feat: add OSSKU-based IsCgroupV2 detection and CustomizedImageTrustedLaunch distro#8252
feat: add OSSKU-based IsCgroupV2 detection and CustomizedImageTrustedLaunch distro#8252aadhar-agarwal wants to merge 1 commit intomainfrom
Conversation
There was a problem hiding this comment.
Pull request overview
This PR fixes IsCgroupV2 template detection for BYOI/customized-image scenarios by switching Flatcar/ACL checks to OSSKU-based helpers and explicitly handling AzureLinux OSSKU, and it introduces a new CustomizedImageTrustedLaunch distro to represent trusted-launch customized images without proliferating per-OS custom distro constants.
Changes:
- Update
IsCgroupV2to useconfig.IsFlatcar()/config.IsACL()(OSSKU-aware) and add an explicitOSSKUAzureLinuxcheck. - Add
CustomizedImageTrustedLaunchdistro and treat it as a “custom image” in bootstrapping flows. - Add unit tests covering cgroupv2 detection for customized images and bootstrapping behavior for the new distro.
Reviewed changes
Copilot reviewed 5 out of 5 changed files in this pull request and generated no comments.
Show a summary per file
| File | Description |
|---|---|
| pkg/agent/datamodel/types.go | Adds the CustomizedImageTrustedLaunch distro constant. |
| pkg/agent/bakerapi.go | Treats CustomizedImageTrustedLaunch like other customized images (bypasses SIG/PIR image lookup). |
| pkg/agent/bakerapi_test.go | Adds coverage ensuring bootstrapping doesn’t error for CustomizedImageTrustedLaunch. |
| pkg/agent/baker.go | Updates IsCgroupV2 to be OSSKU-aware for AzureLinux/Flatcar/ACL; includes new distro in IsCustomImage. |
| pkg/agent/baker_test.go | Adds tests asserting NEEDS_CGROUPV2=true for customized-image + OSSKU combinations. |
aadhar-agarwal
force-pushed
the
aadagarwal/cgroupv2-byoi
branch
from
22b3cc2 to
5e3aab8
Compare
aadhar-agarwal
requested review from
AbelHu,
Devinwong,
SriHarsha001,
awesomenix,
calvin197,
cameronmeissner,
djsly,
ganeshkumarashok,
junjiezhang1997,
lilypan26,
mxj220,
pdamianov-dev,
phealy,
r2k1,
sulixu,
surajssd,
timmy-wright and
zachary-bailey
as code owners
| profile.Distro == datamodel.CustomizedImageKata || | ||
| profile.Distro == datamodel.CustomizedImageLinuxGuard | ||
| profile.Distro == datamodel.CustomizedImageLinuxGuard || | ||
| profile.Distro == datamodel.CustomizedImageTrustedLaunch |
There was a problem hiding this comment.
why is TrustedLaunch considered a customImage ?
There was a problem hiding this comment.
CustomizedImageTrustedLaunch doesn't mean TrustedLaunch itself is a custom image - It is a custom image that supports trusted launch.
This follows the same pattern as CustomizedImageLinuxGuard (AgentBaker PR #6619 + aks-rp PR). The distro constant is needed so aks-rp can set it for BYOI + TrustedLaunch nodes.
|
In all honesty, I understand that I'm asking for a major refactor, but the only cgroupv1 we support today is 2004Fips, which we will soon stop offering I would rather not see NEEDS_CGROUPV2, and instead have a single REQUIRE_CGROUPV1_STILL... |
…Launch distro Signed-off-by: Aadhar Agarwal <aadagarwal@microsoft.com>
aadhar-agarwal
force-pushed
the
aadagarwal/cgroupv2-byoi
branch
from
5e3aab8 to
0322472
Compare
Let me look into the cgroupv2 -> cgroupv1 inversion separately as that might change a lot of logic. I'll open a separate PR for that to keep this one scoped to the BYOI fix. Does that sound good? |
What this PR does:
Fixes cgroupv2 detection for BYOI scenarios and adds the
CustomizedImageTrustedLaunchdistro.Changes:
IsCgroupV2: Add explicit config.OSSKU == OSSKUAzureLinux check and switch Flatcar/ACL detection fromprofile.Is*() (distro-based, always false for customized images) toconfig.Is*()(OSSKU-based)CustomizedImageTrustedLaunch: New distro constantWhy do we need it:
BYOI nodes using AzureLinux/Flatcar/ACL images were not getting
NEEDS_CGROUPV2=truebecause the distro-level helpers return false for customized imagesAdding
CustomizedImageTrustedLaunchas a distro avoids needing separate customized image distro constants for an OS variant to support trusted launch. (for eg. CustomizedImageACL)Which issue(s) this PR fixes:
Fixes #7999
Testing: