Skip to content

Commit

Permalink
feat: Enabling SSH on windows nodes by default (Azure#2759)
Browse files Browse the repository at this point in the history
  • Loading branch information
@marosset @AbelHu
marosset authored and AbelHu committed May 27, 2020
1 parent 255a114 commit a40cb06
Show file tree
Hide file tree
Showing 15 changed files with 179 additions and 65 deletions.
35 changes: 18 additions & 17 deletions docs/topics/clusterdefinitions.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -670,23 +670,24 @@ https://{keyvaultname}.vault.azure.net:443/secrets/{secretName}/{version}

`windowsProfile` provides configuration specific to Windows nodes in the cluster

| Name | Required | Description |
| ----------------------------- | -------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| adminUsername | yes | Username for the Windows adminstrator account created on each Windows node |
| adminPassword | yes | Password for the Windows adminstrator account created on each Windows node |
| csiProxyURL | no | Path to a package containing csi proxy binaries for Windows. |
| enableCSIProxy | no | If set to `true` the csi-proxy specified by `windowsProfile.csiProxyURL` will get installed during node provisioning. See [Windows Csi Proxy](csi-proxy-windows.md) for more details. |
| windowsPublisher | no | Publisher used to find Windows VM to deploy from marketplace. Default: `microsoft-aks` |
| windowsOffer | no | Offer used to find Windows VM to deploy from marketplace. Default: `aks-windows` |
| windowsSku | no | SKU usedto find Windows VM to deploy from marketplace. Default: `2019-datacenter-core-smalldisk` |
| imageVersion | no | Specific image version to deploy from marketplace. Default: `17763.737.190923`. This default is incremented to include the latest Windows patches after being validated by the AKS Engine team. |
| windowsImageSourceURL | no | Path to an existing Azure storage blob with a sysprepped VHD. This is used to test pre-release or customized VHD files that you have uploaded to Azure. If provided, the above 4 parameters are ignored. |
| imageReference.name | no | Name of an Image. |
| imageReference.resourceGroup | no | Resource group that contains the Image. |
| imageReference.subscriptionId | no | ID of subscription containing a Shared Image Gallery. |
| imageReference.gallery | no | Name of a Shared Image Gallery. |
| imageReference.version | no | Version of an Image from a Shared Image Gallery. |
| sshEnabled | no | If set to `true`, OpenSSH will be installed on windows nodes to allow for ssh remoting. **Only for Windows version 1809/2019 or later** . The same SSH authorized public key(s) will be added from [linuxProfile.ssh.publicKeys](#linuxProfile) |
| Name | Required | Description |
| ----------------------------- | -------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| adminUsername | yes | Username for the Windows adminstrator account created on each Windows node |
| adminPassword | yes | Password for the Windows adminstrator account created on each Windows node |
| csiProxyURL | no | Path to a package containing csi proxy binaries for Windows. |
| enableAutomaticUpdates | no | If set to `true` Windows Update will be configured to automatically apply updates on Windows nodes. Default: `false` |
| enableCSIProxy | no | If set to `true` the csi-proxy specified by `windowsProfile.csiProxyURL` will get installed during node provisioning. See [Windows Csi Proxy](csi-proxy-windows.md) for more details. |
| windowsPublisher | no | Publisher used to find Windows VM to deploy from marketplace. Default: `microsoft-aks` |
| windowsOffer | no | Offer used to find Windows VM to deploy from marketplace. Default: `aks-windows` |
| windowsSku | no | SKU usedto find Windows VM to deploy from marketplace. Default: `2019-datacenter-core-smalldisk` |
| imageVersion | no | Specific image version to deploy from marketplace. Default: `17763.737.190923`. This default is incremented to include the latest Windows patches after being validated by the AKS Engine team. |
| windowsImageSourceURL | no | Path to an existing Azure storage blob with a sysprepped VHD. This is used to test pre-release or customized VHD files that you have uploaded to Azure. If provided, the above 4 parameters are ignored. |
| imageReference.name | no | Name of an Image. |
| imageReference.resourceGroup | no | Resource group that contains the Image. |
| imageReference.subscriptionId | no | ID of subscription containing a Shared Image Gallery. |
| imageReference.gallery | no | Name of a Shared Image Gallery. |
| imageReference.version | no | Version of an Image from a Shared Image Gallery. |
| sshEnabled | no | If set to `true`, OpenSSH will be installed on windows nodes to allow for ssh remoting. **Only for Windows version 1809/2019 or later**. The same SSH authorized public key(s) will be added from [linuxProfile.ssh.publicKeys](#linuxProfile). Default: `true` |

