apiVersion: bootstrap.cluster.x-k8s.io/v1beta1 298 kind: KubeadmConfig 299 metadata: 300 name: ${CLUSTER_NAME}-mp-0 301 namespace: default 302 spec: 303 files: 304 - content: | 305 #!/bin/bash 306 307 set -o nounset 308 set -o pipefail 309 set -o errexit 310 [[ $(id -u) != 0 ]] && SUDO="sudo" || SUDO="" 311 312 az login --identity 313 echo "Use OOT credential provider" 314 mkdir -p /var/lib/kubelet/credential-provider 315 az storage blob download --blob-url "https://${AZURE_STORAGE_ACCOUNT}.blob.core.windows.net/${AZURE_BLOB_CONTAINER_NAME}/${IMAGE_TAG_ACR_CREDENTIAL_PROVIDER}/azure-acr-credential-provider" -f /var/lib/kubelet/credential-provider/acr-credential-provider --auth-mode login 316 chmod 755 /var/lib/kubelet/credential-provider/acr-credential-provider 317 az storage blob download --blob-url "https://${AZURE_STORAGE_ACCOUNT}.blob.core.windows.net/${AZURE_BLOB_CONTAINER_NAME}/${IMAGE_TAG_ACR_CREDENTIAL_PROVIDER}/credential-provider-config.yaml" -f /var/lib/kubelet/credential-provider-config.yaml --auth-mode login 318 chmod 644 /var/lib/kubelet/credential-provider-config.yaml 319 owner: root:root 320 path: /tmp/oot-cred-provider.sh 321 permissions: "0744" 322 - content: | 323 #!/bin/bash 324 325 set -o nounset 326 set -o pipefail 327 set -o errexit 328 [[ $(id -u) != 0 ]] && SUDO="sudo" || SUDO="" 329 330 # This test installs release packages or binaries that are a result of the CI and release builds. 331 # It runs '... --version' commands to verify that the binaries are correctly installed 332 # and finally uninstalls the packages. 333 # For the release packages it tests all versions in the support skew. 334 LINE_SEPARATOR="*************************************************" 335 echo "$$LINE_SEPARATOR" 336 CI_VERSION=${CI_VERSION} 337 if [[ "$${CI_VERSION}" != "" ]]; then 338 CI_DIR=/tmp/k8s-ci 339 mkdir -p $$CI_DIR 340 declare -a PACKAGES_TO_TEST=("kubectl" "kubelet" "kubeadm") 341 declare -a CONTAINERS_TO_TEST=("kube-apiserver" "kube-controller-manager" "kube-proxy" "kube-scheduler") 342 CONTAINER_EXT="tar" 343 echo "* testing CI version $$CI_VERSION" 344 # Check for semver 345 if [[ "$${CI_VERSION}" =~ ^v[0-9]+\.[0-9]+\.[0-9]+$ ]]; then 346 VERSION_WITHOUT_PREFIX="${CI_VERSION#v}" 347 DEBIAN_FRONTEND=noninteractive apt-get install -y apt-transport-https curl 348 curl -fsSL https://pkgs.k8s.io/core:/stable:/${KUBERNETES_VERSION}/deb/Release.key | gpg --dearmor -o /etc/apt/keyrings/kubernetes-apt-keyring.gpg 349 echo "deb [signed-by=/etc/apt/keyrings/kubernetes-apt-keyring.gpg] https://pkgs.k8s.io/core:/stable:/${KUBERNETES_VERSION}/deb/ /" | tee /etc/apt/sources.list.d/kubernetes.list 350 apt-get update 351 # replace . with \. 352 VERSION_REGEX="${VERSION_WITHOUT_PREFIX//./\\.}" 353 PACKAGE_VERSION="$(apt-cache madison kubelet|grep $${VERSION_REGEX}- | head -n1 | cut -d '|' -f 2 | tr -d '[:space:]')" 354 for CI_PACKAGE in "$${PACKAGES_TO_TEST[@]}"; do 355 echo "* installing package: $$CI_PACKAGE $${PACKAGE_VERSION}" 356 DEBIAN_FRONTEND=noninteractive apt-get install -y $$CI_PACKAGE=$$PACKAGE_VERSION 357 done 358 else 359 CI_URL="https://storage.googleapis.com/k8s-release-dev/ci/$${CI_VERSION}/bin/linux/amd64" 360 fi 361 for CI_PACKAGE in "$${PACKAGES_TO_TEST[@]}"; do 362 echo "* downloading binary: $$CI_URL/$$CI_PACKAGE" 363 wget --inet4-only "$$CI_URL/$$CI_PACKAGE" -nv -O "$$CI_DIR/$$CI_PACKAGE" 364 chmod +x "$$CI_DIR/$$CI_PACKAGE" 365 mv "$$CI_DIR/$$CI_PACKAGE" "/usr/bin/$$CI_PACKAGE" 366 done 367 IMAGE_REGISTRY_PREFIX=registry.k8s.io 368 for CI_CONTAINER in "$${CONTAINERS_TO_TEST[@]}"; do 369 echo "* downloading package: $$CI_URL/$$CI_CONTAINER.