Merge pull request #4785 from k8s-infra-cherrypick-robot/cherry-pick-…

…4761-to-release-1.26 [release-1.26] Enable Windows for credential provider pipeline
kubernetes-sigs · Oct 13, 2023 · 6e8f4e7 · 6e8f4e7
2 parents afe5edb + 31af4a8
commit 6e8f4e7
Show file tree

Hide file tree

Showing 7 changed files with 32 additions and 13 deletions.
diff --git a/cmd/acr-credential-provider/main.go b/cmd/acr-credential-provider/main.go
@@ -46,7 +46,7 @@ func main() {
 
 			acrProvider, err := credentialprovider.NewAcrProvider(args[0])
 			if err != nil {
-				klog.Errorf("Failed to initialize ACR provider: %w", err)
+				klog.Errorf("Failed to initialize ACR provider: %v", err)
 				os.Exit(1)
 			}
 

diff --git a/examples/out-of-tree/credential-provider-config-win.yaml b/examples/out-of-tree/credential-provider-config-win.yaml
@@ -0,0 +1,13 @@
+kind: CredentialProviderConfig
+apiVersion: kubelet.config.k8s.io/v1
+providers:
+- name: acr-credential-provider
+  apiVersion: credentialprovider.kubelet.k8s.io/v1
+  defaultCacheDuration: 10m
+  matchImages:
+  - "*.azurecr.io"
+  - "*.azurecr.cn"
+  - "*.azurecr.de"
+  - "*.azurecr.us"
+  args:
+  - c:\k\azure.json
diff --git a/tests/e2e/auth/cred.go b/tests/e2e/auth/cred.go
@@ -130,7 +130,6 @@ var _ = Describe("Azure Credential Provider", Label(utils.TestSuiteLabelCredenti
 
 		testPull("mcr.microsoft.com/mirror/docker/library/nginx", "1.25", "linux")
 		if tc.HasWindowsNodes {
-			Skip("Skipping Windows test before further verification")
 			testPull("mcr.microsoft.com/windows/nanoserver", "ltsc2019", "windows")
 		}
 	})

diff --git a/tests/e2e/e2e_test.go b/tests/e2e/e2e_test.go
@@ -41,6 +41,8 @@ const (
 	defaultReportDir            = "_report/"
 	clusterProvisioningToolKey  = "CLUSTER_PROVISIONING_TOOL"
 	clusterProvisioningToolCAPZ = "capz"
+	//nolint:gosec // G101 ignore this!
+	testOOTCredentialProvider = "TEST_ACR_CREDENTIAL_PROVIDER"
 )
 
 func TestAzureTest(t *testing.T) {
@@ -63,15 +65,17 @@ func TestAzureTest(t *testing.T) {
 	suiteConfig, reporterConfig := GinkgoConfiguration()
 	suiteConfig.Timeout = 0
 
+	labelFilters := []string{suiteConfig.LabelFilter}
 	if strings.EqualFold(os.Getenv(clusterProvisioningToolKey), clusterProvisioningToolCAPZ) {
-		additionalFilter := "!SLBOutbound"
-		if suiteConfig.LabelFilter == "" {
-			suiteConfig.LabelFilter = additionalFilter
-		} else {
-			suiteConfig.LabelFilter = suiteConfig.LabelFilter + " && " + additionalFilter
-		}
+		labelFilters = append(labelFilters, "!SLBOutbound")
 	}
 
+	if !strings.EqualFold(os.Getenv(testOOTCredentialProvider), utils.TrueValue) {
+		labelFilters = append(labelFilters, "!OOT-Credential")
+	}
+
+	suiteConfig.LabelFilter = strings.Join(labelFilters, " && ")
+
 	reporterConfig.Verbose = true
 	reporterConfig.JUnitReport = path.Join(reportDir, fmt.Sprintf("junit_%02d.xml", GinkgoParallelProcess()))
 	passed := RunSpecs(t, "Cloud provider Azure e2e suite", suiteConfig, reporterConfig)

diff --git a/tests/e2e/utils/container_registry_utils.go b/tests/e2e/utils/container_registry_utils.go
@@ -155,7 +155,7 @@ func AZACRLogin(acrName string) (err error) {
 	if output, err = cmd.Output(); err != nil {
 		return fmt.Errorf("az failed to account show with output: %s\n error: %w", string(output), err)
 	}
-	Logf("az account show success %q.", output)
+	Logf("az account show success.")
 
