Azure · awesomenix · May 26, 2026 · May 26, 2026 · May 26, 2026
@@ -137,42 +137,6 @@ var (
 		// Secure TLS Bootstrapping isn't currently supported on FIPS-enabled VHDs
 		UnsupportedSecureTLSBootstrapping: true,
 	}
-	// this is a particular 2204gen2containerd image originally built with private packages,
-	// if we ever want to update this then we'd need to run a new VHD build using private package overrides
-	VHDUbuntu2204Gen2ContainerdPrivateKubePkg = &Image{
-		// 2204Gen2 is a special image definition holding historical VHDs used by agentbaker e2e's.
-		Name:                     "2204Gen2",
-		OS:                       OSUbuntu,
-		Arch:                     "amd64",
-		Version:                  "1.1704411049.2812",
-		Distro:                   datamodel.AKSUbuntuContainerd2204Gen2,
-		Gallery:                  imageGalleryLinux,
-		UnsupportedKubeletNodeIP: true,
-		UnsupportedLocalDns:      true,
-		// old image, doesn't have Secure TLS Bootstrapping support
-		UnsupportedSecureTLSBootstrapping: true,
-		UnsupportedNVMe:                   true,
-		// this VHD doesn't contain fixed versions of cgroup telemetry scripts,
-		// thus it's possible cgroup telemetry services will be in a failed state after node provisioning
-		IgnoreFailedCgroupTelemetryServices: true,
-	}
-
-	// without kubelet, kubectl, credential-provider and wasm
-	VHDUbuntu2204Gen2ContainerdNetworkIsolatedK8sNotCached = &Image{
-		Name:                "2204Gen2",
-		OS:                  OSUbuntu,
-		Arch:                "amd64",
-		Version:             "1.1725612526.29638",
-		Distro:              datamodel.AKSUbuntuContainerd2204Gen2,
-		Gallery:             imageGalleryLinux,
-		UnsupportedLocalDns: true,
-		// old image, doesn't have Secure TLS Bootstrapping support
-		UnsupportedSecureTLSBootstrapping: true,
-		UnsupportedNVMe:                   true,
-		// this VHD doesn't contain fixed versions of cgroup telemetry scripts,
-		// thus it's possible cgroup telemetry services will be in a failed state after node provisioning
-		IgnoreFailedCgroupTelemetryServices: true,
-	}
 
 	VHDUbuntu2404Gen1Containerd = &Image{
 		Name:            "2404containerd",

@@ -1164,85 +1164,6 @@ func Test_Ubuntu2204_NetworkIsolatedCluster_NonAnonymousACR(t *testing.T) {
 	})
 }
 