$$CONTAINER_EXT" 370 wget --inet4-only "$$CI_URL/$$CI_CONTAINER.$$CONTAINER_EXT" -nv -O "$$CI_DIR/$$CI_CONTAINER.$$CONTAINER_EXT" 371 $${SUDO} ctr -n k8s.io images import "$$CI_DIR/$$CI_CONTAINER.$$CONTAINER_EXT" || echo "* ignoring expected 'ctr images import' result" 372 $${SUDO} ctr -n k8s.io images tag $$IMAGE_REGISTRY_PREFIX/$$CI_CONTAINER-amd64:"$${CI_VERSION//+/_}" $$IMAGE_REGISTRY_PREFIX/$$CI_CONTAINER:"$${CI_VERSION//+/_}" 373 $${SUDO} ctr -n k8s.io images tag $$IMAGE_REGISTRY_PREFIX/$$CI_CONTAINER-amd64:"$${CI_VERSION//+/_}" gcr.io/k8s-staging-ci-images/$$CI_CONTAINER:"$${CI_VERSION//+/_}" 374 done 375 fi 376 systemctl restart kubelet 377 fi 378 echo "* checking binary versions" 379 echo "ctr version: " $(ctr version) 380 echo "kubeadm version: " $(kubeadm version -o=short) 381 echo "kubectl version: " $(kubectl version --client=true) 382 echo "kubelet version: " $(kubelet --version) 383 echo "$$LINE_SEPARATOR" 384 owner: root:root 385 path: /tmp/kubeadm-bootstrap.sh 386 permissions: "0744" 387 - contentFrom: 388 secret: 389 key: worker-node-azure.json 390 name: ${CLUSTER_NAME}-mp-0-azure-json 391 owner: root:root 392 path: /etc/kubernetes/azure.json 393 permissions: "0644" 394 joinConfiguration: 395 nodeRegistration: 396 kubeletExtraArgs: 397 cloud-provider: external 398 image-credential-provider-bin-dir: /var/lib/kubelet/credential-provider 399 image-credential-provider-config: /var/lib/kubelet/credential-provider-config.yaml 400 name: '{{ ds.meta_data["local_hostname"] }}' 401 preKubeadmCommands: 402 - bash -c /tmp/oot-cred-provider.sh 403 - bash -c /tmp/kubeadm-bootstrap.sh 404 --- 405 apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 406 kind: AzureClusterIdentity 407 metadata: 408 labels: 409 clusterctl.cluster.x-k8s.io/move-hierarchy: "true" 410 name: ${CLUSTER_IDENTITY_NAME} 411 namespace: default 412 spec: 413 allowedNamespaces: {} 414 clientID: ${AZURE_CLIENT_ID} 415 clientSecret: 416 name: ${AZURE_CLUSTER_IDENTITY_SECRET_NAME} 417 namespace: ${AZURE_CLUSTER_IDENTITY_SECRET_NAMESPACE} 418 tenantID: ${AZURE_TENANT_ID} 419 type: ServicePrincipal 420 --- 421 apiVersion: cluster.x-k8s.io/v1beta1 422 kind: MachinePool 423 metadata: 424 name: ${CLUSTER_NAME}-mp-win 425 namespace: default 426 spec: 427 clusterName: ${CLUSTER_NAME} 428 replicas: ${WINDOWS_WORKER_MACHINE_COUNT:-0} 429 template: 430 spec: 431 bootstrap: 432 configRef: 433 apiVersion: bootstrap.cluster.x-k8s.io/v1beta1 434 kind: KubeadmConfig 435 name: ${CLUSTER_NAME}-mp-win 436 clusterName: ${CLUSTER_NAME} 437 infrastructureRef: 438 apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 439 kind: AzureMachinePool 440 name: ${CLUSTER_NAME}-mp-win 441 version: ${KUBERNETES_VERSION} 442 --- 443 apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 444 kind: AzureMachinePool 445 metadata: 446 annotations: 447 runtime: containerd 448 windowsServerVersion: ${WINDOWS_SERVER_VERSION:=""} 449 name: ${CLUSTER_NAME}-mp-win 450 namespace: default 451 spec: 452 location: ${AZURE_LOCATION} 453 template: 454 image: 455 marketplace: 456 offer: capi-windows 457 publisher: cncf-upstream 458 sku: ${WINDOWS_SERVER_VERSION:=windows-2019}-containerd-gen1 459 version: latest 460 osDisk: 461 diskSizeGB: 128 462 managedDisk: 463 storageAccountType: Premium_LRS 464 osType: Windows 465 sshPublicKey: ${AZURE_SSH_PUBLIC_KEY_B64:=""} 466 vmSize: ${AZURE_NODE_MACHINE_TYPE} 467 --- 468 apiVersion: bootstrap.cluster.x-k8s.io/v1beta1 469 kind: KubeadmConfig 470 metadata: 471 name: ${CLUSTER_NAME}-mp-win 472 namespace: default 473 spec: 474 files: 475 - contentFrom: 476 secret: 477 key: worker-node-azure.json 478 name: ${CLUSTER_NAME}-mp-win-azure-json 479 owner: root:root 480 path: c:/k/azure.json 481 permissions: "0644" 482 - content: Add-MpPreference -ExclusionProcess C:/opt/cni/bin/calico.exe 483 path: C:/defender-exclude-calico.ps1 484 permissions: "0744" 485 - content: | 486 $ErrorActionPreference = 'Stop' 487 488 Stop-Service kubelet -Force 489 490 $$CI_VERSION="${CI_VERSION}" 491 if($$CI_VERSION -ne "") 492 { 493 $$binaries=@("kubeadm", "kubectl", "kubelet", "kube-proxy") 494 $$ci_url="https://storage.googleapis.com/k8s-release-dev/ci/$$CI_VERSION/bin/windows/amd64" 495 foreach ( $$binary in $$binaries ) 496 { 497 echo "downloading binary: $$ci_url/$$binary.exe" 498 curl.exe --retry 10 --retry-delay 5 "$$ci_url/$$binary.exe" --output "c:/k/$$binary.exe" 499 } 500 } 501 502 # Tag it to the ci version. The image knows how to use the copy locally with the configmap 503 # that is applied at at this stage (windows-kubeproxy-ci.yaml) 504 ctr.exe -n k8s.io images pull docker.io/sigwindowstools/kube-proxy:v1.23.1-calico-hostprocess 505 ctr.exe -n k8s.io images tag docker.io/sigwindowstools/kube-proxy:v1.23.1-calico-hostprocess "docker.io/sigwindowstools/kube-proxy:${CI_VERSION/+/_}-calico-hostprocess" 506 507 kubeadm.exe version -o=short 508 kubectl.exe version --client=true 509 kubelet.exe --version 510 path: C:/replace-k8s-binaries.ps1 511 permissions: "0744" 512 - content: | 513 $ErrorActionPreference = 'Stop' 514 515 az login --identity 516 echo "Use OOT credential provider" 517 mkdir C:\var\lib\kubelet\credential-provider 518 az storage blob download --blob-url "https://${AZURE_STORAGE_ACCOUNT}.blob.core.windows.net/${AZURE_BLOB_CONTAINER_NAME}/${IMAGE_TAG_ACR_CREDENTIAL_PROVIDER}/azure-acr-credential-provider.exe" -f C:\var\lib\kubelet\credential-provider\acr-credential-provider.exe --auth-mode login 519 cp C:\var\lib\kubelet\credential-provider\acr-credential-provider.exe C:\var\lib\kubelet\credential-provider\acr-credential-provider 520 az storage blob download --blob-url "https://${AZURE_STORAGE_ACCOUNT}.blob.core.windows.net/${AZURE_BLOB_CONTAINER_NAME}/${IMAGE_TAG_ACR_CREDENTIAL_PROVIDER}/credential-provider-config-win.yaml" -f C:\var\lib\kubelet\credential-provider-config.yaml --auth-mode login 521 path: C:/oot-cred-provider.ps1 522 permissions: "0744" 523 joinConfiguration: 524 nodeRegistration: 525 criSocket: npipe:////./pipe/containerd-containerd 526 kubeletExtraArgs: 527 cloud-provider: external 528 image-credential-provider-bin-dir: /var/lib/kubelet/credential-provider 529 image-credential-provider-config: /var/lib/kubelet/credential-provider-config.yaml 530 pod-infra-container-image: mcr.microsoft.com/oss/kubernetes/pause:3.9 531 name: '{{ ds.meta_data["local_hostname"] }}' 532 postKubeadmCommands: 533 - nssm set kubelet start SERVICE_AUTO_START 534 - powershell C:/defender-exclude-calico.ps1 535 preKubeadmCommands: 536 - powershell c:/create-external-network.ps1 537 - powershell C:/replace-k8s-binaries.ps1 538 - powershell C:/oot-cred-provider.ps1 539 users: 540 - groups: Administrators 541 name: capi 542 sshAuthorizedKeys: 543 - ${AZURE_SSH_PUBLIC_KEY:=""} 544 --- 545 apiVersion: addons.cluster.x-k8s.io/v1beta1 546 kind: ClusterResourceSet 547 metadata: 548 name: ${CLUSTER_NAME}-calico-windows 549 namespace: default 550 spec: 551 clusterSelector: 552 matchLabels: 553 cni-windows: ${CLUSTER_NAME}-calico 554 resources: 555 - kind: ConfigMap 556 name: cni-${CLUSTER_NAME}-calico-windows 557 strategy: ApplyOnce 558 --- 559 apiVersion: addons.cluster.x-k8s.io/v1beta1 560 kind: ClusterResourceSet 561 metadata: 562 name: csi-proxy 563 namespace: default 564 spec: 565 clusterSelector: 566 matchLabels: 567 csi-proxy: enabled 568 resources: 569 - kind: ConfigMap 570 name: csi-proxy-addon 571 strategy: ApplyOnce 572 --- 573 apiVersion: addons.cluster.x-k8s.io/v1beta1 574 kind: ClusterResourceSet 575 metadata: 576 name: containerd-logger-${CLUSTER_NAME} 577 namespace: default 578 spec: 579 clusterSelector: 580 matchLabels: 581 containerd-logger: enabled 582 resources: 583 - kind: ConfigMap 584 name: containerd-logger-${CLUSTER_NAME} 585 strategy: ApplyOnce 586 --- 587 apiVersion: addons.cluster.x-k8s.io/v1alpha1 588 kind: HelmChartProxy 589 metadata: 590 name: calico 591 namespace: default 592 spec: 593 chartName: tigera-operator 594 clusterSelector: 595 matchLabels: 596 cni: calico 597 namespace: tigera-operator 598 releaseName: projectcalico 599 repoURL: https://docs.tigera.io/calico/charts 600 valuesTemplate: |- 601 installation: 602 cni: 603 type: Calico 604 calicoNetwork: 605 bgp: Disabled 606 mtu: 1350 607 ipPools: 608 ipPools:{{range $i, $cidr := .Cluster.spec.clusterNetwork.pods.cidrBlocks }} 609 - cidr: {{ $cidr }} 610 encapsulation: VXLAN{{end}} 611 registry: mcr.microsoft.com/oss 612 # Image and registry configuration for the tigera/operator pod. 613 tigeraOperator: 614 image: tigera/operator 615 registry: mcr.microsoft.com/oss 616 calicoctl: 617 image: mcr.microsoft.com/oss/calico/ctl 618 version: ${CALICO_VERSION} 619 --- 620 apiVersion: addons.cluster.x-k8s.io/v1alpha1 621 kind: HelmChartProxy 622 metadata: 623 name: azuredisk-csi-driver-chart 624 namespace: default 625 spec: 626 chartName: azuredisk-csi-driver 627 clusterSelector: 628 matchLabels: 629 azuredisk-csi: "true" 630 namespace: kube-system 631 releaseName: azuredisk-csi-driver-oot 632 repoURL: https://raw.githubusercontent.com/kubernetes-sigs/azuredisk-csi-driver/master/charts 633 valuesTemplate: |- 634 controller: 635 replicas: 1 636 runOnControlPlane: true 637 windows: 638 useHostProcessContainers: {{ hasKey .Cluster.metadata.labels "cni-windows" }} 639 --- 640 apiVersion: addons.cluster.x-k8s.io/v1alpha1 641 kind: HelmChartProxy 642 metadata: 643 name: cloud-provider-azure-chart 644 namespace: default 645 spec: 646 chartName: cloud-provider-azure 647 clusterSelector: 648 matchLabels: 649 cloud-provider: azure 650 releaseName: cloud-provider-azure-oot 651 repoURL: https://raw.githubusercontent.com/kubernetes-sigs/cloud-provider-azure/master/helm/repo 652 valuesTemplate: | 653 infra: 654 clusterName: {{ .Cluster.metadata.name }} 655 cloudControllerManager: 656 clusterCIDR: {{ .Cluster.spec.clusterNetwork.pods.cidrBlocks | join "," }} 657 logVerbosity: 4 658 --- 659 apiVersion: addons.cluster.x-k8s.io/v1alpha1 660 kind: HelmChartProxy 661 metadata: 662 name: cloud-provider-azure-chart-ci 663 namespace: default 664 spec: 665 chartName: cloud-provider-azure 666 clusterSelector: 667 matchLabels: 668 cloud-provider: azure-ci 669 releaseName: cloud-provider-azure-oot 670 repoURL: https://raw.githubusercontent.com/kubernetes-sigs/cloud-provider-azure/master/helm/repo 671 valuesTemplate: | 672 infra: 673 clusterName: {{ .Cluster.metadata.name }} 674 cloudControllerManager: 675 cloudConfig: ${CLOUD_CONFIG:-"/etc/kubernetes/azure.json"} 676 cloudConfigSecretName: ${CONFIG_SECRET_NAME:-""} 677 clusterCIDR: {{ .Cluster.spec.clusterNetwork.pods.cidrBlocks | join "," }} 678 imageName: "${CCM_IMAGE_NAME:-""}" 679 imageRepository: "${IMAGE_REGISTRY:-""}" 680 imageTag: "${IMAGE_TAG_CCM:-""}" 681 logVerbosity: ${CCM_LOG_VERBOSITY:-4} 682 replicas: ${CCM_COUNT:-1} 683 enableDynamicReloading: ${ENABLE_DYNAMIC_RELOADING:-false} 684 cloudNodeManager: 685 imageName: "${CNM_IMAGE_NAME:-""}" 686 imageRepository: "${IMAGE_REGISTRY:-""}" 687 imageTag: "${IMAGE_TAG_CNM:-""}" 688 --- 689 apiVersion: v1 690 data: 691 kube-proxy-patch: |- 692 apiVersion: v1 693 kind: ConfigMap 694 metadata: 695 name: windows-kubeproxy-ci 696 namespace: kube-system 697 data: 698 KUBEPROXY_PATH: "c:/k/kube-proxy.exe" 699 proxy: | 700 apiVersion: apps/v1 701 kind: DaemonSet 702 metadata: 703 labels: 704 k8s-app: kube-proxy 705 name: kube-proxy-windows 706 namespace: kube-system 707 spec: 708 selector: 709 matchLabels: 710 k8s-app: kube-proxy-windows 711 template: 712 metadata: 713 labels: 714 k8s-app: kube-proxy-windows 715 spec: 716 serviceAccountName: kube-proxy 717 securityContext: 718 windowsOptions: 719 hostProcess: true 720 runAsUserName: "NT AUTHORITY\\system" 721 hostNetwork: true 722 containers: 723 - image: sigwindowstools/kube-proxy:${KUBERNETES_VERSION/+/_}-calico-hostprocess 724 args: ["$env:CONTAINER_SANDBOX_MOUNT_POINT/kube-proxy/start.ps1"] 725 workingDir: "$env:CONTAINER_SANDBOX_MOUNT_POINT/kube-proxy/" 726 name: kube-proxy 727 env: 728 - name: NODE_NAME 729 valueFrom: 730 fieldRef: 731 apiVersion: v1 732 fieldPath: spec.nodeName 733 - name: POD_IP 734 valueFrom: 735 fieldRef: 736 fieldPath: status.podIP 737 - name: KUBEPROXY_PATH 738 valueFrom: 739 configMapKeyRef: 740 name: windows-kubeproxy-ci 741 key: KUBEPROXY_PATH 742 optional: true 743 volumeMounts: 744 - mountPath: /var/lib/kube-proxy 745 name: kube-proxy 746 nodeSelector: 747 kubernetes.io/os: windows 748 tolerations: 749 - key: CriticalAddonsOnly 750 operator: Exists 751 - operator: Exists 752 volumes: 753 - configMap: 754 name: kube-proxy 755 name: kube-proxy 756 updateStrategy: 757 type: RollingUpdate 758 windows-cni: "# strictAffinity required for windows\napiVersion: crd.projectcalico.org/v1\nkind: 759 IPAMConfig\nmetadata:\n name: default\nspec:\n autoAllocateBlocks: true\n strictAffinity: 760 true\n---\nkind: ConfigMap\napiVersion: v1\nmetadata:\n name: calico-static-rules\n 761 \ namespace: calico-system\n labels:\n tier: node\n app: calico\ndata:\n 762 \ static-rules.json: |\n {\n \"Provider\": \"azure\",\n \"Version\": 763 \"0.1\",\n \"Rules\": [\n {\n \"Name\": \"EndpointPolicy\",\n 764 \ \"Rule\": {\n \"Id\": \"wireserver\",\n \"Type\": 765 \"ACL\",\n \"Protocol\": 6,\n \"Action\": \"Block\",\n 766 \ \"Direction\": \"Out\",\n \"RemoteAddresses\": \"168.63.129.16/32\",\n 767 \ \"RemotePorts\": \"80\",\n \"Priority\": 200,\n \"RuleType\": 768 \"Switch\"\n }\n }\n ]\n } \n---\nkind: ConfigMap\napiVersion: 769 v1\nmetadata:\n name: calico-config-windows\n namespace: calico-system\n labels:\n 770 \ tier: node\n app: calico\ndata:\n veth_mtu: \"1350\"\n \n cni_network_config: 771 |\n {\n \"name\": \"Calico\",\n \"cniVersion\": \"0.3.1\",\n \"plugins\": 772 [\n {\n \"windows_use_single_network\": true,\n \"type\": 773 \"calico\",\n \"mode\": \"vxlan\",\n \"nodename\": \"__KUBERNETES_NODE_NAME__\",\n 774 \ \"nodename_file_optional\": true,\n \"log_file_path\": \"c:/cni.log\",\n 775 \ \"log_level\": \"debug\",\n\n \"vxlan_mac_prefix\": \"0E-2A\",\n 776 \ \"vxlan_vni\": 4096,\n \"mtu\": __CNI_MTU__,\n \"policy\": 777 {\n \"type\": \"k8s\"\n },\n\n \"log_level\": \"info\",\n\n 778 \ \"capabilities\": {\"dns\": true},\n \"DNS\": {\n \"Search\": 779 \ [\n \"svc.cluster.local\"\n ]\n },\n\n \"datastore_type\": 780 \"kubernetes\",\n\n \"kubernetes\": {\n \"kubeconfig\": \"__KUBECONFIG_FILEPATH__\"\n 781 \ },\n\n \"ipam\": {\n \"type\": \"calico-ipam\",\n 782 \ \"subnet\": \"usePodCidr\"\n },\n\n \"policies\": 783 \ [\n {\n \"Name\": \"EndpointPolicy\",\n \"Value\": 784 \ {\n \"Type\": \"OutBoundNAT\",\n \"ExceptionList\": 785 \ [\n \"__K8S_SERVICE_CIDR__\"\n ]\n }\n 786 \ },\n {\n \"Name\": \"EndpointPolicy\",\n 787 \ \"Value\": {\n \"Type\": \"SDNROUTE\",\n \"DestinationPrefix\": 788 \ \"__K8S_SERVICE_CIDR__\",\n \"NeedEncap\": true\n }\n 789 \ }\n ]\n }\n ]\n\n }\n---\napiVersion: apps/v1\nkind: 790 DaemonSet\nmetadata:\n name: calico-node-windows\n labels:\n tier: node\n 791 \ app: calico\n namespace: calico-system\nspec:\n selector:\n matchLabels:\n 792 \ app: calico\n template:\n metadata:\n labels:\n tier: node\n 793 \ app: calico\n spec:\n affinity:\n nodeAffinity:\n requiredDuringSchedulingIgnoredDuringExecution:\n 794 \ nodeSelectorTerms:\n - matchExpressions:\n - 795 key: kubernetes.io/os\n operator: In\n values:\n 796 \ - windows\n - key: kubernetes.io/arch\n 797 \ operator: In\n values:\n - 798 amd64\n securityContext:\n windowsOptions:\n hostProcess: 799 true\n runAsUserName: \"NT AUTHORITY\\\\system\"\n hostNetwork: 800 true\n serviceAccountName: calico-node\n tolerations:\n - operator: 801 Exists\n effect: NoSchedule\n # Mark the pod as a critical add-on 802 for rescheduling.\n - key: CriticalAddonsOnly\n operator: Exists\n 803 \ - effect: NoExecute\n operator: Exists\n initContainers:\n # 804 This container installs the CNI binaries\n # and CNI network config file 805 on each node.\n - name: install-cni\n image: sigwindowstools/calico-install:v3.26.1-hostprocess\n 806 \ args: [\"$env:CONTAINER_SANDBOX_MOUNT_POINT/calico/install.ps1\"]\n 807 \ imagePullPolicy: Always\n env:\n # Name of the CNI 808 config file to create.\n - name: CNI_CONF_NAME\n value: 809 \"10-calico.conflist\"\n # The CNI network config to install on each 810 node.\n - name: CNI_NETWORK_CONFIG\n valueFrom:\n configMapKeyRef:\n 811 \ name: calico-config-windows\n key: cni_network_config\n 812 \ # Set the hostname based on the k8s node name.\n - name: 813 KUBERNETES_NODE_NAME\n valueFrom:\n fieldRef:\n fieldPath: 814 spec.nodeName\n # CNI MTU Config variable\n - name: CNI_MTU\n 815 \ valueFrom:\n configMapKeyRef:\n name: 816 calico-config-windows\n key: veth_mtu\n # Prevents 817 the container from sleeping forever.\n - name: SLEEP\n value: 818 \"false\"\n - name: K8S_SERVICE_CIDR\n value: \"10.96.0.0/12\"\n 819 \ volumeMounts:\n - mountPath: /host/opt/cni/bin\n name: 820 cni-bin-dir\n - mountPath: /host/etc/cni/net.d\n name: 821 cni-net-dir\n - name: kubeadm-config\n mountPath: /etc/kubeadm-config/\n 822 \ securityContext:\n windowsOptions:\n hostProcess: 823 true\n runAsUserName: \"NT AUTHORITY\\\\system\"\n containers:\n 824 \ - name: calico-node-startup\n image: sigwindowstools/calico-node:v3.26.1-hostprocess\n 825 \ args: [\"$env:CONTAINER_SANDBOX_MOUNT_POINT/calico/node-service.ps1\"]\n 826 \ workingDir: \"$env:CONTAINER_SANDBOX_MOUNT_POINT/calico/\"\n imagePullPolicy: 827 Always\n volumeMounts:\n - name: calico-config-windows\n mountPath: 828 /etc/kube-calico-windows/\n env:\n - name: POD_NAME\n valueFrom:\n 829 \ fieldRef:\n apiVersion: v1\n fieldPath: 830 metadata.name\n - name: POD_NAMESPACE\n valueFrom:\n fieldRef:\n 