Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add pipeline for Azure community gallery image publishing #1578

Open
wants to merge 1 commit into
base: main
Choose a base branch
from

Conversation

mboersma
Copy link
Contributor

@mboersma mboersma commented Oct 9, 2024

Change description

Replaces the Azure DevOps pipeline scripts with a new flow that publishes to a Community gallery.

Related issues

Additional context

This is simpler in the end than publishing to Azure Marketplace, and agrees with what we recommend in the CAPZ book. Additionally, the current Azure Packer plugin won't support the SAS key generation necessary to publish VHDs via the existing pipeline, and internal security requirements have made that flow problematic.

@k8s-ci-robot
Copy link
Contributor

Skipping CI for Draft Pull Request.
If you want CI signal for your change, please convert it to an actual PR.
You can still manually trigger a test run with /test all

@k8s-ci-robot k8s-ci-robot added the do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. label Oct 9, 2024
@k8s-ci-robot k8s-ci-robot added cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. size/XL Denotes a PR that changes 500-999 lines, ignoring generated files. labels Oct 9, 2024
@mboersma mboersma changed the title Azure compute gallery [WIP] Add pipeline for Azure community gallery image publishing Oct 9, 2024
@mboersma mboersma force-pushed the azure-compute-gallery branch 2 times, most recently from b7817e2 to 38e538d Compare October 21, 2024 20:31
@k8s-ci-robot k8s-ci-robot added size/XXL Denotes a PR that changes 1000+ lines, ignoring generated files. and removed size/XL Denotes a PR that changes 500-999 lines, ignoring generated files. labels Oct 22, 2024
@mboersma mboersma force-pushed the azure-compute-gallery branch 2 times, most recently from 9fa19b0 to d920039 Compare October 24, 2024 16:56
@mboersma mboersma marked this pull request as ready for review October 24, 2024 17:21
@mboersma mboersma removed the request for review from CecileRobertMichon October 24, 2024 21:22
@mboersma
Copy link
Contributor Author

mboersma commented Oct 24, 2024

This actually passed CI, modulo two unrelated flakes.

@mboersma
Copy link
Contributor Author

/retitle Add pipeline for Azure community gallery image publishing
/retest

@k8s-ci-robot k8s-ci-robot changed the title [WIP] Add pipeline for Azure community gallery image publishing Add pipeline for Azure community gallery image publishing Oct 24, 2024
@k8s-ci-robot k8s-ci-robot removed the do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. label Oct 24, 2024
[[ -n ${DEBUG:-} ]] && set -o xtrace

tracestate="$(shopt -po xtrace)"
set +o xtrace
if [[ -n "${AZURE_FEDERATED_TOKEN_FILE:-}" ]]; then
if [[ "${USE_AZURE_CLI_AUTH:-}" == "True" ]]; then
: # Assume we did "az login" before running this script
Copy link
Contributor Author

@mboersma mboersma Oct 29, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This case is used in the ADO pipelines now, to avoid trying to log in again. Instead, we use managed ID-compatible DevOps tasks such as AzureCLI@2, which provides a bash shell with az already logged in according to credentials specified in a Service Connection defined in ADO.

@jackfrancis
Copy link

/lgtm

@k8s-ci-robot k8s-ci-robot added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Oct 29, 2024
@k8s-ci-robot k8s-ci-robot removed the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Oct 30, 2024
@mboersma
Copy link
Contributor Author

I squashed the commits, should be ready to go.

@jackfrancis
Copy link

/lgtm

@k8s-ci-robot k8s-ci-robot added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Oct 30, 2024
@nawazkh
Copy link
Member

nawazkh commented Oct 30, 2024

/test pull-azure-vhds

@mboersma
Copy link
Contributor Author

mboersma commented Oct 30, 2024

/retest

Flake (I think) with windows-2025:

�[0;32m    azure-arm.sig-windows-2025-containerd: TASK [Optimise powershell] *****************************************************�[0m
�[0;32m    azure-arm.sig-windows-2025-containerd: An exception occurred during task execution. To see the full traceback, use -vvv. The error was:    at System.Management.Automation.Interpreter.EnterTryCatchFinallyInstruction.Run(InterpretedFrame frame)�[0m
�[0;32m    azure-arm.sig-windows-2025-containerd: fatal: [default]: FAILED! => {"changed": false, "msg": "internal error: failed to become user 'SYSTEM': Exception calling \"CreateProcessAsUser\" with \"9\" argument(s): \"CreateProcessWithTokenW() failed (The process creation has been blocked, Win32ErrorCode 367)\""}�[0m
�[0;32m    azure-arm.sig-windows-2025-containerd:�[0m
�[0;32m    azure-arm.sig-windows-2025-containerd: PLAY RECAP *********************************************************************�[0m
�[0;32m    azure-arm.sig-windows-2025-containerd: default                    : ok=2    changed=0    unreachable=0    failed=1    skipped=0    rescued=0    ignored=0�[0m
�[0;32m    azure-arm.sig-windows-2025-containerd:�[0m
�[1;32m==> azure-arm.sig-windows-2025-containerd: retry limit reached.�[0m

This PR doesn't really touch any code that would be relevant here.

@mboersma
Copy link
Contributor Author

/assign @AverageMarcus @drew-viles @jsturtevant

I've been using this branch in the actual pipeline for a while, and it's working well.

@k8s-ci-robot
Copy link
Contributor

New changes are detected. LGTM label has been removed.

@k8s-ci-robot k8s-ci-robot removed the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Nov 19, 2024
@k8s-ci-robot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
Once this PR has been reviewed and has the lgtm label, please ask for approval from averagemarcus. For more information see the Kubernetes Code Review Process.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. size/XXL Denotes a PR that changes 1000+ lines, ignoring generated files.
Projects
Status: Needs Review
Development

Successfully merging this pull request may close these issues.

Support Azure Packer plugin 2.x Azure Pipeline: use managed identity
7 participants