#### Windows Images

Expand Down
2 changes: 2 additions & 0 deletions pkg/api/const.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -469,6 +469,8 @@ const (
DefaultNonMasqueradeCIDR = "0.0.0.0/0"
// DefaultKubeProxyMode is the default KubeProxyMode value
DefaultKubeProxyMode KubeProxyMode = KubeProxyModeIPTables
// DefaultWindowsSSHEnabled is the default windowsProfile.sshEnabled value
DefaultWindowsSSHEnabled = true
)

const (
Expand Down
4 changes: 3 additions & 1 deletion pkg/api/converterfromapi.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -206,7 +206,9 @@ func convertWindowsProfileToVLabs(api *WindowsProfile, vlabsProfile *vlabs.Windo
convertKeyVaultSecretsToVlabs(&s, secret)
vlabsProfile.Secrets = append(vlabsProfile.Secrets, *secret)
}
vlabsProfile.SSHEnabled = api.SSHEnabled
if api.SSHEnabled != nil {
vlabsProfile.SSHEnabled = api.SSHEnabled
}
vlabsProfile.EnableAutomaticUpdates = api.EnableAutomaticUpdates
}

Expand Down
4 changes: 2 additions & 2 deletions pkg/api/converterfromapi_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -764,7 +764,7 @@ func TestConvertWindowsProfileToVlabs(t *testing.T) {
AdminPassword: "password",
EnableAutomaticUpdates: &falseVar,
ImageVersion: "17763.615.1907121548",
SSHEnabled: false,
SSHEnabled: &falseVar,
WindowsPublisher: "MicrosoftWindowsServer",
WindowsOffer: "WindowsServer",
WindowsSku: "2019-Datacenter-Core-smalldisk",
Expand All @@ -775,7 +775,7 @@ func TestConvertWindowsProfileToVlabs(t *testing.T) {
AdminPassword: "password",
EnableAutomaticUpdates: &falseVar,
ImageVersion: "17763.615.1907121548",
SSHEnabled: false,
SSHEnabled: &falseVar,
WindowsPublisher: "MicrosoftWindowsServer",
WindowsOffer: "WindowsServer",
WindowsSku: "2019-Datacenter-Core-smalldisk",
Expand Down
4 changes: 3 additions & 1 deletion pkg/api/convertertoapi.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -200,7 +200,9 @@ func convertVLabsWindowsProfile(vlabs *vlabs.WindowsProfile, api *WindowsProfile
convertVLabsKeyVaultSecrets(&s, secret)
api.Secrets = append(api.Secrets, *secret)
}
api.SSHEnabled = vlabs.SSHEnabled
if vlabs.SSHEnabled != nil {
api.SSHEnabled = vlabs.SSHEnabled
}
api.EnableAutomaticUpdates = vlabs.EnableAutomaticUpdates
}

Expand Down
4 changes: 2 additions & 2 deletions pkg/api/convertertoapi_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -874,7 +874,7 @@ func TestConvertVLabsWindowsProfile(t *testing.T) {
AdminPassword: "password",
EnableAutomaticUpdates: &falseVar,
ImageVersion: "17763.615.1907121548",
SSHEnabled: false,
SSHEnabled: &falseVar,
WindowsPublisher: "MicrosoftWindowsServer",
WindowsOffer: "WindowsServer",
WindowsSku: "2019-Datacenter-Core-smalldisk",
Expand All @@ -885,7 +885,7 @@ func TestConvertVLabsWindowsProfile(t *testing.T) {
AdminPassword: "password",
EnableAutomaticUpdates: &falseVar,
ImageVersion: "17763.615.1907121548",
SSHEnabled: false,
SSHEnabled: &falseVar,
WindowsPublisher: "MicrosoftWindowsServer",
WindowsOffer: "WindowsServer",
WindowsSku: "2019-Datacenter-Core-smalldisk",
Expand Down
60 changes: 44 additions & 16 deletions pkg/api/defaults.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -712,24 +712,52 @@ func (p *Properties) setAgentProfileDefaults(isUpgrade, isScale bool) {
func (p *Properties) setWindowsProfileDefaults(isUpgrade, isScale bool) {
windowsProfile := p.WindowsProfile
if !isUpgrade && !isScale {
if windowsProfile.WindowsPublisher == "" {
windowsProfile.WindowsPublisher = AKSWindowsServer2019OSImageConfig.ImagePublisher
}
if windowsProfile.WindowsOffer == "" {
windowsProfile.WindowsOffer = AKSWindowsServer2019OSImageConfig.ImageOffer
}
if windowsProfile.WindowsSku == "" {
windowsProfile.WindowsSku = AKSWindowsServer2019OSImageConfig.ImageSku
if windowsProfile.SSHEnabled == nil {
windowsProfile.SSHEnabled = to.BoolPtr(DefaultWindowsSSHEnabled)
}