-func Test_Ubuntu2204Gen2_Containerd_NetworkIsolatedCluster_NoneCached(t *testing.T) {
-	RunScenario(t, &Scenario{
-		Description: "Tests that a node using the Ubuntu 2204 VHD without k8s binary and is network isolated can be properly bootstrapped",
-		Tags: Tags{
-			NetworkIsolated: true,
-		},
-		Config: Config{
-			Cluster: ClusterAzureNetworkIsolated,
-			VHD:     config.VHDUbuntu2204Gen2ContainerdNetworkIsolatedK8sNotCached,
-			BootstrapConfigMutator: func(_ *Cluster, nbc *datamodel.NodeBootstrappingConfiguration) {
-				nbc.OutboundType = datamodel.OutboundTypeBlock
-				nbc.ContainerService.Properties.SecurityProfile = &datamodel.SecurityProfile{
-					PrivateEgress: &datamodel.PrivateEgress{
-						Enabled:                 true,
-						ContainerRegistryServer: fmt.Sprintf("%s.azurecr.io/aks-managed-repository", config.PrivateACRName(config.Config.DefaultLocation)),
-						TestMode:                true,
-					},
-				}
-				nbc.AgentPoolProfile.LocalDNSProfile = nil
-				// intentionally using private acr url to get kube binaries
-				nbc.AgentPoolProfile.KubernetesConfig.CustomKubeBinaryURL = fmt.Sprintf(
-					"%s.azurecr.io/aks-managed-repository/oss/binaries/kubernetes/kubernetes-node:v%s-linux-amd64",
-					config.PrivateACRName(config.Config.DefaultLocation),
-					nbc.ContainerService.Properties.OrchestratorProfile.OrchestratorVersion)
-				nbc.EnableScriptlessCSECmd = false
-				nbc.EnableScriptlessNBCCSECmd = false
-			},
-		},
-	})
-}
-
-func Test_Ubuntu2204Gen2_Containerd_NetworkIsolatedCluster_NonAnonymousNoneCached(t *testing.T) {
-	RunScenario(t, &Scenario{
-		Description: "Tests that a node using the Ubuntu 2204 VHD without k8s binaries and in a network-isolated cluster can be properly bootstrapped with kube package install enforcement",
-		Tags: Tags{
-			NetworkIsolated: true,
-			NonAnonymousACR: true,
-		},
-		Config: Config{
-			Cluster: ClusterAzureNetworkIsolated,
-			VHD:     config.VHDUbuntu2204Gen2ContainerdNetworkIsolatedK8sNotCached,
-			BootstrapConfigMutator: func(_ *Cluster, nbc *datamodel.NodeBootstrappingConfiguration) {
-				nbc.OutboundType = datamodel.OutboundTypeBlock
-				nbc.ContainerService.Properties.SecurityProfile = &datamodel.SecurityProfile{
-					PrivateEgress: &datamodel.PrivateEgress{
-						Enabled:                 true,
-						ContainerRegistryServer: fmt.Sprintf("%s.azurecr.io/aks-managed-repository", config.PrivateACRNameNotAnon(config.Config.DefaultLocation)),
-					},
-				}
-				nbc.AgentPoolProfile.LocalDNSProfile = nil
-				nbc.ContainerService.Properties.OrchestratorProfile.KubernetesConfig.UseManagedIdentity = true
-				nbc.AgentPoolProfile.KubernetesConfig.UseManagedIdentity = true
-				// intentionally using private acr url to get kube binaries
-				nbc.AgentPoolProfile.KubernetesConfig.CustomKubeBinaryURL = fmt.Sprintf(
-					"%s.azurecr.io/aks-managed-repository/oss/binaries/kubernetes/kubernetes-node:v%s-linux-amd64",
-					config.PrivateACRNameNotAnon(config.Config.DefaultLocation),
-					nbc.ContainerService.Properties.OrchestratorProfile.OrchestratorVersion)
-				nbc.K8sComponents.LinuxCredentialProviderURL = fmt.Sprintf(
-					"https://packages.aks.azure.com/cloud-provider-azure/v%s/binaries/azure-acr-credential-provider-linux-amd64-v%s.tar.gz",
-					nbc.ContainerService.Properties.OrchestratorProfile.OrchestratorVersion,
-					nbc.ContainerService.Properties.OrchestratorProfile.OrchestratorVersion)
-				nbc.KubeletConfig["--image-credential-provider-config"] = "/var/lib/kubelet/credential-provider-config.yaml"
-				nbc.KubeletConfig["--image-credential-provider-bin-dir"] = "/var/lib/kubelet/credential-provider"
-				nbc.EnableScriptlessCSECmd = false
-				nbc.EnableScriptlessNBCCSECmd = false
-			},
-			VMConfigMutator: func(vmss *armcompute.VirtualMachineScaleSet) {
-				if vmss.Tags == nil {
-					vmss.Tags = map[string]*string{}
-				}
-				vmss.Tags["ShouldEnforceKubePMCInstall"] = to.Ptr("true")
-			},
-			Validator: func(ctx context.Context, s *Scenario) {
-				ValidateDirectoryContent(ctx, s, "/opt/azure", []string{"outbound-check-skipped"})
-			},
-		},
-	})
-}
-
 // Test_Ubuntu2204_HTTPSProxy_PrivateDNS validates that node provisioning succeeds when
 // HTTPS_PROXY is set and the API server FQDN resolves via a private DNS zone.
 // Regression coverage for IcM 603699115 / ADO#31707996.
@@ -1874,23 +1795,6 @@ func Test_Ubuntu2204_GPUNoDriver_Scriptless(t *testing.T) {
 	})
 }
 
-func Test_Ubuntu2204_PrivateKubePkg(t *testing.T) {
-	RunScenario(t, &Scenario{
-		Description: "Tests that a node using the Ubuntu 2204 VHD that was built with private kube packages can be properly bootstrapped with the specified kube version",
-		Config: Config{
-			Cluster: ClusterKubenet,
-			VHD:     config.VHDUbuntu2204Gen2ContainerdPrivateKubePkg,
-			BootstrapConfigMutator: func(_ *Cluster, nbc *datamodel.NodeBootstrappingConfiguration) {
-				nbc.ContainerService.Properties.OrchestratorProfile.OrchestratorVersion = "1.25.6"
-				nbc.K8sComponents.LinuxPrivatePackageURL = "https://privatekube.blob.core.windows.net/kubernetes/v1.25.6-hotfix.20230612/binaries/v1.25.6-hotfix.20230612.tar.gz"
-				nbc.AgentPoolProfile.LocalDNSProfile = nil
-				nbc.EnableScriptlessCSECmd = false
-				nbc.EnableScriptlessNBCCSECmd = false
-			},
-		},
-	})
-}
-
 // These tests were created to verify that the apt-get call in downloadContainerdFromVersion is not executed.
 // The code path is not hit in either of these tests. In the future, testing with some kind of firewall to ensure no egress
 // calls are made would be beneficial for airgap testing.

@@ -2825,13 +2825,6 @@ func ValidateWaagentLog(ctx context.Context, s *Scenario) {
 		return
 	}
 
-	// Skip on pinned-version VHDs that predate the waagent installation.
-	// These VHDs explicitly select a version number and are not updated.
-	if s.VHD == config.VHDUbuntu2204Gen2ContainerdPrivateKubePkg || s.VHD == config.VHDUbuntu2204Gen2ContainerdNetworkIsolatedK8sNotCached {
-		s.T.Logf("Skipping waagent log validation: legacy VHD %s predates waagent config changes", s.VHD)
-		return
-	}
-
 	versions := components.GetExpectedPackageVersions("walinuxagent", "default", "current")
 	if len(versions) == 0 || versions[0] == "<SKIP>" {
 		s.T.Log("Skipping waagent log validation: no walinuxagent version in components.json")