831 \ apiVersion: v1\n fieldPath: metadata.namespace\n - 832 name: CNI_IPAM_TYPE\n value: \"calico-ipam\"\n - name: CALICO_NETWORKING_BACKEND\n 833 \ value: \"vxlan\"\n - name: KUBECONFIG\n value: \"C:/etc/cni/net.d/calico-kubeconfig\"\n 834 \ - name: VXLAN_VNI\n value: \"4096\"\n - name: calico-node-felix\n 835 \ image: sigwindowstools/calico-node:v3.26.1-hostprocess\n args: 836 [\"$env:CONTAINER_SANDBOX_MOUNT_POINT/calico/felix-service.ps1\"]\n imagePullPolicy: 837 Always\n workingDir: \"$env:CONTAINER_SANDBOX_MOUNT_POINT/calico/\"\n volumeMounts:\n 838 \ - name: calico-config-windows\n mountPath: /etc/kube-calico-windows/\n 839 \ - name: calico-static-rules\n mountPath: /calico/static-rules.json\n 840 \ subPath: static-rules.json\n env:\n - name: POD_NAME\n 841 \ valueFrom:\n fieldRef:\n apiVersion: v1\n fieldPath: 842 metadata.name\n - name: POD_NAMESPACE\n valueFrom:\n fieldRef:\n 843 \ apiVersion: v1\n fieldPath: metadata.namespace\n - 844 name: VXLAN_VNI\n value: \"4096\"\n - name: KUBECONFIG\n value: 845 \"C:/etc/cni/net.d/calico-kubeconfig\"\n volumes:\n - name: calico-config-windows\n 846 \ configMap:\n name: calico-config-windows\n - name: calico-static-rules\n 847 \ configMap:\n name: calico-static-rules\n # Used to install 848 CNI.\n - name: cni-bin-dir\n hostPath:\n path: /opt/cni/bin\n 849 \ - name: cni-net-dir\n hostPath:\n path: /etc/cni/net.d\n 850 \ - name: kubeadm-config\n configMap:\n name: kubeadm-config\n---\napiVersion: 851 apiextensions.k8s.io/v1\nkind: CustomResourceDefinition\nmetadata:\n name: ipamconfigs.crd.projectcalico.org\nspec:\n 852 \ group: crd.projectcalico.org\n names:\n kind: IPAMConfig\n listKind: 853 IPAMConfigList\n plural: ipamconfigs\n singular: ipamconfig\n preserveUnknownFields: 854 false\n scope: Cluster\n versions:\n - name: v1\n schema:\n openAPIV3Schema:\n 855 \ properties:\n apiVersion:\n description: 'APIVersion 856 defines the versioned schema of this representation\n of an object. 857 Servers should convert recognized schemas to the latest\n internal 858 value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'\n 859 \ type: string\n kind:\n description: 'Kind is a 860 string value representing the REST resource this\n object represents. 861 Servers may infer this from the endpoint the client\n submits requests 862 to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'\n 863 \ type: string\n metadata:\n type: object\n spec:\n 864 \ description: IPAMConfigSpec contains the specification for an IPAMConfig\n 865 \ resource.\n properties:\n autoAllocateBlocks:\n 866 \ type: boolean\n maxBlocksPerHost:\n description: 867 MaxBlocksPerHost, if non-zero, is the max number of blocks\n that 868 can be affine to each host.\n maximum: 2147483647\n minimum: 869 0\n type: integer\n strictAffinity:\n type: 870 boolean\n required:\n - autoAllocateBlocks\n - 871 strictAffinity\n type: object\n type: object\n served: true\n 872 \ storage: true\nstatus:\n acceptedNames:\n kind: \"\"\n plural: \"\"\n 873 \ conditions: []\n storedVersions: []\n" 874 kind: ConfigMap 875 metadata: 876 annotations: 877 note: generated 878 labels: 879 type: generated 880 name: cni-${CLUSTER_NAME}-calico-windows 881 namespace: default 882 --- 883 apiVersion: v1 884 data: 885 csi-proxy: | 886 apiVersion: apps/v1 887 kind: DaemonSet 888 metadata: 889 labels: 890 k8s-app: csi-proxy 891 name: csi-proxy 892 namespace: kube-system 893 spec: 894 selector: 895 matchLabels: 896 k8s-app: csi-proxy 897 template: 898 metadata: 899 labels: 900 k8s-app: csi-proxy 901 spec: 