From 96992560a46c6b67686ef1c7130b67941b78ec03 Mon Sep 17 00:00:00 2001 From: Sylvain Boily <4981802+djsly@users.noreply.github.com> Date: Thu, 25 Sep 2025 15:31:02 -0400 Subject: [PATCH 1/2] migrating to oss/v2 for pause, aligning version to 3.6 for linux and 3.10.1 for windows --- .github/renovate.json | 2 +- e2e/node_config.go | 8 ++-- parts/common/components.json | 16 +++++++ pkg/agent/baker_test.go | 4 +- pkg/agent/datamodel/mocks.go | 2 +- pkg/agent/datamodel/types.go | 2 +- .../CustomData | 4 +- .../AKSWindows2019+CustomCloud/CustomData | 4 +- .../AKSWindows2019+CustomVnet/CustomData | 4 +- .../CustomData | 4 +- .../testdata/AKSWindows2019+K8S116/CustomData | 4 +- .../testdata/AKSWindows2019+K8S117/CustomData | 4 +- .../testdata/AKSWindows2019+K8S118/CustomData | 4 +- .../AKSWindows2019+K8S119+CSI/CustomData | 4 +- .../AKSWindows2019+K8S119+FIPS/CustomData | 4 +- .../testdata/AKSWindows2019+K8S119/CustomData | 4 +- .../CustomData | 4 +- .../CustomData | 4 +- .../AKSWindows2019+ManagedIdentity/CustomData | 4 +- .../AKSWindows2019+SecurityProfile/CustomData | 4 +- .../CustomData | 4 +- .../CustomData | 4 +- .../CustomData | 4 +- .../CustomData | 4 +- staging/cse/windows/containerdfunc.tests.ps1 | 4 +- .../containerdfunc.tests.suites/config.toml | 10 ++-- staging/cse/windows/kubernetesfunc.ps1 | 2 +- vhdbuilder/packer/install-dependencies.sh | 46 +++++++++++++++---- .../packer/windows/components-test.json | 4 +- .../windows/components_json_helpers.tests.ps1 | 4 +- 30 files changed, 110 insertions(+), 66 deletions(-) diff --git a/.github/renovate.json b/.github/renovate.json index ee66d25e46a..bb77d07c5aa 100644 --- a/.github/renovate.json +++ b/.github/renovate.json @@ -25,7 +25,7 @@ { "matchPackageNames": [ "oss/kubernetes/autoscaler/addon-resizer", - "oss/kubernetes/pause", + "oss/v2/kubernetes/pause", "oss/v2/kubernetes/coredns", "containernetworking/azure-cni", "containernetworking/azure-cns", diff --git a/e2e/node_config.go b/e2e/node_config.go index d9db549c59f..758c3591a29 100644 --- a/e2e/node_config.go +++ b/e2e/node_config.go @@ -531,7 +531,7 @@ func baseTemplateLinux(t testing.TB, location string, k8sVersion string, arch st ContainerdDownloadURLBase: "https://storage.googleapis.com/cri-containerd-release/", CSIProxyDownloadURL: "https://packages.aks.azure.com/csi-proxy/v0.1.0/binaries/csi-proxy.tar.gz", WindowsProvisioningScriptsPackageURL: "https://packages.aks.azure.com/aks-engine/windows/provisioning/signedscripts-v0.2.2.zip", - WindowsPauseImageURL: "mcr.microsoft.com/oss/kubernetes/pause:1.4.0", + WindowsPauseImageURL: "mcr.microsoft.com/oss/v2/kubernetes/pause:3.10.1", AlwaysPullWindowsPauseImage: false, CseScriptsPackageURL: "https://packages.aks.azure.com/aks/windows/cse/", CNIARM64PluginsDownloadURL: "https://packages.aks.azure.com/cni-plugins/v0.8.7/binaries/cni-plugins-linux-arm64-v0.8.7.tgz", @@ -805,7 +805,7 @@ func baseTemplateWindows(t testing.TB, location string) *datamodel.NodeBootstrap WindowsDockerVersion: "", WindowsImageSourceURL: "", WindowsOffer: "aks-windows", - WindowsPauseImageURL: "mcr.microsoft.com/oss/kubernetes/pause:3.9-hotfix-20230808", + WindowsPauseImageURL: "mcr.microsoft.com/oss/v2/kubernetes/pause:3.10.1", WindowsPublisher: "microsoft-aks", WindowsSku: "", }, @@ -848,7 +848,7 @@ DXRqvV7TWO2hndliQq3BW385ZkiephlrmpUVM= r2k1@arturs-mbp.lan`, // VnetCNIARM64LinuxPluginsDownloadURL: "https://packages.aks.azure.com/azure-cni/v1.4.13/binaries/azure-vnet-cni-linux-arm64-v1.4.14.tgz", // VnetCNILinuxPluginsDownloadURL: "https://packages.aks.azure.com/azure-cni/v1.1.3/binaries/azure-vnet-cni-linux-amd64-v1.1.3.tgz", VnetCNIWindowsPluginsDownloadURL: "https://packages.aks.azure.com/azure-cni/v1.6.21/binaries/azure-vnet-cni-windows-amd64-v1.6.21.zip", - WindowsPauseImageURL: "mcr.microsoft.com/oss/kubernetes/pause:3.9-hotfix-20230808", + WindowsPauseImageURL: "mcr.microsoft.com/oss/v2/kubernetes/pause:3.10.1", WindowsProvisioningScriptsPackageURL: "https://packages.aks.azure.com/aks/windows/cse/aks-windows-cse-scripts-v0.0.52.zip", WindowsTelemetryGUID: "fb801154-36b9-41bc-89c2-f4d4f05472b0", }, @@ -894,7 +894,7 @@ DXRqvV7TWO2hndliQq3BW385ZkiephlrmpUVM= r2k1@arturs-mbp.lan`, "--kube-reserved": "cpu=100m,memory=3891Mi", "--kubeconfig": "c:\\k\\config", "--max-pods": "30", - "--pod-infra-container-image": "mcr.microsoft.com/oss/kubernetes/pause:3.9-hotfix-20230808", + "--pod-infra-container-image": "mcr.microsoft.com/oss/v2/kubernetes/pause:3.10.1", "--resolv-conf": "\"\"\"\"", "--cluster-dns": "10.0.0.10", "--cluster-domain": "cluster.local", diff --git a/parts/common/components.json b/parts/common/components.json index ef9c76f95e3..645c79a0dde 100644 --- a/parts/common/components.json +++ b/parts/common/components.json @@ -120,6 +120,22 @@ } ] }, + { + "downloadURL": "mcr.microsoft.com/oss/v2/kubernetes/pause:*", + "amd64OnlyVersions": [], + "multiArchVersionsV2": [ + { + "renovateTag": "registry=https://mcr.microsoft.com, name=oss/v2/kubernetes/pause", + "latestVersion": "3.6" + } + ], + "windowsVersions": [ + { + "renovateTag": "registry=https://mcr.microsoft.com, name=oss/v2/kubernetes/pause", + "latestVersion": "3.10.1" + } + ] + }, { "downloadURL": "mcr.microsoft.com/oss/v2/kubernetes/coredns:*", "amd64OnlyVersions": [], diff --git a/pkg/agent/baker_test.go b/pkg/agent/baker_test.go index 5a9d23022e0..97b282a03f7 100644 --- a/pkg/agent/baker_test.go +++ b/pkg/agent/baker_test.go @@ -2463,7 +2463,7 @@ var _ = Describe("Assert generated customData and cseCmd for Windows", func() { }, WindowsProfile: &datamodel.WindowsProfile{ ProvisioningScriptsPackageURL: "https://acs-mirror.azureedge.net/aks-engine/windows/provisioning/signedscripts-v0.0.4.zip", - WindowsPauseImageURL: "mcr.microsoft.com/oss/kubernetes/pause:1.4.0", + WindowsPauseImageURL: "mcr.microsoft.com/oss/v2/kubernetes/pause:3.10.1", AdminUsername: "azureuser", AdminPassword: "replacepassword1234", WindowsPublisher: "microsoft-aks", @@ -2529,7 +2529,7 @@ var _ = Describe("Assert generated customData and cseCmd for Windows", func() { "--max-pods": "30", "--network-plugin": "cni", "--node-status-update-frequency": "10s", - "--pod-infra-container-image": "mcr.microsoft.com/oss/kubernetes/pause:3.9", + "--pod-infra-container-image": "mcr.microsoft.com/oss/v2/kubernetes/pause:3.6", "--pod-max-pids": "-1", "--read-only-port": "0", "--resolv-conf": `""`, diff --git a/pkg/agent/datamodel/mocks.go b/pkg/agent/datamodel/mocks.go index 5f12a742b49..96f27ae4184 100644 --- a/pkg/agent/datamodel/mocks.go +++ b/pkg/agent/datamodel/mocks.go @@ -129,7 +129,7 @@ var ( ContainerdDownloadURLBase: "https://storage.googleapis.com/cri-containerd-release/", CSIProxyDownloadURL: "https://acs-mirror.azureedge.net/csi-proxy/v0.1.0/binaries/csi-proxy.tar.gz", WindowsProvisioningScriptsPackageURL: "https://acs-mirror.azureedge.net/aks-engine/windows/provisioning/signedscripts-v0.2.2.zip", - WindowsPauseImageURL: "mcr.microsoft.com/oss/kubernetes/pause:1.4.0", + WindowsPauseImageURL: "mcr.microsoft.com/oss/v2/kubernetes/pause:3.10.1", AlwaysPullWindowsPauseImage: false, CseScriptsPackageURL: "https://acs-mirror.azureedge.net/aks/windows/cse/csescripts-v0.0.1.zip", CNIARM64PluginsDownloadURL: "https://acs-mirror.azureedge.net/cni-plugins/v0.8.7/binaries/cni-plugins-linux-arm64-v0.8.7.tgz", diff --git a/pkg/agent/datamodel/types.go b/pkg/agent/datamodel/types.go index ac9de8c48ab..24db0cbfdcf 100644 --- a/pkg/agent/datamodel/types.go +++ b/pkg/agent/datamodel/types.go @@ -1708,7 +1708,7 @@ func FormatProdFQDNByLocation(fqdnPrefix string, location string, cloudSpecConfi type K8sComponents struct { // Full path to the "pause" image. Used for --pod-infra-container-image. - // For example: "mcr.microsoft.com/oss/kubernetes/pause:1.3.1". + // For example: "mcr.microsoft.com/oss/v2/kubernetes/pause:3.6". PodInfraContainerImageURL string // Full path to the hyperkube image. diff --git a/pkg/agent/testdata/AKSWindows2019+CustomCloud+ootcredentialprovider/CustomData b/pkg/agent/testdata/AKSWindows2019+CustomCloud+ootcredentialprovider/CustomData index 34164b03d89..3b374e04d13 100644 --- a/pkg/agent/testdata/AKSWindows2019+CustomCloud+ootcredentialprovider/CustomData +++ b/pkg/agent/testdata/AKSWindows2019+CustomCloud+ootcredentialprovider/CustomData @@ -101,7 +101,7 @@ $global:VNetCIDR = "10.0.0.0/8" $global:KubeletNodeLabels = "agentpool=wpool2,kubernetes.azure.com/agentpool=wpool2,kubernetes.azure.com/node-image-version=AKSWindows-2019-17763.1577.201111" -$global:KubeletConfigArgs = @( "--address=0.0.0.0", "--anonymous-auth=false", "--authentication-token-webhook=true", "--authorization-mode=Webhook", "--azure-container-registry-config=c:\k\azure.json", "--cgroups-per-qos=false", "--client-ca-file=c:\k\ca.crt", "--cloud-config=c:\k\azure.json", "--cloud-provider=azure", "--cluster-dns=10.0.0.10", "--cluster-domain=cluster.local", "--enforce-node-allocatable=", "--event-qps=0", "--eviction-hard=", "--feature-gates=RotateKubeletServerCertificate=true", "--hairpin-mode=promiscuous-bridge", "--image-credential-provider-bin-dir=c:\var\lib\kubelet\credential-provider", "--image-credential-provider-config=c:\var\lib\kubelet\credential-provider-config.yaml", "--image-gc-high-threshold=85", "--image-gc-low-threshold=80", "--kube-reserved=cpu=100m,memory=1843Mi", "--kubeconfig=c:\k\config", "--max-pods=30", "--network-plugin=cni", "--node-status-update-frequency=10s", "--pod-infra-container-image=mcr.microsoft.com/oss/kubernetes/pause:3.9", "--pod-max-pids=-1", "--read-only-port=0", "--resolv-conf=""", "--rotate-certificates=false", "--streaming-connection-idle-timeout=4h", "--system-reserved=memory=2Gi", "--tls-cipher-suites=TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_RSA_WITH_AES_256_GCM_SHA384,TLS_RSA_WITH_AES_128_GCM_SHA256" ) +$global:KubeletConfigArgs = @( "--address=0.0.0.0", "--anonymous-auth=false", "--authentication-token-webhook=true", "--authorization-mode=Webhook", "--azure-container-registry-config=c:\k\azure.json", "--cgroups-per-qos=false", "--client-ca-file=c:\k\ca.crt", "--cloud-config=c:\k\azure.json", "--cloud-provider=azure", "--cluster-dns=10.0.0.10", "--cluster-domain=cluster.local", "--enforce-node-allocatable=", "--event-qps=0", "--eviction-hard=", "--feature-gates=RotateKubeletServerCertificate=true", "--hairpin-mode=promiscuous-bridge", "--image-credential-provider-bin-dir=c:\var\lib\kubelet\credential-provider", "--image-credential-provider-config=c:\var\lib\kubelet\credential-provider-config.yaml", "--image-gc-high-threshold=85", "--image-gc-low-threshold=80", "--kube-reserved=cpu=100m,memory=1843Mi", "--kubeconfig=c:\k\config", "--max-pods=30", "--network-plugin=cni", "--node-status-update-frequency=10s", "--pod-infra-container-image=mcr.microsoft.com/oss/v2/kubernetes/pause:3.6", "--pod-max-pids=-1", "--read-only-port=0", "--resolv-conf=""", "--rotate-certificates=false", "--streaming-connection-idle-timeout=4h", "--system-reserved=memory=2Gi", "--tls-cipher-suites=TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_RSA_WITH_AES_256_GCM_SHA384,TLS_RSA_WITH_AES_128_GCM_SHA256" ) $global:KubeproxyConfigArgs = @( "--metrics-bind-address=0.0.0.0:10249" ) $global:KubeproxyFeatureGates = @( "WinDSR=true", "WinOverlay=false" ) @@ -157,7 +157,7 @@ $global:CSEScriptsPackageUrl = ""; $global:GpuDriverURL = ""; # PauseImage -$global:WindowsPauseImageURL = "mcr.microsoft.com/oss/kubernetes/pause:1.4.0"; +$global:WindowsPauseImageURL = "mcr.microsoft.com/oss/v2/kubernetes/pause:3.10.1"; $global:AlwaysPullWindowsPauseImage = [System.Convert]::ToBoolean("true"); # Calico diff --git a/pkg/agent/testdata/AKSWindows2019+CustomCloud/CustomData b/pkg/agent/testdata/AKSWindows2019+CustomCloud/CustomData index 0613454fcb1..9751edfe69c 100644 --- a/pkg/agent/testdata/AKSWindows2019+CustomCloud/CustomData +++ b/pkg/agent/testdata/AKSWindows2019+CustomCloud/CustomData @@ -101,7 +101,7 @@ $global:VNetCIDR = "10.0.0.0/8" $global:KubeletNodeLabels = "agentpool=wpool2,kubernetes.azure.com/agentpool=wpool2,kubernetes.azure.com/node-image-version=AKSWindows-2019-17763.1577.201111" -$global:KubeletConfigArgs = @( "--address=0.0.0.0", "--anonymous-auth=false", "--authentication-token-webhook=true", "--authorization-mode=Webhook", "--azure-container-registry-config=c:\k\azure.json", "--cgroups-per-qos=false", "--client-ca-file=c:\k\ca.crt", "--cloud-config=c:\k\azure.json", "--cloud-provider=azure", "--cluster-dns=10.0.0.10", "--cluster-domain=cluster.local", "--enforce-node-allocatable=", "--event-qps=0", "--eviction-hard=", "--feature-gates=DynamicKubeletConfig=false,RotateKubeletServerCertificate=true", "--hairpin-mode=promiscuous-bridge", "--image-gc-high-threshold=85", "--image-gc-low-threshold=80", "--kube-reserved=cpu=100m,memory=1843Mi", "--kubeconfig=c:\k\config", "--max-pods=30", "--network-plugin=cni", "--node-status-update-frequency=10s", "--pod-infra-container-image=mcr.microsoft.com/oss/kubernetes/pause:3.9", "--pod-max-pids=-1", "--read-only-port=0", "--resolv-conf=""", "--rotate-certificates=false", "--streaming-connection-idle-timeout=4h", "--system-reserved=memory=2Gi", "--tls-cipher-suites=TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_RSA_WITH_AES_256_GCM_SHA384,TLS_RSA_WITH_AES_128_GCM_SHA256" ) +$global:KubeletConfigArgs = @( "--address=0.0.0.0", "--anonymous-auth=false", "--authentication-token-webhook=true", "--authorization-mode=Webhook", "--azure-container-registry-config=c:\k\azure.json", "--cgroups-per-qos=false", "--client-ca-file=c:\k\ca.crt", "--cloud-config=c:\k\azure.json", "--cloud-provider=azure", "--cluster-dns=10.0.0.10", "--cluster-domain=cluster.local", "--enforce-node-allocatable=", "--event-qps=0", "--eviction-hard=", "--feature-gates=DynamicKubeletConfig=false,RotateKubeletServerCertificate=true", "--hairpin-mode=promiscuous-bridge", "--image-gc-high-threshold=85", "--image-gc-low-threshold=80", "--kube-reserved=cpu=100m,memory=1843Mi", "--kubeconfig=c:\k\config", "--max-pods=30", "--network-plugin=cni", "--node-status-update-frequency=10s", "--pod-infra-container-image=mcr.microsoft.com/oss/v2/kubernetes/pause:3.6", "--pod-max-pids=-1", "--read-only-port=0", "--resolv-conf=""", "--rotate-certificates=false", "--streaming-connection-idle-timeout=4h", "--system-reserved=memory=2Gi", "--tls-cipher-suites=TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_RSA_WITH_AES_256_GCM_SHA384,TLS_RSA_WITH_AES_128_GCM_SHA256" ) $global:KubeproxyConfigArgs = @( "--metrics-bind-address=0.0.0.0:10249" ) $global:KubeproxyFeatureGates = @( "WinDSR=true", "WinOverlay=false" ) @@ -157,7 +157,7 @@ $global:CSEScriptsPackageUrl = ""; $global:GpuDriverURL = ""; # PauseImage -$global:WindowsPauseImageURL = "mcr.microsoft.com/oss/kubernetes/pause:1.4.0"; +$global:WindowsPauseImageURL = "mcr.microsoft.com/oss/v2/kubernetes/pause:3.10.1"; $global:AlwaysPullWindowsPauseImage = [System.Convert]::ToBoolean("true"); # Calico diff --git a/pkg/agent/testdata/AKSWindows2019+CustomVnet/CustomData b/pkg/agent/testdata/AKSWindows2019+CustomVnet/CustomData index 9762e02a6db..f2317c2b4e6 100644 --- a/pkg/agent/testdata/AKSWindows2019+CustomVnet/CustomData +++ b/pkg/agent/testdata/AKSWindows2019+CustomVnet/CustomData @@ -101,7 +101,7 @@ $global:VNetCIDR = "172.17.0.0/16" $global:KubeletNodeLabels = "agentpool=wpool2,kubernetes.azure.com/agentpool=wpool2,kubernetes.azure.com/node-image-version=AKSWindows-2019-17763.1577.201111" -$global:KubeletConfigArgs = @( "--address=0.0.0.0", "--anonymous-auth=false", "--authentication-token-webhook=true", "--authorization-mode=Webhook", "--azure-container-registry-config=c:\k\azure.json", "--cgroups-per-qos=false", "--client-ca-file=c:\k\ca.crt", "--cloud-config=c:\k\azure.json", "--cloud-provider=azure", "--cluster-dns=172.17.255.10", "--cluster-domain=cluster.local", "--enforce-node-allocatable=", "--event-qps=0", "--eviction-hard=", "--feature-gates=DynamicKubeletConfig=false,RotateKubeletServerCertificate=true", "--hairpin-mode=promiscuous-bridge", "--image-gc-high-threshold=85", "--image-gc-low-threshold=80", "--kube-reserved=cpu=100m,memory=1843Mi", "--kubeconfig=c:\k\config", "--max-pods=30", "--network-plugin=cni", "--node-status-update-frequency=10s", "--pod-infra-container-image=mcr.microsoft.com/oss/kubernetes/pause:3.9", "--pod-max-pids=-1", "--read-only-port=0", "--resolv-conf=""", "--rotate-certificates=false", "--streaming-connection-idle-timeout=4h", "--system-reserved=memory=2Gi", "--tls-cipher-suites=TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_RSA_WITH_AES_256_GCM_SHA384,TLS_RSA_WITH_AES_128_GCM_SHA256" ) +$global:KubeletConfigArgs = @( "--address=0.0.0.0", "--anonymous-auth=false", "--authentication-token-webhook=true", "--authorization-mode=Webhook", "--azure-container-registry-config=c:\k\azure.json", "--cgroups-per-qos=false", "--client-ca-file=c:\k\ca.crt", "--cloud-config=c:\k\azure.json", "--cloud-provider=azure", "--cluster-dns=172.17.255.10", "--cluster-domain=cluster.local", "--enforce-node-allocatable=", "--event-qps=0", "--eviction-hard=", "--feature-gates=DynamicKubeletConfig=false,RotateKubeletServerCertificate=true", "--hairpin-mode=promiscuous-bridge", "--image-gc-high-threshold=85", "--image-gc-low-threshold=80", "--kube-reserved=cpu=100m,memory=1843Mi", "--kubeconfig=c:\k\config", "--max-pods=30", "--network-plugin=cni", "--node-status-update-frequency=10s", "--pod-infra-container-image=mcr.microsoft.com/oss/v2/kubernetes/pause:3.6", "--pod-max-pids=-1", "--read-only-port=0", "--resolv-conf=""", "--rotate-certificates=false", "--streaming-connection-idle-timeout=4h", "--system-reserved=memory=2Gi", "--tls-cipher-suites=TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_RSA_WITH_AES_256_GCM_SHA384,TLS_RSA_WITH_AES_128_GCM_SHA256" ) $global:KubeproxyConfigArgs = @( "--metrics-bind-address=0.0.0.0:10249" ) $global:KubeproxyFeatureGates = @( "WinDSR=true", "WinOverlay=false" ) @@ -157,7 +157,7 @@ $global:CSEScriptsPackageUrl = ""; $global:GpuDriverURL = ""; # PauseImage -$global:WindowsPauseImageURL = "mcr.microsoft.com/oss/kubernetes/pause:1.4.0"; +$global:WindowsPauseImageURL = "mcr.microsoft.com/oss/v2/kubernetes/pause:3.10.1"; $global:AlwaysPullWindowsPauseImage = [System.Convert]::ToBoolean("false"); # Calico diff --git a/pkg/agent/testdata/AKSWindows2019+EnablePrivateClusterHostsConfigAgent/CustomData b/pkg/agent/testdata/AKSWindows2019+EnablePrivateClusterHostsConfigAgent/CustomData index a91616e00e3..ff69197ccce 100644 --- a/pkg/agent/testdata/AKSWindows2019+EnablePrivateClusterHostsConfigAgent/CustomData +++ b/pkg/agent/testdata/AKSWindows2019+EnablePrivateClusterHostsConfigAgent/CustomData @@ -101,7 +101,7 @@ $global:VNetCIDR = "10.0.0.0/8" $global:KubeletNodeLabels = "agentpool=wpool2,kubernetes.azure.com/agentpool=wpool2,kubernetes.azure.com/node-image-version=AKSWindows-2019-17763.1577.201111" -$global:KubeletConfigArgs = @( "--address=0.0.0.0", "--anonymous-auth=false", "--authentication-token-webhook=true", "--authorization-mode=Webhook", "--azure-container-registry-config=c:\k\azure.json", "--cgroups-per-qos=false", "--client-ca-file=c:\k\ca.crt", "--cloud-config=c:\k\azure.json", "--cloud-provider=azure", "--cluster-dns=10.0.0.10", "--cluster-domain=cluster.local", "--enforce-node-allocatable=", "--event-qps=0", "--eviction-hard=", "--feature-gates=DynamicKubeletConfig=false,RotateKubeletServerCertificate=true", "--hairpin-mode=promiscuous-bridge", "--image-gc-high-threshold=85", "--image-gc-low-threshold=80", "--kube-reserved=cpu=100m,memory=1843Mi", "--kubeconfig=c:\k\config", "--max-pods=30", "--network-plugin=cni", "--node-status-update-frequency=10s", "--pod-infra-container-image=mcr.microsoft.com/oss/kubernetes/pause:3.9", "--pod-max-pids=-1", "--read-only-port=0", "--resolv-conf=""", "--rotate-certificates=false", "--streaming-connection-idle-timeout=4h", "--system-reserved=memory=2Gi", "--tls-cipher-suites=TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_RSA_WITH_AES_256_GCM_SHA384,TLS_RSA_WITH_AES_128_GCM_SHA256" ) +$global:KubeletConfigArgs = @( "--address=0.0.0.0", "--anonymous-auth=false", "--authentication-token-webhook=true", "--authorization-mode=Webhook", "--azure-container-registry-config=c:\k\azure.json", "--cgroups-per-qos=false", "--client-ca-file=c:\k\ca.crt", "--cloud-config=c:\k\azure.json", "--cloud-provider=azure", "--cluster-dns=10.0.0.10", "--cluster-domain=cluster.local", "--enforce-node-allocatable=", "--event-qps=0", "--eviction-hard=", "--feature-gates=DynamicKubeletConfig=false,RotateKubeletServerCertificate=true", "--hairpin-mode=promiscuous-bridge", "--image-gc-high-threshold=85", "--image-gc-low-threshold=80", "--kube-reserved=cpu=100m,memory=1843Mi", "--kubeconfig=c:\k\config", "--max-pods=30", "--network-plugin=cni", "--node-status-update-frequency=10s", "--pod-infra-container-image=mcr.microsoft.com/oss/v2/kubernetes/pause:3.6", "--pod-max-pids=-1", "--read-only-port=0", "--resolv-conf=""", "--rotate-certificates=false", "--streaming-connection-idle-timeout=4h", "--system-reserved=memory=2Gi", "--tls-cipher-suites=TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_RSA_WITH_AES_256_GCM_SHA384,TLS_RSA_WITH_AES_128_GCM_SHA256" ) $global:KubeproxyConfigArgs = @( "--metrics-bind-address=0.0.0.0:10249" ) $global:KubeproxyFeatureGates = @( "WinDSR=true", "WinOverlay=false" ) @@ -157,7 +157,7 @@ $global:CSEScriptsPackageUrl = ""; $global:GpuDriverURL = ""; # PauseImage -$global:WindowsPauseImageURL = "mcr.microsoft.com/oss/kubernetes/pause:1.4.0"; +$global:WindowsPauseImageURL = "mcr.microsoft.com/oss/v2/kubernetes/pause:3.10.1"; $global:AlwaysPullWindowsPauseImage = [System.Convert]::ToBoolean("false"); # Calico diff --git a/pkg/agent/testdata/AKSWindows2019+K8S116/CustomData b/pkg/agent/testdata/AKSWindows2019+K8S116/CustomData index acc7b9f6f6b..4ba7aa9bb43 100644 --- a/pkg/agent/testdata/AKSWindows2019+K8S116/CustomData +++ b/pkg/agent/testdata/AKSWindows2019+K8S116/CustomData @@ -101,7 +101,7 @@ $global:VNetCIDR = "10.0.0.0/8" $global:KubeletNodeLabels = "agentpool=wpool2,kubernetes.azure.com/agentpool=wpool2,kubernetes.azure.com/node-image-version=AKSWindows-2019-17763.1577.201111" -$global:KubeletConfigArgs = @( "--address=0.0.0.0", "--anonymous-auth=false", "--authentication-token-webhook=true", "--authorization-mode=Webhook", "--azure-container-registry-config=c:\k\azure.json", "--cgroups-per-qos=false", "--client-ca-file=c:\k\ca.crt", "--cloud-config=c:\k\azure.json", "--cloud-provider=azure", "--cluster-dns=10.0.0.10", "--cluster-domain=cluster.local", "--enforce-node-allocatable=", "--event-qps=0", "--eviction-hard=", "--feature-gates=DynamicKubeletConfig=false,RotateKubeletServerCertificate=true", "--hairpin-mode=promiscuous-bridge", "--image-gc-high-threshold=85", "--image-gc-low-threshold=80", "--kube-reserved=cpu=100m,memory=1843Mi", "--kubeconfig=c:\k\config", "--max-pods=30", "--network-plugin=cni", "--node-status-update-frequency=10s", "--pod-infra-container-image=mcr.microsoft.com/oss/kubernetes/pause:3.9", "--pod-max-pids=-1", "--read-only-port=0", "--resolv-conf=""", "--rotate-certificates=false", "--streaming-connection-idle-timeout=4h", "--system-reserved=memory=2Gi", "--tls-cipher-suites=TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_RSA_WITH_AES_256_GCM_SHA384,TLS_RSA_WITH_AES_128_GCM_SHA256" ) +$global:KubeletConfigArgs = @( "--address=0.0.0.0", "--anonymous-auth=false", "--authentication-token-webhook=true", "--authorization-mode=Webhook", "--azure-container-registry-config=c:\k\azure.json", "--cgroups-per-qos=false", "--client-ca-file=c:\k\ca.crt", "--cloud-config=c:\k\azure.json", "--cloud-provider=azure", "--cluster-dns=10.0.0.10", "--cluster-domain=cluster.local", "--enforce-node-allocatable=", "--event-qps=0", "--eviction-hard=", "--feature-gates=DynamicKubeletConfig=false,RotateKubeletServerCertificate=true", "--hairpin-mode=promiscuous-bridge", "--image-gc-high-threshold=85", "--image-gc-low-threshold=80", "--kube-reserved=cpu=100m,memory=1843Mi", "--kubeconfig=c:\k\config", "--max-pods=30", "--network-plugin=cni", "--node-status-update-frequency=10s", "--pod-infra-container-image=mcr.microsoft.com/oss/v2/kubernetes/pause:3.6", "--pod-max-pids=-1", "--read-only-port=0", "--resolv-conf=""", "--rotate-certificates=false", "--streaming-connection-idle-timeout=4h", "--system-reserved=memory=2Gi", "--tls-cipher-suites=TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_RSA_WITH_AES_256_GCM_SHA384,TLS_RSA_WITH_AES_128_GCM_SHA256" ) $global:KubeproxyConfigArgs = @( "--metrics-bind-address=0.0.0.0:10249" ) $global:KubeproxyFeatureGates = @( ) @@ -157,7 +157,7 @@ $global:CSEScriptsPackageUrl = ""; $global:GpuDriverURL = ""; # PauseImage -$global:WindowsPauseImageURL = "mcr.microsoft.com/oss/kubernetes/pause:1.4.0"; +$global:WindowsPauseImageURL = "mcr.microsoft.com/oss/v2/kubernetes/pause:3.10.1"; $global:AlwaysPullWindowsPauseImage = [System.Convert]::ToBoolean("false"); # Calico diff --git a/pkg/agent/testdata/AKSWindows2019+K8S117/CustomData b/pkg/agent/testdata/AKSWindows2019+K8S117/CustomData index 77680ee2c39..e2120efe4df 100644 --- a/pkg/agent/testdata/AKSWindows2019+K8S117/CustomData +++ b/pkg/agent/testdata/AKSWindows2019+K8S117/CustomData @@ -101,7 +101,7 @@ $global:VNetCIDR = "10.0.0.0/8" $global:KubeletNodeLabels = "agentpool=wpool2,kubernetes.azure.com/agentpool=wpool2,kubernetes.azure.com/node-image-version=AKSWindows-2019-17763.1577.201111" -$global:KubeletConfigArgs = @( "--address=0.0.0.0", "--anonymous-auth=false", "--authentication-token-webhook=true", "--authorization-mode=Webhook", "--azure-container-registry-config=c:\k\azure.json", "--cgroups-per-qos=false", "--client-ca-file=c:\k\ca.crt", "--cloud-config=c:\k\azure.json", "--cloud-provider=azure", "--cluster-dns=10.0.0.10", "--cluster-domain=cluster.local", "--enforce-node-allocatable=", "--event-qps=0", "--eviction-hard=", "--feature-gates=DynamicKubeletConfig=false,RotateKubeletServerCertificate=true", "--hairpin-mode=promiscuous-bridge", "--image-gc-high-threshold=85", "--image-gc-low-threshold=80", "--kube-reserved=cpu=100m,memory=1843Mi", "--kubeconfig=c:\k\config", "--max-pods=30", "--network-plugin=cni", "--node-status-update-frequency=10s", "--pod-infra-container-image=mcr.microsoft.com/oss/kubernetes/pause:3.9", "--pod-max-pids=-1", "--read-only-port=0", "--resolv-conf=""", "--rotate-certificates=false", "--streaming-connection-idle-timeout=4h", "--system-reserved=memory=2Gi", "--tls-cipher-suites=TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_RSA_WITH_AES_256_GCM_SHA384,TLS_RSA_WITH_AES_128_GCM_SHA256" ) +$global:KubeletConfigArgs = @( "--address=0.0.0.0", "--anonymous-auth=false", "--authentication-token-webhook=true", "--authorization-mode=Webhook", "--azure-container-registry-config=c:\k\azure.json", "--cgroups-per-qos=false", "--client-ca-file=c:\k\ca.crt", "--cloud-config=c:\k\azure.json", "--cloud-provider=azure", "--cluster-dns=10.0.0.10", "--cluster-domain=cluster.local", "--enforce-node-allocatable=", "--event-qps=0", "--eviction-hard=", "--feature-gates=DynamicKubeletConfig=false,RotateKubeletServerCertificate=true", "--hairpin-mode=promiscuous-bridge", "--image-gc-high-threshold=85", "--image-gc-low-threshold=80", "--kube-reserved=cpu=100m,memory=1843Mi", "--kubeconfig=c:\k\config", "--max-pods=30", "--network-plugin=cni", "--node-status-update-frequency=10s", "--pod-infra-container-image=mcr.microsoft.com/oss/v2/kubernetes/pause:3.6", "--pod-max-pids=-1", "--read-only-port=0", "--resolv-conf=""", "--rotate-certificates=false", "--streaming-connection-idle-timeout=4h", "--system-reserved=memory=2Gi", "--tls-cipher-suites=TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_RSA_WITH_AES_256_GCM_SHA384,TLS_RSA_WITH_AES_128_GCM_SHA256" ) $global:KubeproxyConfigArgs = @( "--metrics-bind-address=0.0.0.0:10249" ) $global:KubeproxyFeatureGates = @( ) @@ -157,7 +157,7 @@ $global:CSEScriptsPackageUrl = ""; $global:GpuDriverURL = ""; # PauseImage -$global:WindowsPauseImageURL = "mcr.microsoft.com/oss/kubernetes/pause:1.4.0"; +$global:WindowsPauseImageURL = "mcr.microsoft.com/oss/v2/kubernetes/pause:3.10.1"; $global:AlwaysPullWindowsPauseImage = [System.Convert]::ToBoolean("false"); # Calico diff --git a/pkg/agent/testdata/AKSWindows2019+K8S118/CustomData b/pkg/agent/testdata/AKSWindows2019+K8S118/CustomData index b706659a315..d30ac6eaf59 100644 --- a/pkg/agent/testdata/AKSWindows2019+K8S118/CustomData +++ b/pkg/agent/testdata/AKSWindows2019+K8S118/CustomData @@ -101,7 +101,7 @@ $global:VNetCIDR = "10.0.0.0/8" $global:KubeletNodeLabels = "agentpool=wpool2,kubernetes.azure.com/agentpool=wpool2,kubernetes.azure.com/node-image-version=AKSWindows-2019-17763.1577.201111" -$global:KubeletConfigArgs = @( "--address=0.0.0.0", "--anonymous-auth=false", "--authentication-token-webhook=true", "--authorization-mode=Webhook", "--azure-container-registry-config=c:\k\azure.json", "--cgroups-per-qos=false", "--client-ca-file=c:\k\ca.crt", "--cloud-config=c:\k\azure.json", "--cloud-provider=azure", "--cluster-dns=10.0.0.10", "--cluster-domain=cluster.local", "--enforce-node-allocatable=", "--event-qps=0", "--eviction-hard=", "--feature-gates=DynamicKubeletConfig=false,RotateKubeletServerCertificate=true", "--hairpin-mode=promiscuous-bridge", "--image-gc-high-threshold=85", "--image-gc-low-threshold=80", "--kube-reserved=cpu=100m,memory=1843Mi", "--kubeconfig=c:\k\config", "--max-pods=30", "--network-plugin=cni", "--node-status-update-frequency=10s", "--pod-infra-container-image=mcr.microsoft.com/oss/kubernetes/pause:3.9", "--pod-max-pids=-1", "--read-only-port=0", "--resolv-conf=""", "--rotate-certificates=false", "--streaming-connection-idle-timeout=4h", "--system-reserved=memory=2Gi", "--tls-cipher-suites=TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_RSA_WITH_AES_256_GCM_SHA384,TLS_RSA_WITH_AES_128_GCM_SHA256" ) +$global:KubeletConfigArgs = @( "--address=0.0.0.0", "--anonymous-auth=false", "--authentication-token-webhook=true", "--authorization-mode=Webhook", "--azure-container-registry-config=c:\k\azure.json", "--cgroups-per-qos=false", "--client-ca-file=c:\k\ca.crt", "--cloud-config=c:\k\azure.json", "--cloud-provider=azure", "--cluster-dns=10.0.0.10", "--cluster-domain=cluster.local", "--enforce-node-allocatable=", "--event-qps=0", "--eviction-hard=", "--feature-gates=DynamicKubeletConfig=false,RotateKubeletServerCertificate=true", "--hairpin-mode=promiscuous-bridge", "--image-gc-high-threshold=85", "--image-gc-low-threshold=80", "--kube-reserved=cpu=100m,memory=1843Mi", "--kubeconfig=c:\k\config", "--max-pods=30", "--network-plugin=cni", "--node-status-update-frequency=10s", "--pod-infra-container-image=mcr.microsoft.com/oss/v2/kubernetes/pause:3.6", "--pod-max-pids=-1", "--read-only-port=0", "--resolv-conf=""", "--rotate-certificates=false", "--streaming-connection-idle-timeout=4h", "--system-reserved=memory=2Gi", "--tls-cipher-suites=TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_RSA_WITH_AES_256_GCM_SHA384,TLS_RSA_WITH_AES_128_GCM_SHA256" ) $global:KubeproxyConfigArgs = @( "--metrics-bind-address=0.0.0.0:10249" ) $global:KubeproxyFeatureGates = @( ) @@ -157,7 +157,7 @@ $global:CSEScriptsPackageUrl = ""; $global:GpuDriverURL = ""; # PauseImage -$global:WindowsPauseImageURL = "mcr.microsoft.com/oss/kubernetes/pause:1.4.0"; +$global:WindowsPauseImageURL = "mcr.microsoft.com/oss/v2/kubernetes/pause:3.10.1"; $global:AlwaysPullWindowsPauseImage = [System.Convert]::ToBoolean("false"); # Calico diff --git a/pkg/agent/testdata/AKSWindows2019+K8S119+CSI/CustomData b/pkg/agent/testdata/AKSWindows2019+K8S119+CSI/CustomData index 158835970a9..5346d456dc7 100644 --- a/pkg/agent/testdata/AKSWindows2019+K8S119+CSI/CustomData +++ b/pkg/agent/testdata/AKSWindows2019+K8S119+CSI/CustomData @@ -101,7 +101,7 @@ $global:VNetCIDR = "10.0.0.0/8" $global:KubeletNodeLabels = "agentpool=wpool2,kubernetes.azure.com/agentpool=wpool2,kubernetes.azure.com/node-image-version=AKSWindows-2019-17763.1577.201111" -$global:KubeletConfigArgs = @( "--address=0.0.0.0", "--anonymous-auth=false", "--authentication-token-webhook=true", "--authorization-mode=Webhook", "--azure-container-registry-config=c:\k\azure.json", "--cgroups-per-qos=false", "--client-ca-file=c:\k\ca.crt", "--cloud-config=c:\k\azure.json", "--cloud-provider=azure", "--cluster-dns=10.0.0.10", "--cluster-domain=cluster.local", "--enforce-node-allocatable=", "--event-qps=0", "--eviction-hard=", "--feature-gates=DynamicKubeletConfig=false,RotateKubeletServerCertificate=true", "--hairpin-mode=promiscuous-bridge", "--image-gc-high-threshold=85", "--image-gc-low-threshold=80", "--kube-reserved=cpu=100m,memory=1843Mi", "--kubeconfig=c:\k\config", "--max-pods=30", "--network-plugin=cni", "--node-status-update-frequency=10s", "--pod-infra-container-image=mcr.microsoft.com/oss/kubernetes/pause:3.9", "--pod-max-pids=-1", "--read-only-port=0", "--resolv-conf=""", "--rotate-certificates=false", "--streaming-connection-idle-timeout=4h", "--system-reserved=memory=2Gi", "--tls-cipher-suites=TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_RSA_WITH_AES_256_GCM_SHA384,TLS_RSA_WITH_AES_128_GCM_SHA256" ) +$global:KubeletConfigArgs = @( "--address=0.0.0.0", "--anonymous-auth=false", "--authentication-token-webhook=true", "--authorization-mode=Webhook", "--azure-container-registry-config=c:\k\azure.json", "--cgroups-per-qos=false", "--client-ca-file=c:\k\ca.crt", "--cloud-config=c:\k\azure.json", "--cloud-provider=azure", "--cluster-dns=10.0.0.10", "--cluster-domain=cluster.local", "--enforce-node-allocatable=", "--event-qps=0", "--eviction-hard=", "--feature-gates=DynamicKubeletConfig=false,RotateKubeletServerCertificate=true", "--hairpin-mode=promiscuous-bridge", "--image-gc-high-threshold=85", "--image-gc-low-threshold=80", "--kube-reserved=cpu=100m,memory=1843Mi", "--kubeconfig=c:\k\config", "--max-pods=30", "--network-plugin=cni", "--node-status-update-frequency=10s", "--pod-infra-container-image=mcr.microsoft.com/oss/v2/kubernetes/pause:3.6", "--pod-max-pids=-1", "--read-only-port=0", "--resolv-conf=""", "--rotate-certificates=false", "--streaming-connection-idle-timeout=4h", "--system-reserved=memory=2Gi", "--tls-cipher-suites=TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_RSA_WITH_AES_256_GCM_SHA384,TLS_RSA_WITH_AES_128_GCM_SHA256" ) $global:KubeproxyConfigArgs = @( "--metrics-bind-address=0.0.0.0:10249" ) $global:KubeproxyFeatureGates = @( "WinDSR=true", "WinOverlay=false" ) @@ -157,7 +157,7 @@ $global:CSEScriptsPackageUrl = ""; $global:GpuDriverURL = ""; # PauseImage -$global:WindowsPauseImageURL = "mcr.microsoft.com/oss/kubernetes/pause:1.4.0"; +$global:WindowsPauseImageURL = "mcr.microsoft.com/oss/v2/kubernetes/pause:3.10.1"; $global:AlwaysPullWindowsPauseImage = [System.Convert]::ToBoolean("false"); # Calico diff --git a/pkg/agent/testdata/AKSWindows2019+K8S119+FIPS/CustomData b/pkg/agent/testdata/AKSWindows2019+K8S119+FIPS/CustomData index 524b1826331..7387c223b77 100644 --- a/pkg/agent/testdata/AKSWindows2019+K8S119+FIPS/CustomData +++ b/pkg/agent/testdata/AKSWindows2019+K8S119+FIPS/CustomData @@ -101,7 +101,7 @@ $global:VNetCIDR = "10.0.0.0/8" $global:KubeletNodeLabels = "agentpool=wpool2,kubernetes.azure.com/agentpool=wpool2,kubernetes.azure.com/node-image-version=AKSWindows-2019-17763.1577.201111" -$global:KubeletConfigArgs = @( "--address=0.0.0.0", "--anonymous-auth=false", "--authentication-token-webhook=true", "--authorization-mode=Webhook", "--azure-container-registry-config=c:\k\azure.json", "--cgroups-per-qos=false", "--client-ca-file=c:\k\ca.crt", "--cloud-config=c:\k\azure.json", "--cloud-provider=azure", "--cluster-dns=10.0.0.10", "--cluster-domain=cluster.local", "--enforce-node-allocatable=", "--event-qps=0", "--eviction-hard=", "--feature-gates=DynamicKubeletConfig=false,RotateKubeletServerCertificate=true", "--hairpin-mode=promiscuous-bridge", "--image-gc-high-threshold=85", "--image-gc-low-threshold=80", "--kube-reserved=cpu=100m,memory=1843Mi", "--kubeconfig=c:\k\config", "--max-pods=30", "--network-plugin=cni", "--node-status-update-frequency=10s", "--pod-infra-container-image=mcr.microsoft.com/oss/kubernetes/pause:3.9", "--pod-max-pids=-1", "--read-only-port=0", "--resolv-conf=""", "--rotate-certificates=false", "--streaming-connection-idle-timeout=4h", "--system-reserved=memory=2Gi", "--tls-cipher-suites=TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_RSA_WITH_AES_256_GCM_SHA384,TLS_RSA_WITH_AES_128_GCM_SHA256" ) +$global:KubeletConfigArgs = @( "--address=0.0.0.0", "--anonymous-auth=false", "--authentication-token-webhook=true", "--authorization-mode=Webhook", "--azure-container-registry-config=c:\k\azure.json", "--cgroups-per-qos=false", "--client-ca-file=c:\k\ca.crt", "--cloud-config=c:\k\azure.json", "--cloud-provider=azure", "--cluster-dns=10.0.0.10", "--cluster-domain=cluster.local", "--enforce-node-allocatable=", "--event-qps=0", "--eviction-hard=", "--feature-gates=DynamicKubeletConfig=false,RotateKubeletServerCertificate=true", "--hairpin-mode=promiscuous-bridge", "--image-gc-high-threshold=85", "--image-gc-low-threshold=80", "--kube-reserved=cpu=100m,memory=1843Mi", "--kubeconfig=c:\k\config", "--max-pods=30", "--network-plugin=cni", "--node-status-update-frequency=10s", "--pod-infra-container-image=mcr.microsoft.com/oss/v2/kubernetes/pause:3.6", "--pod-max-pids=-1", "--read-only-port=0", "--resolv-conf=""", "--rotate-certificates=false", "--streaming-connection-idle-timeout=4h", "--system-reserved=memory=2Gi", "--tls-cipher-suites=TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_RSA_WITH_AES_256_GCM_SHA384,TLS_RSA_WITH_AES_128_GCM_SHA256" ) $global:KubeproxyConfigArgs = @( "--metrics-bind-address=0.0.0.0:10249" ) $global:KubeproxyFeatureGates = @( "WinDSR=true", "WinOverlay=false" ) @@ -157,7 +157,7 @@ $global:CSEScriptsPackageUrl = ""; $global:GpuDriverURL = ""; # PauseImage -$global:WindowsPauseImageURL = "mcr.microsoft.com/oss/kubernetes/pause:1.4.0"; +$global:WindowsPauseImageURL = "mcr.microsoft.com/oss/v2/kubernetes/pause:3.10.1"; $global:AlwaysPullWindowsPauseImage = [System.Convert]::ToBoolean("false"); # Calico diff --git a/pkg/agent/testdata/AKSWindows2019+K8S119/CustomData b/pkg/agent/testdata/AKSWindows2019+K8S119/CustomData index 34ec8beb76c..c7a8055a0b1 100644 --- a/pkg/agent/testdata/AKSWindows2019+K8S119/CustomData +++ b/pkg/agent/testdata/AKSWindows2019+K8S119/CustomData @@ -101,7 +101,7 @@ $global:VNetCIDR = "10.0.0.0/8" $global:KubeletNodeLabels = "agentpool=wpool2,kubernetes.azure.com/agentpool=wpool2,kubernetes.azure.com/node-image-version=AKSWindows-2019-17763.1577.201111" -$global:KubeletConfigArgs = @( "--address=0.0.0.0", "--anonymous-auth=false", "--authentication-token-webhook=true", "--authorization-mode=Webhook", "--azure-container-registry-config=c:\k\azure.json", "--cgroups-per-qos=false", "--client-ca-file=c:\k\ca.crt", "--cloud-config=c:\k\azure.json", "--cloud-provider=azure", "--cluster-dns=10.0.0.10", "--cluster-domain=cluster.local", "--enforce-node-allocatable=", "--event-qps=0", "--eviction-hard=", "--feature-gates=DynamicKubeletConfig=false,RotateKubeletServerCertificate=true", "--hairpin-mode=promiscuous-bridge", "--image-gc-high-threshold=85", "--image-gc-low-threshold=80", "--kube-reserved=cpu=100m,memory=1843Mi", "--kubeconfig=c:\k\config", "--max-pods=30", "--network-plugin=cni", "--node-status-update-frequency=10s", "--pod-infra-container-image=mcr.microsoft.com/oss/kubernetes/pause:3.9", "--pod-max-pids=-1", "--read-only-port=0", "--resolv-conf=""", "--rotate-certificates=false", "--streaming-connection-idle-timeout=4h", "--system-reserved=memory=2Gi", "--tls-cipher-suites=TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_RSA_WITH_AES_256_GCM_SHA384,TLS_RSA_WITH_AES_128_GCM_SHA256" ) +$global:KubeletConfigArgs = @( "--address=0.0.0.0", "--anonymous-auth=false", "--authentication-token-webhook=true", "--authorization-mode=Webhook", "--azure-container-registry-config=c:\k\azure.json", "--cgroups-per-qos=false", "--client-ca-file=c:\k\ca.crt", "--cloud-config=c:\k\azure.json", "--cloud-provider=azure", "--cluster-dns=10.0.0.10", "--cluster-domain=cluster.local", "--enforce-node-allocatable=", "--event-qps=0", "--eviction-hard=", "--feature-gates=DynamicKubeletConfig=false,RotateKubeletServerCertificate=true", "--hairpin-mode=promiscuous-bridge", "--image-gc-high-threshold=85", "--image-gc-low-threshold=80", "--kube-reserved=cpu=100m,memory=1843Mi", "--kubeconfig=c:\k\config", "--max-pods=30", "--network-plugin=cni", "--node-status-update-frequency=10s", "--pod-infra-container-image=mcr.microsoft.com/oss/v2/kubernetes/pause:3.6", "--pod-max-pids=-1", "--read-only-port=0", "--resolv-conf=""", "--rotate-certificates=false", "--streaming-connection-idle-timeout=4h", "--system-reserved=memory=2Gi", "--tls-cipher-suites=TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_RSA_WITH_AES_256_GCM_SHA384,TLS_RSA_WITH_AES_128_GCM_SHA256" ) $global:KubeproxyConfigArgs = @( "--metrics-bind-address=0.0.0.0:10249" ) $global:KubeproxyFeatureGates = @( "WinDSR=true", "WinOverlay=false" ) @@ -157,7 +157,7 @@ $global:CSEScriptsPackageUrl = ""; $global:GpuDriverURL = ""; # PauseImage -$global:WindowsPauseImageURL = "mcr.microsoft.com/oss/kubernetes/pause:1.4.0"; +$global:WindowsPauseImageURL = "mcr.microsoft.com/oss/v2/kubernetes/pause:3.10.1"; $global:AlwaysPullWindowsPauseImage = [System.Convert]::ToBoolean("false"); # Calico diff --git a/pkg/agent/testdata/AKSWindows2019+KubeletClientTLSBootstrapping/CustomData b/pkg/agent/testdata/AKSWindows2019+KubeletClientTLSBootstrapping/CustomData index f8d5f0fc57d..fa98fec3a27 100644 --- a/pkg/agent/testdata/AKSWindows2019+KubeletClientTLSBootstrapping/CustomData +++ b/pkg/agent/testdata/AKSWindows2019+KubeletClientTLSBootstrapping/CustomData @@ -101,7 +101,7 @@ $global:VNetCIDR = "10.0.0.0/8" $global:KubeletNodeLabels = "agentpool=wpool2,kubernetes.azure.com/agentpool=wpool2,kubernetes.azure.com/node-image-version=AKSWindows-2019-17763.1577.201111" -$global:KubeletConfigArgs = @( "--address=0.0.0.0", "--anonymous-auth=false", "--authentication-token-webhook=true", "--authorization-mode=Webhook", "--azure-container-registry-config=c:\k\azure.json", "--bootstrap-kubeconfig=c:\k\bootstrap-config", "--cert-dir=c:\k\pki", "--cgroups-per-qos=false", "--client-ca-file=c:\k\ca.crt", "--cloud-config=c:\k\azure.json", "--cloud-provider=azure", "--cluster-dns=10.0.0.10", "--cluster-domain=cluster.local", "--enforce-node-allocatable=", "--event-qps=0", "--eviction-hard=", "--feature-gates=DynamicKubeletConfig=false,RotateKubeletServerCertificate=true", "--hairpin-mode=promiscuous-bridge", "--image-gc-high-threshold=85", "--image-gc-low-threshold=80", "--kube-reserved=cpu=100m,memory=1843Mi", "--kubeconfig=c:\k\config", "--max-pods=30", "--network-plugin=cni", "--node-status-update-frequency=10s", "--pod-infra-container-image=mcr.microsoft.com/oss/kubernetes/pause:3.9", "--pod-max-pids=-1", "--read-only-port=0", "--resolv-conf=""", "--rotate-certificates=false", "--streaming-connection-idle-timeout=4h", "--system-reserved=memory=2Gi", "--tls-cipher-suites=TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_RSA_WITH_AES_256_GCM_SHA384,TLS_RSA_WITH_AES_128_GCM_SHA256" ) +$global:KubeletConfigArgs = @( "--address=0.0.0.0", "--anonymous-auth=false", "--authentication-token-webhook=true", "--authorization-mode=Webhook", "--azure-container-registry-config=c:\k\azure.json", "--bootstrap-kubeconfig=c:\k\bootstrap-config", "--cert-dir=c:\k\pki", "--cgroups-per-qos=false", "--client-ca-file=c:\k\ca.crt", "--cloud-config=c:\k\azure.json", "--cloud-provider=azure", "--cluster-dns=10.0.0.10", "--cluster-domain=cluster.local", "--enforce-node-allocatable=", "--event-qps=0", "--eviction-hard=", "--feature-gates=DynamicKubeletConfig=false,RotateKubeletServerCertificate=true", "--hairpin-mode=promiscuous-bridge", "--image-gc-high-threshold=85", "--image-gc-low-threshold=80", "--kube-reserved=cpu=100m,memory=1843Mi", "--kubeconfig=c:\k\config", "--max-pods=30", "--network-plugin=cni", "--node-status-update-frequency=10s", "--pod-infra-container-image=mcr.microsoft.com/oss/v2/kubernetes/pause:3.6", "--pod-max-pids=-1", "--read-only-port=0", "--resolv-conf=""", "--rotate-certificates=false", "--streaming-connection-idle-timeout=4h", "--system-reserved=memory=2Gi", "--tls-cipher-suites=TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_RSA_WITH_AES_256_GCM_SHA384,TLS_RSA_WITH_AES_128_GCM_SHA256" ) $global:KubeproxyConfigArgs = @( "--metrics-bind-address=0.0.0.0:10249" ) $global:KubeproxyFeatureGates = @( "WinDSR=true", "WinOverlay=false" ) @@ -157,7 +157,7 @@ $global:CSEScriptsPackageUrl = ""; $global:GpuDriverURL = ""; # PauseImage -$global:WindowsPauseImageURL = "mcr.microsoft.com/oss/kubernetes/pause:1.4.0"; +$global:WindowsPauseImageURL = "mcr.microsoft.com/oss/v2/kubernetes/pause:3.10.1"; $global:AlwaysPullWindowsPauseImage = [System.Convert]::ToBoolean("false"); # Calico diff --git a/pkg/agent/testdata/AKSWindows2019+KubeletServingCertificateRotation/CustomData b/pkg/agent/testdata/AKSWindows2019+KubeletServingCertificateRotation/CustomData index 6aaf55001ac..34a5814dcc2 100644 --- a/pkg/agent/testdata/AKSWindows2019+KubeletServingCertificateRotation/CustomData +++ b/pkg/agent/testdata/AKSWindows2019+KubeletServingCertificateRotation/CustomData @@ -101,7 +101,7 @@ $global:VNetCIDR = "10.0.0.0/8" $global:KubeletNodeLabels = "agentpool=wpool2,kubernetes.azure.com/agentpool=wpool2,kubernetes.azure.com/node-image-version=AKSWindows-2019-17763.1577.201111" -$global:KubeletConfigArgs = @( "--address=0.0.0.0", "--anonymous-auth=false", "--authentication-token-webhook=true", "--authorization-mode=Webhook", "--azure-container-registry-config=c:\k\azure.json", "--cgroups-per-qos=false", "--client-ca-file=c:\k\ca.crt", "--cloud-config=c:\k\azure.json", "--cloud-provider=azure", "--cluster-dns=10.0.0.10", "--cluster-domain=cluster.local", "--enforce-node-allocatable=", "--event-qps=0", "--eviction-hard=", "--feature-gates=RotateKubeletServerCertificate=true", "--hairpin-mode=promiscuous-bridge", "--image-gc-high-threshold=85", "--image-gc-low-threshold=80", "--kube-reserved=cpu=100m,memory=1843Mi", "--kubeconfig=c:\k\config", "--max-pods=30", "--network-plugin=cni", "--node-status-update-frequency=10s", "--pod-infra-container-image=mcr.microsoft.com/oss/kubernetes/pause:3.9", "--pod-max-pids=-1", "--read-only-port=0", "--resolv-conf=""", "--rotate-certificates=false", "--rotate-server-certificates=true", "--streaming-connection-idle-timeout=4h", "--system-reserved=memory=2Gi", "--tls-cipher-suites=TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_RSA_WITH_AES_256_GCM_SHA384,TLS_RSA_WITH_AES_128_GCM_SHA256" ) +$global:KubeletConfigArgs = @( "--address=0.0.0.0", "--anonymous-auth=false", "--authentication-token-webhook=true", "--authorization-mode=Webhook", "--azure-container-registry-config=c:\k\azure.json", "--cgroups-per-qos=false", "--client-ca-file=c:\k\ca.crt", "--cloud-config=c:\k\azure.json", "--cloud-provider=azure", "--cluster-dns=10.0.0.10", "--cluster-domain=cluster.local", "--enforce-node-allocatable=", "--event-qps=0", "--eviction-hard=", "--feature-gates=RotateKubeletServerCertificate=true", "--hairpin-mode=promiscuous-bridge", "--image-gc-high-threshold=85", "--image-gc-low-threshold=80", "--kube-reserved=cpu=100m,memory=1843Mi", "--kubeconfig=c:\k\config", "--max-pods=30", "--network-plugin=cni", "--node-status-update-frequency=10s", "--pod-infra-container-image=mcr.microsoft.com/oss/v2/kubernetes/pause:3.6", "--pod-max-pids=-1", "--read-only-port=0", "--resolv-conf=""", "--rotate-certificates=false", "--rotate-server-certificates=true", "--streaming-connection-idle-timeout=4h", "--system-reserved=memory=2Gi", "--tls-cipher-suites=TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_RSA_WITH_AES_256_GCM_SHA384,TLS_RSA_WITH_AES_128_GCM_SHA256" ) $global:KubeproxyConfigArgs = @( "--metrics-bind-address=0.0.0.0:10249" ) $global:KubeproxyFeatureGates = @( "WinDSR=true", "WinOverlay=false" ) @@ -157,7 +157,7 @@ $global:CSEScriptsPackageUrl = ""; $global:GpuDriverURL = ""; # PauseImage -$global:WindowsPauseImageURL = "mcr.microsoft.com/oss/kubernetes/pause:1.4.0"; +$global:WindowsPauseImageURL = "mcr.microsoft.com/oss/v2/kubernetes/pause:3.10.1"; $global:AlwaysPullWindowsPauseImage = [System.Convert]::ToBoolean("false"); # Calico diff --git a/pkg/agent/testdata/AKSWindows2019+ManagedIdentity/CustomData b/pkg/agent/testdata/AKSWindows2019+ManagedIdentity/CustomData index 978eb1d1d5c..aab3d9723be 100644 --- a/pkg/agent/testdata/AKSWindows2019+ManagedIdentity/CustomData +++ b/pkg/agent/testdata/AKSWindows2019+ManagedIdentity/CustomData @@ -103,7 +103,7 @@ $global:VNetCIDR = "10.0.0.0/8" $global:KubeletNodeLabels = "agentpool=wpool2,kubernetes.azure.com/agentpool=wpool2,kubernetes.azure.com/node-image-version=AKSWindows-2019-17763.1577.201111" -$global:KubeletConfigArgs = @( "--address=0.0.0.0", "--anonymous-auth=false", "--authentication-token-webhook=true", "--authorization-mode=Webhook", "--azure-container-registry-config=c:\k\azure.json", "--cgroups-per-qos=false", "--client-ca-file=c:\k\ca.crt", "--cloud-config=c:\k\azure.json", "--cloud-provider=azure", "--cluster-dns=10.0.0.10", "--cluster-domain=cluster.local", "--enforce-node-allocatable=", "--event-qps=0", "--eviction-hard=", "--feature-gates=DynamicKubeletConfig=false,RotateKubeletServerCertificate=true", "--hairpin-mode=promiscuous-bridge", "--image-gc-high-threshold=85", "--image-gc-low-threshold=80", "--kube-reserved=cpu=100m,memory=1843Mi", "--kubeconfig=c:\k\config", "--max-pods=30", "--network-plugin=cni", "--node-status-update-frequency=10s", "--pod-infra-container-image=mcr.microsoft.com/oss/kubernetes/pause:3.9", "--pod-max-pids=-1", "--read-only-port=0", "--resolv-conf=""", "--rotate-certificates=false", "--streaming-connection-idle-timeout=4h", "--system-reserved=memory=2Gi", "--tls-cipher-suites=TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_RSA_WITH_AES_256_GCM_SHA384,TLS_RSA_WITH_AES_128_GCM_SHA256" ) +$global:KubeletConfigArgs = @( "--address=0.0.0.0", "--anonymous-auth=false", "--authentication-token-webhook=true", "--authorization-mode=Webhook", "--azure-container-registry-config=c:\k\azure.json", "--cgroups-per-qos=false", "--client-ca-file=c:\k\ca.crt", "--cloud-config=c:\k\azure.json", "--cloud-provider=azure", "--cluster-dns=10.0.0.10", "--cluster-domain=cluster.local", "--enforce-node-allocatable=", "--event-qps=0", "--eviction-hard=", "--feature-gates=DynamicKubeletConfig=false,RotateKubeletServerCertificate=true", "--hairpin-mode=promiscuous-bridge", "--image-gc-high-threshold=85", "--image-gc-low-threshold=80", "--kube-reserved=cpu=100m,memory=1843Mi", "--kubeconfig=c:\k\config", "--max-pods=30", "--network-plugin=cni", "--node-status-update-frequency=10s", "--pod-infra-container-image=mcr.microsoft.com/oss/v2/kubernetes/pause:3.6", "--pod-max-pids=-1", "--read-only-port=0", "--resolv-conf=""", "--rotate-certificates=false", "--streaming-connection-idle-timeout=4h", "--system-reserved=memory=2Gi", "--tls-cipher-suites=TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_RSA_WITH_AES_256_GCM_SHA384,TLS_RSA_WITH_AES_128_GCM_SHA256" ) $global:KubeproxyConfigArgs = @( "--metrics-bind-address=0.0.0.0:10249" ) $global:KubeproxyFeatureGates = @( "WinDSR=true", "WinOverlay=false" ) @@ -159,7 +159,7 @@ $global:CSEScriptsPackageUrl = ""; $global:GpuDriverURL = ""; # PauseImage -$global:WindowsPauseImageURL = "mcr.microsoft.com/oss/kubernetes/pause:1.4.0"; +$global:WindowsPauseImageURL = "mcr.microsoft.com/oss/v2/kubernetes/pause:3.10.1"; $global:AlwaysPullWindowsPauseImage = [System.Convert]::ToBoolean("false"); # Calico diff --git a/pkg/agent/testdata/AKSWindows2019+SecurityProfile/CustomData b/pkg/agent/testdata/AKSWindows2019+SecurityProfile/CustomData index 249314d75d7..40dc4116804 100644 --- a/pkg/agent/testdata/AKSWindows2019+SecurityProfile/CustomData +++ b/pkg/agent/testdata/AKSWindows2019+SecurityProfile/CustomData @@ -101,7 +101,7 @@ $global:VNetCIDR = "10.0.0.0/8" $global:KubeletNodeLabels = "agentpool=wpool2,kubernetes.azure.com/agentpool=wpool2,kubernetes.azure.com/node-image-version=AKSWindows-2019-17763.1577.201111" -$global:KubeletConfigArgs = @( "--address=0.0.0.0", "--anonymous-auth=false", "--authentication-token-webhook=true", "--authorization-mode=Webhook", "--azure-container-registry-config=c:\k\azure.json", "--cgroups-per-qos=false", "--client-ca-file=c:\k\ca.crt", "--cloud-config=c:\k\azure.json", "--cloud-provider=azure", "--cluster-dns=10.0.0.10", "--cluster-domain=cluster.local", "--enforce-node-allocatable=", "--event-qps=0", "--eviction-hard=", "--feature-gates=RotateKubeletServerCertificate=true", "--hairpin-mode=promiscuous-bridge", "--image-gc-high-threshold=85", "--image-gc-low-threshold=80", "--kube-reserved=cpu=100m,memory=1843Mi", "--kubeconfig=c:\k\config", "--max-pods=30", "--network-plugin=cni", "--node-status-update-frequency=10s", "--pod-infra-container-image=mcr.microsoft.com/oss/kubernetes/pause:3.9", "--pod-max-pids=-1", "--read-only-port=0", "--resolv-conf=""", "--rotate-certificates=false", "--streaming-connection-idle-timeout=4h", "--system-reserved=memory=2Gi", "--tls-cipher-suites=TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_RSA_WITH_AES_256_GCM_SHA384,TLS_RSA_WITH_AES_128_GCM_SHA256" ) +$global:KubeletConfigArgs = @( "--address=0.0.0.0", "--anonymous-auth=false", "--authentication-token-webhook=true", "--authorization-mode=Webhook", "--azure-container-registry-config=c:\k\azure.json", "--cgroups-per-qos=false", "--client-ca-file=c:\k\ca.crt", "--cloud-config=c:\k\azure.json", "--cloud-provider=azure", "--cluster-dns=10.0.0.10", "--cluster-domain=cluster.local", "--enforce-node-allocatable=", "--event-qps=0", "--eviction-hard=", "--feature-gates=RotateKubeletServerCertificate=true", "--hairpin-mode=promiscuous-bridge", "--image-gc-high-threshold=85", "--image-gc-low-threshold=80", "--kube-reserved=cpu=100m,memory=1843Mi", "--kubeconfig=c:\k\config", "--max-pods=30", "--network-plugin=cni", "--node-status-update-frequency=10s", "--pod-infra-container-image=mcr.microsoft.com/oss/v2/kubernetes/pause:3.6", "--pod-max-pids=-1", "--read-only-port=0", "--resolv-conf=""", "--rotate-certificates=false", "--streaming-connection-idle-timeout=4h", "--system-reserved=memory=2Gi", "--tls-cipher-suites=TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_RSA_WITH_AES_256_GCM_SHA384,TLS_RSA_WITH_AES_128_GCM_SHA256" ) $global:KubeproxyConfigArgs = @( "--metrics-bind-address=0.0.0.0:10249" ) $global:KubeproxyFeatureGates = @( "WinDSR=true", "WinOverlay=false" ) @@ -157,7 +157,7 @@ $global:CSEScriptsPackageUrl = ""; $global:GpuDriverURL = ""; # PauseImage -$global:WindowsPauseImageURL = "mcr.microsoft.com/oss/kubernetes/pause:1.4.0"; +$global:WindowsPauseImageURL = "mcr.microsoft.com/oss/v2/kubernetes/pause:3.10.1"; $global:AlwaysPullWindowsPauseImage = [System.Convert]::ToBoolean("false"); # Calico diff --git a/pkg/agent/testdata/AKSWindows2019+ootcredentialprovider/CustomData b/pkg/agent/testdata/AKSWindows2019+ootcredentialprovider/CustomData index 2520ef26e44..6d427e3479b 100644 --- a/pkg/agent/testdata/AKSWindows2019+ootcredentialprovider/CustomData +++ b/pkg/agent/testdata/AKSWindows2019+ootcredentialprovider/CustomData @@ -101,7 +101,7 @@ $global:VNetCIDR = "10.0.0.0/8" $global:KubeletNodeLabels = "agentpool=wpool2,kubernetes.azure.com/agentpool=wpool2,kubernetes.azure.com/node-image-version=AKSWindows-2019-17763.1577.201111" -$global:KubeletConfigArgs = @( "--address=0.0.0.0", "--anonymous-auth=false", "--authentication-token-webhook=true", "--authorization-mode=Webhook", "--azure-container-registry-config=c:\k\azure.json", "--cgroups-per-qos=false", "--client-ca-file=c:\k\ca.crt", "--cloud-config=c:\k\azure.json", "--cloud-provider=azure", "--cluster-dns=10.0.0.10", "--cluster-domain=cluster.local", "--enforce-node-allocatable=", "--event-qps=0", "--eviction-hard=", "--feature-gates=RotateKubeletServerCertificate=true", "--hairpin-mode=promiscuous-bridge", "--image-credential-provider-bin-dir=c:\var\lib\kubelet\credential-provider", "--image-credential-provider-config=c:\var\lib\kubelet\credential-provider-config.yaml", "--image-gc-high-threshold=85", "--image-gc-low-threshold=80", "--kube-reserved=cpu=100m,memory=1843Mi", "--kubeconfig=c:\k\config", "--max-pods=30", "--network-plugin=cni", "--node-status-update-frequency=10s", "--pod-infra-container-image=mcr.microsoft.com/oss/kubernetes/pause:3.9", "--pod-max-pids=-1", "--read-only-port=0", "--resolv-conf=""", "--rotate-certificates=false", "--streaming-connection-idle-timeout=4h", "--system-reserved=memory=2Gi", "--tls-cipher-suites=TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_RSA_WITH_AES_256_GCM_SHA384,TLS_RSA_WITH_AES_128_GCM_SHA256" ) +$global:KubeletConfigArgs = @( "--address=0.0.0.0", "--anonymous-auth=false", "--authentication-token-webhook=true", "--authorization-mode=Webhook", "--azure-container-registry-config=c:\k\azure.json", "--cgroups-per-qos=false", "--client-ca-file=c:\k\ca.crt", "--cloud-config=c:\k\azure.json", "--cloud-provider=azure", "--cluster-dns=10.0.0.10", "--cluster-domain=cluster.local", "--enforce-node-allocatable=", "--event-qps=0", "--eviction-hard=", "--feature-gates=RotateKubeletServerCertificate=true", "--hairpin-mode=promiscuous-bridge", "--image-credential-provider-bin-dir=c:\var\lib\kubelet\credential-provider", "--image-credential-provider-config=c:\var\lib\kubelet\credential-provider-config.yaml", "--image-gc-high-threshold=85", "--image-gc-low-threshold=80", "--kube-reserved=cpu=100m,memory=1843Mi", "--kubeconfig=c:\k\config", "--max-pods=30", "--network-plugin=cni", "--node-status-update-frequency=10s", "--pod-infra-container-image=mcr.microsoft.com/oss/v2/kubernetes/pause:3.6", "--pod-max-pids=-1", "--read-only-port=0", "--resolv-conf=""", "--rotate-certificates=false", "--streaming-connection-idle-timeout=4h", "--system-reserved=memory=2Gi", "--tls-cipher-suites=TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_RSA_WITH_AES_256_GCM_SHA384,TLS_RSA_WITH_AES_128_GCM_SHA256" ) $global:KubeproxyConfigArgs = @( "--metrics-bind-address=0.0.0.0:10249" ) $global:KubeproxyFeatureGates = @( "WinDSR=true", "WinOverlay=false" ) @@ -157,7 +157,7 @@ $global:CSEScriptsPackageUrl = ""; $global:GpuDriverURL = ""; # PauseImage -$global:WindowsPauseImageURL = "mcr.microsoft.com/oss/kubernetes/pause:1.4.0"; +$global:WindowsPauseImageURL = "mcr.microsoft.com/oss/v2/kubernetes/pause:3.10.1"; $global:AlwaysPullWindowsPauseImage = [System.Convert]::ToBoolean("true"); # Calico diff --git a/pkg/agent/testdata/AKSWindows23H2Gen2+NextGenNetworking/CustomData b/pkg/agent/testdata/AKSWindows23H2Gen2+NextGenNetworking/CustomData index 86fe1ba87c9..9879c239057 100644 --- a/pkg/agent/testdata/AKSWindows23H2Gen2+NextGenNetworking/CustomData +++ b/pkg/agent/testdata/AKSWindows23H2Gen2+NextGenNetworking/CustomData @@ -101,7 +101,7 @@ $global:VNetCIDR = "10.0.0.0/8" $global:KubeletNodeLabels = "agentpool=wpool2,kubernetes.azure.com/agentpool=wpool2,kubernetes.azure.com/node-image-version=AKSWindows-2019-17763.1577.201111" -$global:KubeletConfigArgs = @( "--address=0.0.0.0", "--anonymous-auth=false", "--authentication-token-webhook=true", "--authorization-mode=Webhook", "--azure-container-registry-config=c:\k\azure.json", "--cgroups-per-qos=false", "--client-ca-file=c:\k\ca.crt", "--cloud-config=c:\k\azure.json", "--cloud-provider=azure", "--cluster-dns=10.0.0.10", "--cluster-domain=cluster.local", "--enforce-node-allocatable=", "--event-qps=0", "--eviction-hard=", "--feature-gates=RotateKubeletServerCertificate=true", "--hairpin-mode=promiscuous-bridge", "--image-gc-high-threshold=85", "--image-gc-low-threshold=80", "--kube-reserved=cpu=100m,memory=1843Mi", "--kubeconfig=c:\k\config", "--max-pods=30", "--network-plugin=cni", "--node-status-update-frequency=10s", "--pod-infra-container-image=mcr.microsoft.com/oss/kubernetes/pause:3.9", "--pod-max-pids=-1", "--read-only-port=0", "--resolv-conf=""", "--rotate-certificates=false", "--streaming-connection-idle-timeout=4h", "--system-reserved=memory=2Gi", "--tls-cipher-suites=TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_RSA_WITH_AES_256_GCM_SHA384,TLS_RSA_WITH_AES_128_GCM_SHA256" ) +$global:KubeletConfigArgs = @( "--address=0.0.0.0", "--anonymous-auth=false", "--authentication-token-webhook=true", "--authorization-mode=Webhook", "--azure-container-registry-config=c:\k\azure.json", "--cgroups-per-qos=false", "--client-ca-file=c:\k\ca.crt", "--cloud-config=c:\k\azure.json", "--cloud-provider=azure", "--cluster-dns=10.0.0.10", "--cluster-domain=cluster.local", "--enforce-node-allocatable=", "--event-qps=0", "--eviction-hard=", "--feature-gates=RotateKubeletServerCertificate=true", "--hairpin-mode=promiscuous-bridge", "--image-gc-high-threshold=85", "--image-gc-low-threshold=80", "--kube-reserved=cpu=100m,memory=1843Mi", "--kubeconfig=c:\k\config", "--max-pods=30", "--network-plugin=cni", "--node-status-update-frequency=10s", "--pod-infra-container-image=mcr.microsoft.com/oss/v2/kubernetes/pause:3.6", "--pod-max-pids=-1", "--read-only-port=0", "--resolv-conf=""", "--rotate-certificates=false", "--streaming-connection-idle-timeout=4h", "--system-reserved=memory=2Gi", "--tls-cipher-suites=TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_RSA_WITH_AES_256_GCM_SHA384,TLS_RSA_WITH_AES_128_GCM_SHA256" ) $global:KubeproxyConfigArgs = @( "--metrics-bind-address=0.0.0.0:10249" ) $global:KubeproxyFeatureGates = @( "WinDSR=true", "WinOverlay=false" ) @@ -157,7 +157,7 @@ $global:CSEScriptsPackageUrl = ""; $global:GpuDriverURL = ""; # PauseImage -$global:WindowsPauseImageURL = "mcr.microsoft.com/oss/kubernetes/pause:1.4.0"; +$global:WindowsPauseImageURL = "mcr.microsoft.com/oss/v2/kubernetes/pause:3.10.1"; $global:AlwaysPullWindowsPauseImage = [System.Convert]::ToBoolean("false"); # Calico diff --git a/pkg/agent/testdata/AKSWindows23H2Gen2+NextGenNetworkingDisabled/CustomData b/pkg/agent/testdata/AKSWindows23H2Gen2+NextGenNetworkingDisabled/CustomData index b213177067d..368155f9c9d 100644 --- a/pkg/agent/testdata/AKSWindows23H2Gen2+NextGenNetworkingDisabled/CustomData +++ b/pkg/agent/testdata/AKSWindows23H2Gen2+NextGenNetworkingDisabled/CustomData @@ -101,7 +101,7 @@ $global:VNetCIDR = "10.0.0.0/8" $global:KubeletNodeLabels = "agentpool=wpool2,kubernetes.azure.com/agentpool=wpool2,kubernetes.azure.com/node-image-version=AKSWindows-2019-17763.1577.201111" -$global:KubeletConfigArgs = @( "--address=0.0.0.0", "--anonymous-auth=false", "--authentication-token-webhook=true", "--authorization-mode=Webhook", "--azure-container-registry-config=c:\k\azure.json", "--cgroups-per-qos=false", "--client-ca-file=c:\k\ca.crt", "--cloud-config=c:\k\azure.json", "--cloud-provider=azure", "--cluster-dns=10.0.0.10", "--cluster-domain=cluster.local", "--enforce-node-allocatable=", "--event-qps=0", "--eviction-hard=", "--feature-gates=RotateKubeletServerCertificate=true", "--hairpin-mode=promiscuous-bridge", "--image-gc-high-threshold=85", "--image-gc-low-threshold=80", "--kube-reserved=cpu=100m,memory=1843Mi", "--kubeconfig=c:\k\config", "--max-pods=30", "--network-plugin=cni", "--node-status-update-frequency=10s", "--pod-infra-container-image=mcr.microsoft.com/oss/kubernetes/pause:3.9", "--pod-max-pids=-1", "--read-only-port=0", "--resolv-conf=""", "--rotate-certificates=false", "--streaming-connection-idle-timeout=4h", "--system-reserved=memory=2Gi", "--tls-cipher-suites=TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_RSA_WITH_AES_256_GCM_SHA384,TLS_RSA_WITH_AES_128_GCM_SHA256" ) +$global:KubeletConfigArgs = @( "--address=0.0.0.0", "--anonymous-auth=false", "--authentication-token-webhook=true", "--authorization-mode=Webhook", "--azure-container-registry-config=c:\k\azure.json", "--cgroups-per-qos=false", "--client-ca-file=c:\k\ca.crt", "--cloud-config=c:\k\azure.json", "--cloud-provider=azure", "--cluster-dns=10.0.0.10", "--cluster-domain=cluster.local", "--enforce-node-allocatable=", "--event-qps=0", "--eviction-hard=", "--feature-gates=RotateKubeletServerCertificate=true", "--hairpin-mode=promiscuous-bridge", "--image-gc-high-threshold=85", "--image-gc-low-threshold=80", "--kube-reserved=cpu=100m,memory=1843Mi", "--kubeconfig=c:\k\config", "--max-pods=30", "--network-plugin=cni", "--node-status-update-frequency=10s", "--pod-infra-container-image=mcr.microsoft.com/oss/v2/kubernetes/pause:3.6", "--pod-max-pids=-1", "--read-only-port=0", "--resolv-conf=""", "--rotate-certificates=false", "--streaming-connection-idle-timeout=4h", "--system-reserved=memory=2Gi", "--tls-cipher-suites=TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_RSA_WITH_AES_256_GCM_SHA384,TLS_RSA_WITH_AES_128_GCM_SHA256" ) $global:KubeproxyConfigArgs = @( "--metrics-bind-address=0.0.0.0:10249" ) $global:KubeproxyFeatureGates = @( "WinDSR=true", "WinOverlay=false" ) @@ -157,7 +157,7 @@ $global:CSEScriptsPackageUrl = ""; $global:GpuDriverURL = ""; # PauseImage -$global:WindowsPauseImageURL = "mcr.microsoft.com/oss/kubernetes/pause:1.4.0"; +$global:WindowsPauseImageURL = "mcr.microsoft.com/oss/v2/kubernetes/pause:3.10.1"; $global:AlwaysPullWindowsPauseImage = [System.Convert]::ToBoolean("false"); # Calico diff --git a/pkg/agent/testdata/AKSWindows23H2Gen2+NextGenNetworkingNoConfig/CustomData b/pkg/agent/testdata/AKSWindows23H2Gen2+NextGenNetworkingNoConfig/CustomData index 62938a39189..11573f37c59 100644 --- a/pkg/agent/testdata/AKSWindows23H2Gen2+NextGenNetworkingNoConfig/CustomData +++ b/pkg/agent/testdata/AKSWindows23H2Gen2+NextGenNetworkingNoConfig/CustomData @@ -101,7 +101,7 @@ $global:VNetCIDR = "10.0.0.0/8" $global:KubeletNodeLabels = "agentpool=wpool2,kubernetes.azure.com/agentpool=wpool2,kubernetes.azure.com/node-image-version=AKSWindows-2019-17763.1577.201111" -$global:KubeletConfigArgs = @( "--address=0.0.0.0", "--anonymous-auth=false", "--authentication-token-webhook=true", "--authorization-mode=Webhook", "--azure-container-registry-config=c:\k\azure.json", "--cgroups-per-qos=false", "--client-ca-file=c:\k\ca.crt", "--cloud-config=c:\k\azure.json", "--cloud-provider=azure", "--cluster-dns=10.0.0.10", "--cluster-domain=cluster.local", "--enforce-node-allocatable=", "--event-qps=0", "--eviction-hard=", "--feature-gates=RotateKubeletServerCertificate=true", "--hairpin-mode=promiscuous-bridge", "--image-gc-high-threshold=85", "--image-gc-low-threshold=80", "--kube-reserved=cpu=100m,memory=1843Mi", "--kubeconfig=c:\k\config", "--max-pods=30", "--network-plugin=cni", "--node-status-update-frequency=10s", "--pod-infra-container-image=mcr.microsoft.com/oss/kubernetes/pause:3.9", "--pod-max-pids=-1", "--read-only-port=0", "--resolv-conf=""", "--rotate-certificates=false", "--streaming-connection-idle-timeout=4h", "--system-reserved=memory=2Gi", "--tls-cipher-suites=TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_RSA_WITH_AES_256_GCM_SHA384,TLS_RSA_WITH_AES_128_GCM_SHA256" ) +$global:KubeletConfigArgs = @( "--address=0.0.0.0", "--anonymous-auth=false", "--authentication-token-webhook=true", "--authorization-mode=Webhook", "--azure-container-registry-config=c:\k\azure.json", "--cgroups-per-qos=false", "--client-ca-file=c:\k\ca.crt", "--cloud-config=c:\k\azure.json", "--cloud-provider=azure", "--cluster-dns=10.0.0.10", "--cluster-domain=cluster.local", "--enforce-node-allocatable=", "--event-qps=0", "--eviction-hard=", "--feature-gates=RotateKubeletServerCertificate=true", "--hairpin-mode=promiscuous-bridge", "--image-gc-high-threshold=85", "--image-gc-low-threshold=80", "--kube-reserved=cpu=100m,memory=1843Mi", "--kubeconfig=c:\k\config", "--max-pods=30", "--network-plugin=cni", "--node-status-update-frequency=10s", "--pod-infra-container-image=mcr.microsoft.com/oss/v2/kubernetes/pause:3.6", "--pod-max-pids=-1", "--read-only-port=0", "--resolv-conf=""", "--rotate-certificates=false", "--streaming-connection-idle-timeout=4h", "--system-reserved=memory=2Gi", "--tls-cipher-suites=TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_RSA_WITH_AES_256_GCM_SHA384,TLS_RSA_WITH_AES_128_GCM_SHA256" ) $global:KubeproxyConfigArgs = @( "--metrics-bind-address=0.0.0.0:10249" ) $global:KubeproxyFeatureGates = @( "WinDSR=true", "WinOverlay=false" ) @@ -157,7 +157,7 @@ $global:CSEScriptsPackageUrl = ""; $global:GpuDriverURL = ""; # PauseImage -$global:WindowsPauseImageURL = "mcr.microsoft.com/oss/kubernetes/pause:1.4.0"; +$global:WindowsPauseImageURL = "mcr.microsoft.com/oss/v2/kubernetes/pause:3.10.1"; $global:AlwaysPullWindowsPauseImage = [System.Convert]::ToBoolean("false"); # Calico diff --git a/staging/cse/windows/containerdfunc.tests.ps1 b/staging/cse/windows/containerdfunc.tests.ps1 index cac5cdc5162..d39ffc8af9f 100644 --- a/staging/cse/windows/containerdfunc.tests.ps1 +++ b/staging/cse/windows/containerdfunc.tests.ps1 @@ -42,7 +42,7 @@ Describe "ProcessAndWriteContainerdConfig" { $containerdDir = "$PSScriptRoot\containerdfunc.tests.suites" $cniBinDir = 'C:/cni/bin' $cniConfDir = 'C:/cni/conf' - $pauseImage = 'mcr.microsoft.com/oss/kubernetes/pause:3.6' + $pauseImage = 'mcr.microsoft.com/oss/v2/kubernetes/pause:3.6' $global:KubeClusterConfigPath = [Io.path]::Combine("", "kubeclusterconfig.json") $global:ContainerdInstallLocation = $containerdDir @@ -103,7 +103,7 @@ Describe "ProcessAndWriteContainerdConfig" { $containerdDir = "$PSScriptRoot\containerdfunc.tests.suites" $cniBinDir = 'C:/cni/bin' $cniConfDir = 'C:/cni/conf' - $pauseImage = 'mcr.microsoft.com/oss/kubernetes/pause:3.6' + $pauseImage = 'mcr.microsoft.com/oss/v2/kubernetes/pause:3.6' $global:KubeClusterConfigPath = [Io.path]::Combine("", "kubeclusterconfig.json") $global:ContainerdInstallLocation = $containerdDir diff --git a/staging/cse/windows/containerdfunc.tests.suites/config.toml b/staging/cse/windows/containerdfunc.tests.suites/config.toml index 7f57f551856..ec87172ba05 100644 --- a/staging/cse/windows/containerdfunc.tests.suites/config.toml +++ b/staging/cse/windows/containerdfunc.tests.suites/config.toml @@ -29,7 +29,7 @@ state = 'C:\ProgramData\containerd\state' snapshotter = 'windows' [plugins.'io.containerd.cri.v1.images'.pinned_images] - sandbox = 'mcr.microsoft.com/oss/kubernetes/pause:3.6-windows-ltsc2022-amd64' + sandbox = 'mcr.microsoft.com/oss/v2/kubernetes/pause:3.10.1-windows-ltsc2022-amd64' [plugins.'io.containerd.cri.v1.images'.registry] [plugins.'io.containerd.cri.v1.images'.registry.mirrors] @@ -51,7 +51,7 @@ state = 'C:\ProgramData\containerd\state' [plugins.'io.containerd.cri.v1.runtime'.containerd.runtimes.default_runtime.options] Debug = false DebugType = 0 - SandboxImage = 'mcr.microsoft.com/oss/kubernetes/pause:3.6-windows-ltsc2022-amd64' + SandboxImage = 'mcr.microsoft.com/oss/v2/kubernetes/pause:3.10.1-windows-ltsc2022-amd64' SandboxPlatform = 'windows/amd64' SandboxIsolation = 1 @@ -62,14 +62,14 @@ state = 'C:\ProgramData\containerd\state' [plugins.'io.containerd.cri.v1.runtime'.containerd.runtimes.runhcs-wcow-process.options] Debug = true DebugType = 2 - SandboxImage = 'mcr.microsoft.com/oss/kubernetes/pause:3.6-windows-ltsc2022-amd64' + SandboxImage = 'mcr.microsoft.com/oss/v2/kubernetes/pause:3.10.1-windows-ltsc2022-amd64' SandboxPlatform = 'windows/amd64' [plugins.cri.containerd.runtimes.runhcs-wcow-hypervisor-1234] runtime_type = "io.containerd.runhcs.v1" [plugins.cri.containerd.runtimes.runhcs-wcow-hypervisor-1234.options] Debug = true DebugType = 2 - SandboxImage = "mcr.microsoft.com/oss/kubernetes/pause:3.6-windows-ltsc2022-amd64" + SandboxImage = "mcr.microsoft.com/oss/v2/kubernetes/pause:3.10.1-windows-ltsc2022-amd64" SandboxPlatform = "windows/amd64" SandboxIsolation = 1 ScaleCPULimitsToSandbox = true @@ -78,7 +78,7 @@ state = 'C:\ProgramData\containerd\state' [plugins.cri.containerd.runtimes.runhcs-wcow-hypervisor-5678.options] Debug = true DebugType = 2 - SandboxImage = "mcr.microsoft.com/oss/kubernetes/pause:3.6-windows-ltsc2022-amd64" + SandboxImage = "mcr.microsoft.com/oss/v2/kubernetes/pause:3.10.1-windows-ltsc2022-amd64" SandboxPlatform = "windows/amd64" SandboxIsolation = 1 ScaleCPULimitsToSandbox = true diff --git a/staging/cse/windows/kubernetesfunc.ps1 b/staging/cse/windows/kubernetesfunc.ps1 index 51698d6f12e..0cc784796ea 100644 --- a/staging/cse/windows/kubernetesfunc.ps1 +++ b/staging/cse/windows/kubernetesfunc.ps1 @@ -85,7 +85,7 @@ function Write-KubeClusterConfig { $Global:ClusterConfiguration | Add-Member -MemberType NoteProperty -Name Cri -Value @{ Name = "containerd"; Images = @{ - # e.g. "mcr.microsoft.com/oss/kubernetes/pause:1.4.1" + # e.g. "mcr.microsoft.com/oss/v2/kubernetes/pause:3.6" "Pause" = $global:WindowsPauseImageURL } } diff --git a/vhdbuilder/packer/install-dependencies.sh b/vhdbuilder/packer/install-dependencies.sh index 78276608054..de36244877a 100644 --- a/vhdbuilder/packer/install-dependencies.sh +++ b/vhdbuilder/packer/install-dependencies.sh @@ -662,19 +662,47 @@ retagAKSNodeCAWatcher() { retagAKSNodeCAWatcher capture_benchmark "${SCRIPT_NAME}_retag_aks_node_ca_watcher" -pinPodSandboxImage() { - # This function pins the pod sandbox image to avoid Kubelet's Garbage Collector (GC) from removing it. +pinPodSandboxImages() { + # This function pins the pod sandbox image(s) to avoid Kubelet's Garbage Collector (GC) from removing them. # This is achieved by setting the "io.cri-containerd.pinned" label on the image with a value of "pinned". - # This image is critical for pod startup and it isn't supported with private ACR since containerd won't be using azure-acr-credential to fetch it. + # These images are critical for pod startup and aren't supported with private ACR since containerd won't be using azure-acr-credential to fetch them. - podSandbox=$(jq '.ContainerImages[] | select(.downloadURL | contains("pause"))' $COMPONENTS_FILEPATH) - podSandboxBaseImg=$(echo $podSandbox | jq -r .downloadURL) - podSandboxVersion=$(echo $podSandbox | jq -r .multiArchVersionsV2[0].latestVersion) - podSandboxFullImg=${podSandboxBaseImg//\*/$podSandboxVersion} + # Get all pause images as individual JSON objects + local pause_images + pause_images=$(jq -c '.ContainerImages[] | select(.downloadURL | contains("pause"))' $COMPONENTS_FILEPATH) - labelContainerImage ${podSandboxFullImg} "io.cri-containerd.pinned" "pinned" + if [ -z "$pause_images" ]; then + echo "Warning: No pause images found in components.json" + return 0 + fi + + # Process each pause image separately + while IFS= read -r podSandbox; do + if [ -z "$podSandbox" ]; then + continue + fi + + local podSandboxBaseImg + local podSandboxVersion + local podSandboxFullImg + + podSandboxBaseImg=$(echo "$podSandbox" | jq -r '.downloadURL') + podSandboxVersion=$(echo "$podSandbox" | jq -r '.multiArchVersionsV2[0].latestVersion') + + # Skip if we couldn't extract the required information + if [ "$podSandboxBaseImg" = "null" ] || [ "$podSandboxVersion" = "null" ]; then + echo "Warning: Could not extract downloadURL or latestVersion from pause image: $podSandbox" + continue + fi + + podSandboxFullImg=${podSandboxBaseImg//\*/$podSandboxVersion} + + echo "Pinning pause image: $podSandboxFullImg" + labelContainerImage "${podSandboxFullImg}" "io.cri-containerd.pinned" "pinned" + + done <<< "$pause_images" } -pinPodSandboxImage +pinPodSandboxImages capture_benchmark "${SCRIPT_NAME}_pin_pod_sandbox_image" # IPv6 nftables rules are only available on Ubuntu or Mariner/AzureLinux diff --git a/vhdbuilder/packer/windows/components-test.json b/vhdbuilder/packer/windows/components-test.json index 29609928db4..077f5e79f01 100644 --- a/vhdbuilder/packer/windows/components-test.json +++ b/vhdbuilder/packer/windows/components-test.json @@ -5,13 +5,13 @@ "amd64OnlyVersions": [], "multiArchVersionsV2": [ { - "renovateTag": "registry=https://mcr.microsoft.com, name=oss/kubernetes/pause", + "renovateTag": "registry=https://mcr.microsoft.com, name=oss/v2/kubernetes/pause", "latestVersion": "lin-version" } ], "windowsVersions": [ { - "renovateTag": "registry=https://mcr.microsoft.com, name=oss/kubernetes/pause", + "renovateTag": "registry=https://mcr.microsoft.com, name=oss/v2/kubernetes/pause", "latestVersion": "win-version" } ] diff --git a/vhdbuilder/packer/windows/components_json_helpers.tests.ps1 b/vhdbuilder/packer/windows/components_json_helpers.tests.ps1 index 92b2c400cda..17892ebc9be 100644 --- a/vhdbuilder/packer/windows/components_json_helpers.tests.ps1 +++ b/vhdbuilder/packer/windows/components_json_helpers.tests.ps1 @@ -71,10 +71,10 @@ Describe 'Tests of GetAllCachedThings ' { "multiArchVersionsV2": [], "windowsVersions": [ { - "renovateTag": "registry=https://mcr.microsoft.com, name=oss/kubernetes/pause", + "renovateTag": "registry=https://mcr.microsoft.com, name=oss/v2/kubernetes/pause", "latestVersion": "win-version" },{ - "renovateTag": "registry=https://mcr.microsoft.com, name=oss/kubernetes/pause", + "renovateTag": "registry=https://mcr.microsoft.com, name=oss/v2/kubernetes/pause", "latestVersion": "other-version" } ] From 37f547237f92078d3c52fdc6bd43f54694a8ab2a Mon Sep 17 00:00:00 2001 From: Sylvain Boily <4981802+djsly@users.noreply.github.com> Date: Wed, 29 Oct 2025 15:19:00 -0400 Subject: [PATCH 2/2] latest test data --- spec/vhdbuilder/packer/ensure_sig_vhd_exists_spec.sh | 3 +++ 1 file changed, 3 insertions(+) diff --git a/spec/vhdbuilder/packer/ensure_sig_vhd_exists_spec.sh b/spec/vhdbuilder/packer/ensure_sig_vhd_exists_spec.sh index b073ffc0806..fa15bad3a54 100644 --- a/spec/vhdbuilder/packer/ensure_sig_vhd_exists_spec.sh +++ b/spec/vhdbuilder/packer/ensure_sig_vhd_exists_spec.sh @@ -27,6 +27,7 @@ Describe 'ensure_sig_vhd_exists function' MOCK_AZ_IMAGE_VERSIONS="" # Create mocks for external commands + # shellcheck disable=SC2329 az() { case "$1 $2" in "sig show") @@ -85,6 +86,7 @@ Describe 'ensure_sig_vhd_exists function' return 0 } + # shellcheck disable=SC2329 jq() { case "$*" in *provisioningState*) @@ -102,6 +104,7 @@ Describe 'ensure_sig_vhd_exists function' esac } + # shellcheck disable=SC2329 grep() { # Mock grep for cvm feature flag checking case "$*" in