fix: harden Linux E2E scriptless hack and skip it in VHD-build pipelines#8794
Merged
Conversation
The scriptless E2E "hack" compiles aks-node-controller, uploads it to blob storage, and curls it onto the test node at provision time. Two issues made it fail in pipelines: - The VHD-build pipelines (Linux PR/release, Windows) ran the hack to download a freshly-compiled binary even though the VHD they just built already contains that exact binary. Disable it there via DISABLE_SCRIPTLESS_COMPILATION so they test the baked-in binary. The release Linux pipeline was the one still missing the flag. - The SAS link is cached and reused across the whole suite; a 1h expiry lapsed mid-run. Bump to 6h. - Harden the curl download with --retry-connrefused (curl 7.52+, safe on all target VHDs including Ubuntu 20.04's curl 7.68). Standalone E2E pipelines (e2e.yaml, e2e-gpu.yaml, etc.) test published VHDs and intentionally keep the hack to exercise the PR's source. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Contributor
There was a problem hiding this comment.
Pull request overview
This PR hardens the Linux E2E “scriptless” aks-node-controller compilation/download workaround and avoids running it in VHD-build release pipelines where the VHD already contains the binary under test, reducing flaky pipeline failures without touching production provisioning scripts.
Changes:
- Adds
--retry-connrefusedto curl invocations used to download the hack binary during E2E provisioning. - Extends the blob SAS/user-delegation credential expiry from 1 hour to 6 hours to prevent mid-suite expiration.
- Sets
DISABLE_SCRIPTLESS_COMPILATION: truein the Linux VHD-builder release pipeline E2E stage to skip the compile+download hack.
Reviewed changes
Copilot reviewed 3 out of 3 changed files in this pull request and generated no comments.
| File | Description |
|---|---|
e2e/vmss.go |
Makes the hack binary download more resilient by retrying connection-refused errors. |
e2e/config/azure.go |
Extends signed-link expiration to cover longer E2E suites. |
.pipelines/.vsts-vhd-builder-release.yaml |
Disables scriptless compilation in release VHD-build E2E stage to avoid unnecessary download failures. |
lilypan26
approved these changes
Jun 29, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What this PR does / why we need it:
The scriptless E2E "hack" compiles
aks-node-controller, uploads it to blob storage, andcurls it onto the test node at provision time. It was failing in pipelines. Three fixes:Don't run the hack in pipelines that build the VHD. The Linux PR/release and Windows VHD-build pipelines just built a VHD that already contains the exact binary under test — re-downloading a freshly-compiled copy over the node's outbound path was an unnecessary failure point. The Linux PR builder and Windows template already set
DISABLE_SCRIPTLESS_COMPILATION: true; this adds it to the release Linux builder, which was the remaining gap. Standalone E2E pipelines (e2e.yaml,e2e-gpu.yaml, etc.) test published VHDs and intentionally keep the hack to exercise the PR's source.Bump the SAS link expiry 1h → 6h. The signed download link is cached and reused across the whole suite; a 1-hour expiry lapsed mid-run on longer suites.
Harden the curl download with
--retry-connrefused. Note: deliberately not using--retry-all-errors— it requires curl ≥7.71.0, but the Ubuntu 20.04 FIPS VHDs ship curl 7.68.0 (and runscriptless_nbcsubtests via the hack), so that flag would hard-fail provisioning with "unknown option".--retry-connrefused(curl 7.52.0+) is safe on every target VHD.All changes are confined to
e2e/and pipeline YAML — no product provisioning scripts touched.Which issue(s) this PR fixes:
Fixes #