902 nodeSelector: 903 "kubernetes.io/os": windows 904 securityContext: 905 windowsOptions: 906 hostProcess: true 907 runAsUserName: "NT AUTHORITY\\SYSTEM" 908 hostNetwork: true 909 containers: 910 - name: csi-proxy 911 image: ghcr.io/kubernetes-sigs/sig-windows/csi-proxy:v1.0.2 912 kind: ConfigMap 913 metadata: 914 annotations: 915 note: generated 916 labels: 917 type: generated 918 name: csi-proxy-addon 919 namespace: default 920 --- 921 apiVersion: v1 922 data: 923 containerd-windows-logger: | 924 apiVersion: apps/v1 925 kind: DaemonSet 926 metadata: 927 labels: 928 k8s-app: containerd-logger 929 name: containerd-logger 930 namespace: kube-system 931 spec: 932 selector: 933 matchLabels: 934 k8s-app: containerd-logger 935 template: 936 metadata: 937 labels: 938 k8s-app: containerd-logger 939 spec: 940 securityContext: 941 windowsOptions: 942 hostProcess: true 943 runAsUserName: "NT AUTHORITY\\system" 944 hostNetwork: true 945 containers: 946 - image: ghcr.io/kubernetes-sigs/sig-windows/eventflow-logger:v0.1.0 947 args: [ "config.json" ] 948 name: containerd-logger 949 imagePullPolicy: Always 950 volumeMounts: 951 - name: containerd-logger-config 952 mountPath: /config.json 953 subPath: config.json 954 nodeSelector: 955 kubernetes.io/os: windows 956 tolerations: 957 - key: CriticalAddonsOnly 958 operator: Exists 959 - operator: Exists 960 volumes: 961 - configMap: 962 name: containerd-logger-config 963 name: containerd-logger-config 964 updateStrategy: 965 type: RollingUpdate 966 --- 967 kind: ConfigMap 968 apiVersion: v1 969 metadata: 970 name: containerd-logger-config 971 namespace: kube-system 972 data: 973 config.json: | 974 { 975 "inputs": [ 976 { 977 "type": "ETW", 978 "sessionNamePrefix": "containerd", 979 "cleanupOldSessions": true, 980 "reuseExistingSession": true, 981 "providers": [ 982 { 983 "providerName": "Microsoft.Virtualization.RunHCS", 984 "providerGuid": "0B52781F-B24D-5685-DDF6-69830ED40EC3", 985 "level": "Verbose" 986 }, 987 { 988 "providerName": "ContainerD", 989 "providerGuid": "2acb92c0-eb9b-571a-69cf-8f3410f383ad", 990 "level": "Verbose" 991 } 992 ] 993 } 994 ], 995 "filters": [ 996 { 997 "type": "drop", 998 "include": "ProviderName == Microsoft.Virtualization.RunHCS && name == Stats && hasnoproperty error" 999 }, 1000 { 1001 "type": "drop", 1002 "include": "ProviderName == Microsoft.Virtualization.RunHCS && name == hcsshim::LayerID && hasnoproperty error" 1003 }, 1004 { 1005 "type": "drop", 1006 "include": "ProviderName == Microsoft.Virtualization.RunHCS && name == hcsshim::NameToGuid && hasnoproperty error" 1007 }, 1008 { 1009 "type": "drop", 1010 "include": "ProviderName == Microsoft.Virtualization.RunHCS && name == containerd.task.v2.Task.Stats && hasnoproperty error" 1011 }, 1012 { 1013 "type": "drop", 1014 "include": "ProviderName == Microsoft.Virtualization.RunHCS && name == containerd.task.v2.Task.State && hasnoproperty error" 1015 }, 1016 { 1017 "type": "drop", 1018 "include": "ProviderName == Microsoft.Virtualization.RunHCS && name == HcsGetProcessProperties && hasnoproperty error" 1019 }, 1020 { 1021 "type": "drop", 1022 "include": "ProviderName == Microsoft.Virtualization.RunHCS && name == HcsGetComputeSystemProperties && hasnoproperty error" 1023 } 1024 ], 1025 "outputs": [ 1026 { 1027 "type": "StdOutput" 1028 } 1029 ], 1030 "schemaVersion": "2016-08-11" 1031 } 1032 kind: ConfigMap 1033 metadata: 1034 annotations: 1035 note: generated 1036 labels: 1037 type: generated 1038 name: containerd-logger-${CLUSTER_NAME} 1039 namespace: default