diff --git a/e2e/scenario_win_test.go b/e2e/scenario_win_test.go index 393477c06b7..fd0e4063705 100644 --- a/e2e/scenario_win_test.go +++ b/e2e/scenario_win_test.go @@ -550,3 +550,30 @@ func Test_Windows2025Gen2_McrChinaCloud_Windows(t *testing.T) { }, }) } + +func Test_NetworkIsolatedCluster_Windows_WithEgress(t *testing.T) { + RunScenario(t, &Scenario{ + Description: "Tests that Windows nodes in network isolated clusters configure containerd to use the bootstrap profile container registry for MCR images", + Tags: Tags{ + NetworkIsolated: true, + NonAnonymousACR: true, + }, + Config: Config{ + Cluster: ClusterAzureBootstrapProfileCache, + VHD: config.VHDWindows2025Gen2, + BootstrapConfigMutator: func(nbc *datamodel.NodeBootstrappingConfiguration) { + nbc.ContainerService.Properties.SecurityProfile = &datamodel.SecurityProfile{ + PrivateEgress: &datamodel.PrivateEgress{ + Enabled: true, + ContainerRegistryServer: fmt.Sprintf("%s.azurecr.io/aks-managed-repository", config.PrivateACRNameNotAnon(config.Config.DefaultLocation)), + }, + } + }, + Validator: func(ctx context.Context, s *Scenario) { + // Verify mcr.microsoft.com host config exist + ValidateFileExists(ctx, s, `C:\ProgramData\containerd\certs.d\mcr.microsoft.com\hosts.toml`) + ValidateFileDoesNotExist(ctx, s, `C:\ProgramData\containerd\certs.d\mcr.azk8s.cn\hosts.toml`) + }, + }, + }) +} diff --git a/parts/windows/kuberneteswindowssetup.ps1 b/parts/windows/kuberneteswindowssetup.ps1 index 8afade33be6..33e663a8edc 100644 --- a/parts/windows/kuberneteswindowssetup.ps1 +++ b/parts/windows/kuberneteswindowssetup.ps1 @@ -220,6 +220,10 @@ $global:WindowsCiliumNetworkingConfiguration = "{{GetVariable "nextGenNetworking $global:WindowsCiliumNetworkingPath = Join-Path -Path $global:cacheDir -ChildPath 'wcn' $global:WindowsCiliumInstallPath = Join-Path -Path $global:WindowsCiliumNetworkingPath -ChildPath 'install' +# Network isolated cluster +$global:BOOTSTRAP_PROFILE_CONTAINER_REGISTRY_SERVER="{{GetBootstrapProfileContainerRegistryServer}}" +$global:MCR_REPOSITORY_BASE="{{GetMCRRepositoryBase}}" + # Extract cse helper script from ZIP [io.file]::WriteAllBytes("scripts.zip", [System.Convert]::FromBase64String($zippedFiles)) try { diff --git a/pkg/agent/testdata/AKSWindows2019+CustomCloud+ootcredentialprovider/CustomData b/pkg/agent/testdata/AKSWindows2019+CustomCloud+ootcredentialprovider/CustomData index 66c8012b156..6a9621ed8eb 100644 --- a/pkg/agent/testdata/AKSWindows2019+CustomCloud+ootcredentialprovider/CustomData +++ b/pkg/agent/testdata/AKSWindows2019+CustomCloud+ootcredentialprovider/CustomData @@ -214,6 +214,10 @@ $global:WindowsCiliumNetworkingConfiguration = ""; $global:WindowsCiliumNetworkingPath = Join-Path -Path $global:cacheDir -ChildPath 'wcn' $global:WindowsCiliumInstallPath = Join-Path -Path $global:WindowsCiliumNetworkingPath -ChildPath 'install' +# Network isolated cluster +$global:BOOTSTRAP_PROFILE_CONTAINER_REGISTRY_SERVER="" +$global:MCR_REPOSITORY_BASE="mcr.microsoft.com/" + # Extract cse helper script from ZIP [io.file]::WriteAllBytes("scripts.zip", [System.Convert]::FromBase64String($zippedFiles)) try { diff --git a/pkg/agent/testdata/AKSWindows2019+CustomCloud/CustomData b/pkg/agent/testdata/AKSWindows2019+CustomCloud/CustomData index ee4ee825703..d3af76406b4 100644 --- a/pkg/agent/testdata/AKSWindows2019+CustomCloud/CustomData +++ b/pkg/agent/testdata/AKSWindows2019+CustomCloud/CustomData @@ -214,6 +214,10 @@ $global:WindowsCiliumNetworkingConfiguration = ""; $global:WindowsCiliumNetworkingPath = Join-Path -Path $global:cacheDir -ChildPath 'wcn' $global:WindowsCiliumInstallPath = Join-Path -Path $global:WindowsCiliumNetworkingPath -ChildPath 'install' +# Network isolated cluster +$global:BOOTSTRAP_PROFILE_CONTAINER_REGISTRY_SERVER="" +$global:MCR_REPOSITORY_BASE="mcr.microsoft.com/" + # Extract cse helper script from ZIP [io.file]::WriteAllBytes("scripts.zip", [System.Convert]::FromBase64String($zippedFiles)) try { diff --git a/pkg/agent/testdata/AKSWindows2019+CustomVnet/CustomData b/pkg/agent/testdata/AKSWindows2019+CustomVnet/CustomData index c3bb3cc487d..92c55d606cb 100644 --- a/pkg/agent/testdata/AKSWindows2019+CustomVnet/CustomData +++ b/pkg/agent/testdata/AKSWindows2019+CustomVnet/CustomData @@ -214,6 +214,10 @@ $global:WindowsCiliumNetworkingConfiguration = ""; $global:WindowsCiliumNetworkingPath = Join-Path -Path $global:cacheDir -ChildPath 'wcn' $global:WindowsCiliumInstallPath = Join-Path -Path $global:WindowsCiliumNetworkingPath -ChildPath 'install' +# Network isolated cluster +$global:BOOTSTRAP_PROFILE_CONTAINER_REGISTRY_SERVER="" +$global:MCR_REPOSITORY_BASE="mcr.microsoft.com/" + # Extract cse helper script from ZIP [io.file]::WriteAllBytes("scripts.zip", [System.Convert]::FromBase64String($zippedFiles)) try { diff --git a/pkg/agent/testdata/AKSWindows2019+EnablePrivateClusterHostsConfigAgent/CustomData b/pkg/agent/testdata/AKSWindows2019+EnablePrivateClusterHostsConfigAgent/CustomData index e4f7516b26f..8f4612558ae 100644 --- a/pkg/agent/testdata/AKSWindows2019+EnablePrivateClusterHostsConfigAgent/CustomData +++ b/pkg/agent/testdata/AKSWindows2019+EnablePrivateClusterHostsConfigAgent/CustomData @@ -214,6 +214,10 @@ $global:WindowsCiliumNetworkingConfiguration = ""; $global:WindowsCiliumNetworkingPath = Join-Path -Path $global:cacheDir -ChildPath 'wcn' $global:WindowsCiliumInstallPath = Join-Path -Path $global:WindowsCiliumNetworkingPath -ChildPath 'install' +# Network isolated cluster +$global:BOOTSTRAP_PROFILE_CONTAINER_REGISTRY_SERVER="" +$global:MCR_REPOSITORY_BASE="mcr.microsoft.com/" + # Extract cse helper script from ZIP [io.file]::WriteAllBytes("scripts.zip", [System.Convert]::FromBase64String($zippedFiles)) try { diff --git a/pkg/agent/testdata/AKSWindows2019+K8S116/CustomData b/pkg/agent/testdata/AKSWindows2019+K8S116/CustomData index fbf0420b379..f44eb7ee18c 100644 --- a/pkg/agent/testdata/AKSWindows2019+K8S116/CustomData +++ b/pkg/agent/testdata/AKSWindows2019+K8S116/CustomData @@ -214,6 +214,10 @@ $global:WindowsCiliumNetworkingConfiguration = ""; $global:WindowsCiliumNetworkingPath = Join-Path -Path $global:cacheDir -ChildPath 'wcn' $global:WindowsCiliumInstallPath = Join-Path -Path $global:WindowsCiliumNetworkingPath -ChildPath 'install' +# Network isolated cluster +$global:BOOTSTRAP_PROFILE_CONTAINER_REGISTRY_SERVER="" +$global:MCR_REPOSITORY_BASE="mcr.microsoft.com/" + # Extract cse helper script from ZIP [io.file]::WriteAllBytes("scripts.zip", [System.Convert]::FromBase64String($zippedFiles)) try { diff --git a/pkg/agent/testdata/AKSWindows2019+K8S117/CustomData b/pkg/agent/testdata/AKSWindows2019+K8S117/CustomData index b5d6c53c45a..bb35b7fb83c 100644 --- a/pkg/agent/testdata/AKSWindows2019+K8S117/CustomData +++ b/pkg/agent/testdata/AKSWindows2019+K8S117/CustomData @@ -214,6 +214,10 @@ $global:WindowsCiliumNetworkingConfiguration = ""; $global:WindowsCiliumNetworkingPath = Join-Path -Path $global:cacheDir -ChildPath 'wcn' $global:WindowsCiliumInstallPath = Join-Path -Path $global:WindowsCiliumNetworkingPath -ChildPath 'install' +# Network isolated cluster +$global:BOOTSTRAP_PROFILE_CONTAINER_REGISTRY_SERVER="" +$global:MCR_REPOSITORY_BASE="mcr.microsoft.com/" + # Extract cse helper script from ZIP [io.file]::WriteAllBytes("scripts.zip", [System.Convert]::FromBase64String($zippedFiles)) try { diff --git a/pkg/agent/testdata/AKSWindows2019+K8S118/CustomData b/pkg/agent/testdata/AKSWindows2019+K8S118/CustomData index 0095b3566c8..70ccb178f33 100644 --- a/pkg/agent/testdata/AKSWindows2019+K8S118/CustomData +++ b/pkg/agent/testdata/AKSWindows2019+K8S118/CustomData @@ -214,6 +214,10 @@ $global:WindowsCiliumNetworkingConfiguration = ""; $global:WindowsCiliumNetworkingPath = Join-Path -Path $global:cacheDir -ChildPath 'wcn' $global:WindowsCiliumInstallPath = Join-Path -Path $global:WindowsCiliumNetworkingPath -ChildPath 'install' +# Network isolated cluster +$global:BOOTSTRAP_PROFILE_CONTAINER_REGISTRY_SERVER="" +$global:MCR_REPOSITORY_BASE="mcr.microsoft.com/" + # Extract cse helper script from ZIP [io.file]::WriteAllBytes("scripts.zip", [System.Convert]::FromBase64String($zippedFiles)) try { diff --git a/pkg/agent/testdata/AKSWindows2019+K8S119+CSI/CustomData b/pkg/agent/testdata/AKSWindows2019+K8S119+CSI/CustomData index f91513b1757..38b0ae757bb 100644 --- a/pkg/agent/testdata/AKSWindows2019+K8S119+CSI/CustomData +++ b/pkg/agent/testdata/AKSWindows2019+K8S119+CSI/CustomData @@ -214,6 +214,10 @@ $global:WindowsCiliumNetworkingConfiguration = ""; $global:WindowsCiliumNetworkingPath = Join-Path -Path $global:cacheDir -ChildPath 'wcn' $global:WindowsCiliumInstallPath = Join-Path -Path $global:WindowsCiliumNetworkingPath -ChildPath 'install' +# Network isolated cluster +$global:BOOTSTRAP_PROFILE_CONTAINER_REGISTRY_SERVER="" +$global:MCR_REPOSITORY_BASE="mcr.microsoft.com/" + # Extract cse helper script from ZIP [io.file]::WriteAllBytes("scripts.zip", [System.Convert]::FromBase64String($zippedFiles)) try { diff --git a/pkg/agent/testdata/AKSWindows2019+K8S119+FIPS/CustomData b/pkg/agent/testdata/AKSWindows2019+K8S119+FIPS/CustomData index da85ac36223..cac650ff3fe 100644 --- a/pkg/agent/testdata/AKSWindows2019+K8S119+FIPS/CustomData +++ b/pkg/agent/testdata/AKSWindows2019+K8S119+FIPS/CustomData @@ -214,6 +214,10 @@ $global:WindowsCiliumNetworkingConfiguration = ""; $global:WindowsCiliumNetworkingPath = Join-Path -Path $global:cacheDir -ChildPath 'wcn' $global:WindowsCiliumInstallPath = Join-Path -Path $global:WindowsCiliumNetworkingPath -ChildPath 'install' +# Network isolated cluster +$global:BOOTSTRAP_PROFILE_CONTAINER_REGISTRY_SERVER="" +$global:MCR_REPOSITORY_BASE="mcr.microsoft.com/" + # Extract cse helper script from ZIP [io.file]::WriteAllBytes("scripts.zip", [System.Convert]::FromBase64String($zippedFiles)) try { diff --git a/pkg/agent/testdata/AKSWindows2019+K8S119/CustomData b/pkg/agent/testdata/AKSWindows2019+K8S119/CustomData index 93c4c351f9f..ab6f71f13c3 100644 --- a/pkg/agent/testdata/AKSWindows2019+K8S119/CustomData +++ b/pkg/agent/testdata/AKSWindows2019+K8S119/CustomData @@ -214,6 +214,10 @@ $global:WindowsCiliumNetworkingConfiguration = ""; $global:WindowsCiliumNetworkingPath = Join-Path -Path $global:cacheDir -ChildPath 'wcn' $global:WindowsCiliumInstallPath = Join-Path -Path $global:WindowsCiliumNetworkingPath -ChildPath 'install' +# Network isolated cluster +$global:BOOTSTRAP_PROFILE_CONTAINER_REGISTRY_SERVER="" +$global:MCR_REPOSITORY_BASE="mcr.microsoft.com/" + # Extract cse helper script from ZIP [io.file]::WriteAllBytes("scripts.zip", [System.Convert]::FromBase64String($zippedFiles)) try { diff --git a/pkg/agent/testdata/AKSWindows2019+KubeletClientTLSBootstrapping/CustomData b/pkg/agent/testdata/AKSWindows2019+KubeletClientTLSBootstrapping/CustomData index 57a6b81f448..b085f129e04 100644 --- a/pkg/agent/testdata/AKSWindows2019+KubeletClientTLSBootstrapping/CustomData +++ b/pkg/agent/testdata/AKSWindows2019+KubeletClientTLSBootstrapping/CustomData @@ -214,6 +214,10 @@ $global:WindowsCiliumNetworkingConfiguration = ""; $global:WindowsCiliumNetworkingPath = Join-Path -Path $global:cacheDir -ChildPath 'wcn' $global:WindowsCiliumInstallPath = Join-Path -Path $global:WindowsCiliumNetworkingPath -ChildPath 'install' +# Network isolated cluster +$global:BOOTSTRAP_PROFILE_CONTAINER_REGISTRY_SERVER="" +$global:MCR_REPOSITORY_BASE="mcr.microsoft.com/" + # Extract cse helper script from ZIP [io.file]::WriteAllBytes("scripts.zip", [System.Convert]::FromBase64String($zippedFiles)) try { diff --git a/pkg/agent/testdata/AKSWindows2019+KubeletServingCertificateRotation/CustomData b/pkg/agent/testdata/AKSWindows2019+KubeletServingCertificateRotation/CustomData index a46ed0559a0..5d54a1ac5ec 100644 --- a/pkg/agent/testdata/AKSWindows2019+KubeletServingCertificateRotation/CustomData +++ b/pkg/agent/testdata/AKSWindows2019+KubeletServingCertificateRotation/CustomData @@ -214,6 +214,10 @@ $global:WindowsCiliumNetworkingConfiguration = ""; $global:WindowsCiliumNetworkingPath = Join-Path -Path $global:cacheDir -ChildPath 'wcn' $global:WindowsCiliumInstallPath = Join-Path -Path $global:WindowsCiliumNetworkingPath -ChildPath 'install' +# Network isolated cluster +$global:BOOTSTRAP_PROFILE_CONTAINER_REGISTRY_SERVER="" +$global:MCR_REPOSITORY_BASE="mcr.microsoft.com/" + # Extract cse helper script from ZIP [io.file]::WriteAllBytes("scripts.zip", [System.Convert]::FromBase64String($zippedFiles)) try { diff --git a/pkg/agent/testdata/AKSWindows2019+ManagedIdentity/CustomData b/pkg/agent/testdata/AKSWindows2019+ManagedIdentity/CustomData index e24d9ddbf1f..4d9e63f67e3 100644 --- a/pkg/agent/testdata/AKSWindows2019+ManagedIdentity/CustomData +++ b/pkg/agent/testdata/AKSWindows2019+ManagedIdentity/CustomData @@ -216,6 +216,10 @@ $global:WindowsCiliumNetworkingConfiguration = ""; $global:WindowsCiliumNetworkingPath = Join-Path -Path $global:cacheDir -ChildPath 'wcn' $global:WindowsCiliumInstallPath = Join-Path -Path $global:WindowsCiliumNetworkingPath -ChildPath 'install' +# Network isolated cluster +$global:BOOTSTRAP_PROFILE_CONTAINER_REGISTRY_SERVER="" +$global:MCR_REPOSITORY_BASE="mcr.microsoft.com/" + # Extract cse helper script from ZIP [io.file]::WriteAllBytes("scripts.zip", [System.Convert]::FromBase64String($zippedFiles)) try { diff --git a/pkg/agent/testdata/AKSWindows2019+SecurityProfile/CustomData b/pkg/agent/testdata/AKSWindows2019+SecurityProfile/CustomData index a3f963135bb..a9d154ecfc8 100644 --- a/pkg/agent/testdata/AKSWindows2019+SecurityProfile/CustomData +++ b/pkg/agent/testdata/AKSWindows2019+SecurityProfile/CustomData @@ -214,6 +214,10 @@ $global:WindowsCiliumNetworkingConfiguration = ""; $global:WindowsCiliumNetworkingPath = Join-Path -Path $global:cacheDir -ChildPath 'wcn' $global:WindowsCiliumInstallPath = Join-Path -Path $global:WindowsCiliumNetworkingPath -ChildPath 'install' +# Network isolated cluster +$global:BOOTSTRAP_PROFILE_CONTAINER_REGISTRY_SERVER="" +$global:MCR_REPOSITORY_BASE="mcr.microsoft.com/" + # Extract cse helper script from ZIP [io.file]::WriteAllBytes("scripts.zip", [System.Convert]::FromBase64String($zippedFiles)) try { diff --git a/pkg/agent/testdata/AKSWindows2019+ootcredentialprovider/CustomData b/pkg/agent/testdata/AKSWindows2019+ootcredentialprovider/CustomData index 42fb4284de9..0cff8e5da6e 100644 --- a/pkg/agent/testdata/AKSWindows2019+ootcredentialprovider/CustomData +++ b/pkg/agent/testdata/AKSWindows2019+ootcredentialprovider/CustomData @@ -214,6 +214,10 @@ $global:WindowsCiliumNetworkingConfiguration = ""; $global:WindowsCiliumNetworkingPath = Join-Path -Path $global:cacheDir -ChildPath 'wcn' $global:WindowsCiliumInstallPath = Join-Path -Path $global:WindowsCiliumNetworkingPath -ChildPath 'install' +# Network isolated cluster +$global:BOOTSTRAP_PROFILE_CONTAINER_REGISTRY_SERVER="" +$global:MCR_REPOSITORY_BASE="mcr.microsoft.com/" + # Extract cse helper script from ZIP [io.file]::WriteAllBytes("scripts.zip", [System.Convert]::FromBase64String($zippedFiles)) try { diff --git a/pkg/agent/testdata/AKSWindows23H2Gen2+NextGenNetworking/CustomData b/pkg/agent/testdata/AKSWindows23H2Gen2+NextGenNetworking/CustomData index e477b293a31..bdb7b04c2fa 100644 --- a/pkg/agent/testdata/AKSWindows23H2Gen2+NextGenNetworking/CustomData +++ b/pkg/agent/testdata/AKSWindows23H2Gen2+NextGenNetworking/CustomData @@ -214,6 +214,10 @@ $global:WindowsCiliumNetworkingConfiguration = "{}"; $global:WindowsCiliumNetworkingPath = Join-Path -Path $global:cacheDir -ChildPath 'wcn' $global:WindowsCiliumInstallPath = Join-Path -Path $global:WindowsCiliumNetworkingPath -ChildPath 'install' +# Network isolated cluster +$global:BOOTSTRAP_PROFILE_CONTAINER_REGISTRY_SERVER="" +$global:MCR_REPOSITORY_BASE="mcr.microsoft.com/" + # Extract cse helper script from ZIP [io.file]::WriteAllBytes("scripts.zip", [System.Convert]::FromBase64String($zippedFiles)) try { diff --git a/pkg/agent/testdata/AKSWindows23H2Gen2+NextGenNetworkingDisabled/CustomData b/pkg/agent/testdata/AKSWindows23H2Gen2+NextGenNetworkingDisabled/CustomData index 022627400f5..703a36e22ec 100644 --- a/pkg/agent/testdata/AKSWindows23H2Gen2+NextGenNetworkingDisabled/CustomData +++ b/pkg/agent/testdata/AKSWindows23H2Gen2+NextGenNetworkingDisabled/CustomData @@ -214,6 +214,10 @@ $global:WindowsCiliumNetworkingConfiguration = "{}"; $global:WindowsCiliumNetworkingPath = Join-Path -Path $global:cacheDir -ChildPath 'wcn' $global:WindowsCiliumInstallPath = Join-Path -Path $global:WindowsCiliumNetworkingPath -ChildPath 'install' +# Network isolated cluster +$global:BOOTSTRAP_PROFILE_CONTAINER_REGISTRY_SERVER="" +$global:MCR_REPOSITORY_BASE="mcr.microsoft.com/" + # Extract cse helper script from ZIP [io.file]::WriteAllBytes("scripts.zip", [System.Convert]::FromBase64String($zippedFiles)) try { diff --git a/pkg/agent/testdata/AKSWindows23H2Gen2+NextGenNetworkingNoConfig/CustomData b/pkg/agent/testdata/AKSWindows23H2Gen2+NextGenNetworkingNoConfig/CustomData index 52249349783..c6451db3d31 100644 --- a/pkg/agent/testdata/AKSWindows23H2Gen2+NextGenNetworkingNoConfig/CustomData +++ b/pkg/agent/testdata/AKSWindows23H2Gen2+NextGenNetworkingNoConfig/CustomData @@ -214,6 +214,10 @@ $global:WindowsCiliumNetworkingConfiguration = ""; $global:WindowsCiliumNetworkingPath = Join-Path -Path $global:cacheDir -ChildPath 'wcn' $global:WindowsCiliumInstallPath = Join-Path -Path $global:WindowsCiliumNetworkingPath -ChildPath 'install' +# Network isolated cluster +$global:BOOTSTRAP_PROFILE_CONTAINER_REGISTRY_SERVER="" +$global:MCR_REPOSITORY_BASE="mcr.microsoft.com/" + # Extract cse helper script from ZIP [io.file]::WriteAllBytes("scripts.zip", [System.Convert]::FromBase64String($zippedFiles)) try { diff --git a/staging/cse/windows/containerdfunc.ps1 b/staging/cse/windows/containerdfunc.ps1 index 0a56f61cdaf..09442d5175f 100644 --- a/staging/cse/windows/containerdfunc.ps1 +++ b/staging/cse/windows/containerdfunc.ps1 @@ -161,7 +161,11 @@ function ProcessAndWriteContainerdConfig { # Set up registry mirrors Set-ContainerdRegistryConfig -Registry "docker.io" -RegistryHost "registry-1.docker.io" - Set-ContainerdRegistryConfig -Registry "mcr.azk8s.cn" -RegistryHost "mcr.azure.cn" + if ((Test-Path variable:global:BOOTSTRAP_PROFILE_CONTAINER_REGISTRY_SERVER) -and -not [string]::IsNullOrEmpty($global:BOOTSTRAP_PROFILE_CONTAINER_REGISTRY_SERVER)) { + Set-BootstrapProfileRegistryContainerdHost + } else { + Set-ContainerdRegistryConfig -Registry "mcr.azk8s.cn" -RegistryHost "mcr.azure.cn" + } if (([version]$ContainerdVersion).CompareTo([version]"1.7.9") -lt 0) { # Remove annotations placeholders for older containerd versions @@ -230,6 +234,46 @@ server = "https://$Registry" Write-Log "Wrote containerd hosts config for registry '$Registry' to '$hostsTomlPath'" } +function Set-BootstrapProfileRegistryContainerdHost { + $mcrRegistry = if ((Test-Path variable:global:MCR_REPOSITORY_BASE) -and + -not [string]::IsNullOrEmpty($global:MCR_REPOSITORY_BASE)) { + [string]$global:MCR_REPOSITORY_BASE + } + else { + "mcr.microsoft.com" + } + $rootRegistryPath = "C:\ProgramData\containerd\certs.d" + $mcrRegistryPath = Join-Path $rootRegistryPath $mcrRegistry + $hostsTomlPath = Join-Path $mcrRegistryPath "hosts.toml" + + $registryHost = [string]$global:BOOTSTRAP_PROFILE_CONTAINER_REGISTRY_SERVER + $registryHost = ($registryHost -replace '^https?://', '').TrimEnd('/') + + $registryHostParts = $registryHost.Split('/', 2) + $registryHostName = $registryHostParts[0] + $registryRepoPrefix = if ($registryHostParts.Length -gt 1) { $registryHostParts[1].Trim('/') } else { "" } + + $registryHost = if ([string]::IsNullOrEmpty($registryRepoPrefix)) { + "$registryHostName/v2" + } + else { + "$registryHostName/v2/$registryRepoPrefix" + } + + Create-Directory -FullPath $mcrRegistryPath -DirectoryUsage "storing containerd registry hosts config" + + $content = @" +server = "https://$mcrRegistry" + +[host."https://$registryHost"] + capabilities = ["pull", "resolve"] + override_path = true +"@ + + $content | Out-File -FilePath $hostsTomlPath -Encoding ascii + Write-Log "Wrote bootstrap profile container registry hosts config from '$mcrRegistry' to '$registryHost' at '$hostsTomlPath'" +} + function Install-Containerd { Param( [Parameter(Mandatory = $true)][string] diff --git a/staging/cse/windows/containerdfunc.tests.ps1 b/staging/cse/windows/containerdfunc.tests.ps1 index 627f648b567..f75bcc9795e 100644 --- a/staging/cse/windows/containerdfunc.tests.ps1 +++ b/staging/cse/windows/containerdfunc.tests.ps1 @@ -1,4 +1,8 @@ BeforeAll { + if (-not (Get-PSDrive -Name C -ErrorAction SilentlyContinue)) { + New-PSDrive -Name C -PSProvider FileSystem -Root ([System.IO.Path]::GetTempPath()) | Out-Null + } + # Define mock functions before loading the scripts function Write-Log { param($Message) @@ -287,3 +291,63 @@ Describe "Set-ContainerdRegistryConfig" { $script:capturedEncoding | Should -Be "ascii" } } + +Describe "Set-BootstrapProfileRegistryContainerdHost" { + BeforeEach { + Mock Create-Directory -MockWith { + param($FullPath, $DirectoryUsage) + } + + $script:capturedFilePath = $null + $script:capturedEncoding = $null + $script:capturedContent = $null + Mock Out-File -MockWith { + param($InputObject, $FilePath, $Encoding) + $script:capturedFilePath = $FilePath + $script:capturedEncoding = $Encoding + $script:capturedContent = $InputObject + } + } + + It "Should write hosts.toml for default mcr.microsoft.com when MCR_REPOSITORY_BASE is not set" { + $global:BOOTSTRAP_PROFILE_CONTAINER_REGISTRY_SERVER = "myacr.azurecr.io" + if (Test-Path variable:global:MCR_REPOSITORY_BASE) { + Remove-Variable -Name MCR_REPOSITORY_BASE -Scope Global + } + + Set-BootstrapProfileRegistryContainerdHost + + Assert-MockCalled -CommandName 'Create-Directory' -Exactly -Times 1 -ParameterFilter { + $FullPath -eq "C:\ProgramData\containerd\certs.d\mcr.microsoft.com" -and + $DirectoryUsage -eq "storing containerd registry hosts config" + } + $script:capturedFilePath | Should -Be "C:\ProgramData\containerd\certs.d\mcr.microsoft.com\hosts.toml" + $script:capturedEncoding | Should -Be "ascii" + $script:capturedContent | Should -Match 'server = "https://mcr.microsoft.com"' + $script:capturedContent | Should -Match '\[host\."https://myacr.azurecr.io/v2"\]' + $script:capturedContent | Should -Match 'override_path = true' + } + + It "Should sanitize bootstrap profile host and use custom mcr repository base" { + $global:MCR_REPOSITORY_BASE = "my.mcr.mirror" + $global:BOOTSTRAP_PROFILE_CONTAINER_REGISTRY_SERVER = "https://myacr.azurecr.io/some/path/" + + Set-BootstrapProfileRegistryContainerdHost + + Assert-MockCalled -CommandName 'Create-Directory' -Exactly -Times 1 -ParameterFilter { + $FullPath -eq "C:\ProgramData\containerd\certs.d\my.mcr.mirror" + } + $script:capturedFilePath | Should -Be "C:\ProgramData\containerd\certs.d\my.mcr.mirror\hosts.toml" + $script:capturedContent | Should -Match 'server = "https://my.mcr.mirror"' + $script:capturedContent | Should -Match '\[host\."https://myacr.azurecr.io/v2/some/path"\]' + } + + It "Should map host with repository prefix to v2 path" { + $global:MCR_REPOSITORY_BASE = "mcr.microsoft.com" + $global:BOOTSTRAP_PROFILE_CONTAINER_REGISTRY_SERVER = "myacr.azurecr.io/aaa" + + Set-BootstrapProfileRegistryContainerdHost + + $script:capturedContent | Should -Match '\[host\."https://myacr.azurecr.io/v2/aaa"\]' + } +}