if windowsProfile.ImageVersion == "" {
// default versions are specific to a publisher/offer/sku
if windowsProfile.WindowsPublisher == AKSWindowsServer2019OSImageConfig.ImagePublisher && windowsProfile.WindowsOffer == AKSWindowsServer2019OSImageConfig.ImageOffer && windowsProfile.WindowsSku == AKSWindowsServer2019OSImageConfig.ImageSku {
windowsProfile.ImageVersion = AKSWindowsServer2019OSImageConfig.ImageVersion
} else if windowsProfile.WindowsPublisher == WindowsServer2019OSImageConfig.ImagePublisher && windowsProfile.WindowsOffer == WindowsServer2019OSImageConfig.ImageOffer && windowsProfile.WindowsSku == WindowsServer2019OSImageConfig.ImageSku {
windowsProfile.ImageVersion = WindowsServer2019OSImageConfig.ImageVersion
} else {
windowsProfile.ImageVersion = "latest"
// This allows caller to use the latest ImageVersion and WindowsSku for adding a new Windows pool to an existing cluster.
// We must assure that same WindowsPublisher and WindowsOffer are used in an existing cluster.
if windowsProfile.WindowsPublisher == AKSWindowsServer2019OSImageConfig.ImagePublisher && windowsProfile.WindowsOffer == AKSWindowsServer2019OSImageConfig.ImageOffer {
if windowsProfile.WindowsSku == "" {
windowsProfile.WindowsSku = AKSWindowsServer2019OSImageConfig.ImageSku
}
if windowsProfile.ImageVersion == "" {
if windowsProfile.WindowsSku == AKSWindowsServer2019OSImageConfig.ImageSku {
windowsProfile.ImageVersion = AKSWindowsServer2019OSImageConfig.ImageVersion
} else {
windowsProfile.ImageVersion = "latest"
}
}
} else if windowsProfile.WindowsPublisher == WindowsServer2019OSImageConfig.ImagePublisher && windowsProfile.WindowsOffer == WindowsServer2019OSImageConfig.ImageOffer {
if windowsProfile.WindowsSku == "" {
windowsProfile.WindowsSku = WindowsServer2019OSImageConfig.ImageSku
}
if windowsProfile.ImageVersion == "" {
if windowsProfile.WindowsSku == WindowsServer2019OSImageConfig.ImageSku {
windowsProfile.ImageVersion = WindowsServer2019OSImageConfig.ImageVersion
} else {
windowsProfile.ImageVersion = "latest"
}
}
} else {
if windowsProfile.WindowsPublisher == "" {
windowsProfile.WindowsPublisher = AKSWindowsServer2019OSImageConfig.ImagePublisher
}
if windowsProfile.WindowsOffer == "" {
windowsProfile.WindowsOffer = AKSWindowsServer2019OSImageConfig.ImageOffer
}
if windowsProfile.WindowsSku == "" {
windowsProfile.WindowsSku = AKSWindowsServer2019OSImageConfig.ImageSku
}

if windowsProfile.ImageVersion == "" {
// default versions are specific to a publisher/offer/sku
if windowsProfile.WindowsPublisher == AKSWindowsServer2019OSImageConfig.ImagePublisher && windowsProfile.WindowsOffer == AKSWindowsServer2019OSImageConfig.ImageOffer && windowsProfile.WindowsSku == AKSWindowsServer2019OSImageConfig.ImageSku {
windowsProfile.ImageVersion = AKSWindowsServer2019OSImageConfig.ImageVersion
} else {
windowsProfile.ImageVersion = "latest"
}
}
}
} else if isUpgrade {
Expand Down

0 comments on commit a40cb06

Please sign in to comment.