From 429994ba1c7bb8a09df5605ef99312378a495864 Mon Sep 17 00:00:00 2001
From: Robin Deeboonchai <rdeeboonchai@microsoft.com>
Date: Fri, 25 Oct 2024 17:43:32 -0700
Subject: [PATCH 1/2] fix: KubeletConfig not defaulted properly gives invalid
 values for ProvisionProfile in bootstrappingclient mode

---
 .../provisionclientbootstrap.go               | 19 +++++++++++++++----
 1 file changed, 15 insertions(+), 4 deletions(-)

diff --git a/pkg/providers/imagefamily/customscriptsbootstrap/provisionclientbootstrap.go b/pkg/providers/imagefamily/customscriptsbootstrap/provisionclientbootstrap.go
index 71adfacc3..45e53f4d4 100644
--- a/pkg/providers/imagefamily/customscriptsbootstrap/provisionclientbootstrap.go
+++ b/pkg/providers/imagefamily/customscriptsbootstrap/provisionclientbootstrap.go
@@ -67,6 +67,7 @@ type ProvisionClientBootstrap struct {
 
 var _ Bootstrapper = (*ProvisionClientBootstrap)(nil) // assert ProvisionClientBootstrap implements customscriptsbootstrapper
 
+// nolint gocyclo - will be refactored later
 func (p ProvisionClientBootstrap) GetCustomDataAndCSE(ctx context.Context) (string, string, error) {
 	if p.IsWindows {
 		// TODO(Windows)
@@ -119,17 +120,27 @@ func (p ProvisionClientBootstrap) GetCustomDataAndCSE(ctx context.Context) (stri
 
 	if p.KubeletConfig != nil {
 		provisionProfile.CustomKubeletConfig = &models.CustomKubeletConfig{
-			CPUManagerPolicy:      lo.ToPtr(p.KubeletConfig.CPUManagerPolicy),
 			CPUCfsQuota:           p.KubeletConfig.CPUCFSQuota,
-			CPUCfsQuotaPeriod:     lo.ToPtr(p.KubeletConfig.CPUCFSQuotaPeriod.String()),
 			ImageGcHighThreshold:  p.KubeletConfig.ImageGCHighThresholdPercent,
 			ImageGcLowThreshold:   p.KubeletConfig.ImageGCLowThresholdPercent,
-			TopologyManagerPolicy: lo.ToPtr(p.KubeletConfig.TopologyManagerPolicy),
-			AllowedUnsafeSysctls:  p.KubeletConfig.AllowedUnsafeSysctls,
 			ContainerLogMaxSizeMB: convertContainerLogMaxSizeToMB(p.KubeletConfig.ContainerLogMaxSize),
 			ContainerLogMaxFiles:  p.KubeletConfig.ContainerLogMaxFiles,
 			PodMaxPids:            convertPodMaxPids(p.KubeletConfig.PodPidsLimit),
 		}
+
+		// NodeClaim defaults don't work somehow and keep giving invalid values. Can be improved later.
+		if p.KubeletConfig.CPUCFSQuotaPeriod.Duration.String() != "0s" {
+			provisionProfile.CustomKubeletConfig.CPUCfsQuotaPeriod = lo.ToPtr(p.KubeletConfig.CPUCFSQuotaPeriod.Duration.String())
+		}
+		if p.KubeletConfig.CPUManagerPolicy != "" {
+			provisionProfile.CustomKubeletConfig.CPUManagerPolicy = lo.ToPtr(p.KubeletConfig.CPUManagerPolicy)
+		}
+		if p.KubeletConfig.TopologyManagerPolicy != "" {
+			provisionProfile.CustomKubeletConfig.TopologyManagerPolicy = lo.ToPtr(p.KubeletConfig.TopologyManagerPolicy)
+		}
+		if len(p.KubeletConfig.AllowedUnsafeSysctls) > 0 {
+			provisionProfile.CustomKubeletConfig.AllowedUnsafeSysctls = p.KubeletConfig.AllowedUnsafeSysctls
+		}
 	}
 
 	if modeString, ok := p.Labels["kubernetes.azure.com/mode"]; ok && modeString == "system" {

From 7566f2e5cf8df8061e20f78e8195819c747d627b Mon Sep 17 00:00:00 2001
From: Robin Deeboonchai <rdeeboonchai@microsoft.com>
Date: Sat, 26 Oct 2024 12:05:43 -0700
Subject: [PATCH 2/2] fix: UnregisteredNoExecuteTaint was not defaulted for
 CustomScriptsNodeBootstrapping

---
 pkg/providers/imagefamily/resolver.go | 21 +++++++++++++--------
 1 file changed, 13 insertions(+), 8 deletions(-)

diff --git a/pkg/providers/imagefamily/resolver.go b/pkg/providers/imagefamily/resolver.go
index df7ec7f95..fa901c91f 100644
--- a/pkg/providers/imagefamily/resolver.go
+++ b/pkg/providers/imagefamily/resolver.go
@@ -86,14 +86,19 @@ func (r Resolver) Resolve(ctx context.Context, nodeClass *v1alpha2.AKSNodeClass,
 
 	logging.FromContext(ctx).Infof("Resolved image %s for instance type %s", imageID, instanceType.Name)
 
-	taints := lo.Flatten([][]corev1.Taint{
-		nodeClaim.Spec.Taints,
-		nodeClaim.Spec.StartupTaints,
+	generalTaints := nodeClaim.Spec.Taints
+	startupTaints := nodeClaim.Spec.StartupTaints
+	allTaints := lo.Flatten([][]corev1.Taint{
+		generalTaints,
+		startupTaints,
 	})
-	if _, found := lo.Find(taints, func(t corev1.Taint) bool {
+
+	// Ensure UnregisteredNoExecuteTaint is present
+	if _, found := lo.Find(allTaints, func(t corev1.Taint) bool { // Allow UnregisteredNoExecuteTaint to be in non-startup taints(?)
 		return t.MatchTaint(&karpv1.UnregisteredNoExecuteTaint)
 	}); !found {
-		taints = append(taints, karpv1.UnregisteredNoExecuteTaint)
+		startupTaints = append(startupTaints, karpv1.UnregisteredNoExecuteTaint)
+		allTaints = append(allTaints, karpv1.UnregisteredNoExecuteTaint)
 	}
 
 	storageProfile := "ManagedDisks"
@@ -105,15 +110,15 @@ func (r Resolver) Resolve(ctx context.Context, nodeClass *v1alpha2.AKSNodeClass,
 		StaticParameters: staticParameters,
 		ScriptlessCustomData: imageFamily.ScriptlessCustomData(
 			prepareKubeletConfiguration(instanceType, nodeClass),
-			taints,
+			allTaints,
 			staticParameters.Labels,
 			staticParameters.CABundle,
 			instanceType,
 		),
 		CustomScriptsNodeBootstrapping: imageFamily.CustomScriptsNodeBootstrapping(
 			prepareKubeletConfiguration(instanceType, nodeClass),
-			nodeClaim.Spec.Taints,
-			nodeClaim.Spec.StartupTaints,
+			generalTaints,
+			startupTaints,
 			staticParameters.Labels,
 			instanceType,
 			imageDistro,