 	Logf("Attempting az acr login with azure cred.")
 	cmd = exec.Command("az", "acr", "login",

diff --git a/tests/e2e/utils/pod_utils.go b/tests/e2e/utils/pod_utils.go
@@ -316,7 +316,7 @@ func WaitPodTo(phase v1.PodPhase, cs clientset.Interface, podTemplate *v1.Pod, n
 			return false, err
 		}
 		if pod.Status.Phase != phase {
-			Logf("waiting for the pod status to be %s, current status: %s", phase, pod.Status.Phase)
+			Logf("waiting for the pod status to be %s, on Node %q, current status: %s", phase, pod.Spec.NodeName, pod.Status.Phase)
 			return false, nil
 		}
 		return true, nil

diff --git a/...-azure/manifest/cluster-api/cluster-template-prow-ci-version-oot-credential-provider.yaml b/...-azure/manifest/cluster-api/cluster-template-prow-ci-version-oot-credential-provider.yaml
@@ -179,13 +179,15 @@ spec:
           image-credential-provider-bin-dir: /var/lib/kubelet/credential-provider
           image-credential-provider-config: /var/lib/kubelet/credential-provider-config.yaml
           cloud-provider: external
+          v: "4"
         name: '{{ ds.meta_data["local_hostname"] }}'
     joinConfiguration:
       nodeRegistration:
         kubeletExtraArgs:
           image-credential-provider-bin-dir: /var/lib/kubelet/credential-provider
           image-credential-provider-config: /var/lib/kubelet/credential-provider-config.yaml
           cloud-provider: external
+          v: "4"
         name: '{{ ds.meta_data["local_hostname"] }}'
     mounts:
     - - LABEL=etcd_disk
@@ -377,6 +379,7 @@ spec:
             image-credential-provider-bin-dir: /var/lib/kubelet/credential-provider
             image-credential-provider-config: /var/lib/kubelet/credential-provider-config.yaml
             cloud-provider: external
+            v: "4"
           name: '{{ ds.meta_data["local_hostname"] }}'
       preKubeadmCommands:
       - bash -c /tmp/kubeadm-bootstrap.sh
@@ -523,10 +526,10 @@ spec:
           echo "Use OOT credential provider"
           mkdir C:\var\lib\kubelet\credential-provider
           # Update the link below
-          curl.exe --retry 10 --retry-delay 5 -L "https://${AZURE_STORAGE_ACCOUNT}.blob.core.windows.net/${JOB_NAME}/${IMAGE_TAG_ACR_CREDENTIAL_PROVIDER}/azure-acr-credential-provider.exe" --output C:\var\lib\kubelet\credential-provider\acr-credential-provider
+          curl.exe --retry 10 --retry-delay 5 -L "https://${AZURE_STORAGE_ACCOUNT}.blob.core.windows.net/${JOB_NAME}/${IMAGE_TAG_ACR_CREDENTIAL_PROVIDER}/azure-acr-credential-provider.exe" --output C:\var\lib\kubelet\credential-provider\acr-credential-provider.exe
 
           # Update the link below
-          curl.exe --retry 10 --retry-delay 5 -L https://raw.githubusercontent.com/kubernetes-sigs/cloud-provider-azure/master/examples/out-of-tree/credential-provider-config.yaml --output C:\var\lib\kubelet\credential-provider-config.yaml
+          curl.exe --retry 10 --retry-delay 5 -L https://raw.githubusercontent.com/kubernetes-sigs/cloud-provider-azure/master/examples/out-of-tree/credential-provider-config-win.yaml --output C:\var\lib\kubelet\credential-provider-config.yaml
         path: C:/use-oot-credential-provider.ps1
         permissions: "0744"
       joinConfiguration:
@@ -537,7 +540,7 @@ spec:
             image-credential-provider-config: C:\var\lib\kubelet\credential-provider-config.yaml
             cloud-provider: external
             feature-gates: ${NODE_FEATURE_GATES:-""}
-            v: "2"
+            v: "4"
             windows-priorityclass: ABOVE_NORMAL_PRIORITY_CLASS
           name: '{{ ds.meta_data["local_hostname"] }}'
       postKubeadmCommands: