-
Notifications
You must be signed in to change notification settings - Fork 207
/
variables.go
119 lines (107 loc) · 6.17 KB
/
variables.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
// Copyright (c) Microsoft Corporation. All rights reserved.
// Licensed under the MIT license.
package agent
import (
"github.com/Azure/aks-engine/pkg/api"
"github.com/Azure/aks-engine/pkg/api/common"
"github.com/Azure/go-autorest/autorest/to"
"strconv"
)
func getCustomDataVariables(cs *api.ContainerService) paramsMap {
cloudInitFiles := map[string]interface{}{
"cloudInitData": paramsMap{
"provisionScript": getBase64EncodedGzippedCustomScript(kubernetesCSEMainScript, cs),
"provisionSource": getBase64EncodedGzippedCustomScript(kubernetesCSEHelpersScript, cs),
"provisionInstalls": getBase64EncodedGzippedCustomScript(kubernetesCSEInstall, cs),
"provisionConfigs": getBase64EncodedGzippedCustomScript(kubernetesCSEConfig, cs),
"customSearchDomainsScript": getBase64EncodedGzippedCustomScript(kubernetesCustomSearchDomainsScript, cs),
"dhcpv6SystemdService": getBase64EncodedGzippedCustomScript(dhcpv6SystemdService, cs),
"dhcpv6ConfigurationScript": getBase64EncodedGzippedCustomScript(dhcpv6ConfigurationScript, cs),
"kubeletSystemdService": getBase64EncodedGzippedCustomScript(kubeletSystemdService, cs),
"systemdBPFMount": getBase64EncodedGzippedCustomScript(systemdBPFMount, cs),
"initAKSCustomCloud": getBase64EncodedGzippedCustomScript(initAKSCustomCloudScript, cs),
},
}
cloudInitData := cloudInitFiles["cloudInitData"].(paramsMap)
if !cs.Properties.IsVHDDistroForAllNodes() {
cloudInitData["provisionCIS"] = getBase64EncodedGzippedCustomScript(kubernetesCISScript, cs)
cloudInitData["kmsSystemdService"] = getBase64EncodedGzippedCustomScript(kmsSystemdService, cs)
cloudInitData["labelNodesScript"] = getBase64EncodedGzippedCustomScript(labelNodesScript, cs)
cloudInitData["labelNodesSystemdService"] = getBase64EncodedGzippedCustomScript(labelNodesSystemdService, cs)
cloudInitData["aptPreferences"] = getBase64EncodedGzippedCustomScript(aptPreferences, cs)
cloudInitData["healthMonitorScript"] = getBase64EncodedGzippedCustomScript(kubernetesHealthMonitorScript, cs)
cloudInitData["kubeletMonitorSystemdService"] = getBase64EncodedGzippedCustomScript(kubernetesKubeletMonitorSystemdService, cs)
cloudInitData["dockerMonitorSystemdService"] = getBase64EncodedGzippedCustomScript(kubernetesDockerMonitorSystemdService, cs)
cloudInitData["dockerMonitorSystemdTimer"] = getBase64EncodedGzippedCustomScript(kubernetesDockerMonitorSystemdTimer, cs)
cloudInitData["dockerClearMountPropagationFlags"] = getBase64EncodedGzippedCustomScript(dockerClearMountPropagationFlags, cs)
cloudInitData["auditdRules"] = getBase64EncodedGzippedCustomScript(auditdRules, cs)
}
return cloudInitFiles
}
func getCSECommandVariables(cs *api.ContainerService, profile *api.AgentPoolProfile,
tenantID, subscriptionID, resourceGroupName, userAssignedIdentityID string) paramsMap {
return map[string]interface{}{
"outBoundCmd": getOutBoundCmd(cs),
"tenantID": tenantID,
"subscriptionId": subscriptionID,
"resourceGroup": resourceGroupName,
"location": cs.Location,
"vmType": cs.Properties.GetVMType(),
"subnetName": cs.Properties.GetSubnetName(),
"nsgName": cs.Properties.GetNSGName(),
"virtualNetworkName": cs.Properties.GetVirtualNetworkName(),
"virtualNetworkResourceGroupName": cs.Properties.GetVNetResourceGroupName(),
"routeTableName": cs.Properties.GetRouteTableName(),
"primaryAvailabilitySetName": cs.Properties.GetPrimaryAvailabilitySetName(),
"primaryScaleSetName": cs.Properties.GetPrimaryScaleSetName(),
"useManagedIdentityExtension": useManagedIdentity(cs),
"useInstanceMetadata": useInstanceMetadata(cs),
"loadBalancerSku": cs.Properties.OrchestratorProfile.KubernetesConfig.LoadBalancerSku,
"excludeMasterFromStandardLB": true,
"maximumLoadBalancerRuleCount": getMaximumLoadBalancerRuleCount(cs),
"userAssignedIdentityID": userAssignedIdentityID,
"isVHD": isVHD(profile),
"gpuNode": strconv.FormatBool(common.IsNvidiaEnabledSKU(profile.VMSize)),
"sgxNode": strconv.FormatBool(common.IsSgxEnabledSKU(profile.VMSize)),
"auditdEnabled": strconv.FormatBool(to.Bool(profile.AuditDEnabled)),
}
}
func useManagedIdentity(cs *api.ContainerService) string {
useManagedIdentity := cs.Properties.OrchestratorProfile.KubernetesConfig != nil &&
cs.Properties.OrchestratorProfile.KubernetesConfig.UseManagedIdentity
return strconv.FormatBool(useManagedIdentity)
}
func useInstanceMetadata(cs *api.ContainerService) string {
useInstanceMetadata := cs.Properties.OrchestratorProfile.KubernetesConfig != nil &&
cs.Properties.OrchestratorProfile.KubernetesConfig.UseInstanceMetadata != nil &&
*cs.Properties.OrchestratorProfile.KubernetesConfig.UseInstanceMetadata
return strconv.FormatBool(useInstanceMetadata)
}
func getMaximumLoadBalancerRuleCount(cs *api.ContainerService) int {
if cs.Properties.OrchestratorProfile.KubernetesConfig != nil {
return cs.Properties.OrchestratorProfile.KubernetesConfig.MaximumLoadBalancerRuleCount
}
return 0
}
func isVHD(profile *api.AgentPoolProfile) string {
//NOTE: update as new distro is introduced
return strconv.FormatBool(profile.IsVHDDistro())
}
func getOutBoundCmd(cs *api.ContainerService) string {
if cs.Properties.FeatureFlags.IsFeatureEnabled("BlockOutboundInternet") {
return ""
}
registry := ""
ncBinary := "nc"
if cs.GetCloudSpecConfig().CloudName == api.AzureChinaCloud {
registry = `gcr.azk8s.cn 443`
} else if cs.IsAKSCustomCloud() {
registry = cs.Properties.CustomCloudEnv.McrURL
} else {
registry = `mcr.microsoft.com 443`
}
if registry == "" {
return ""
}
return `retrycmd_if_failure() { r=$1; w=$2; t=$3; shift && shift && shift; for i in $(seq 1 $r); do timeout $t ${@}; [ $? -eq 0 ] && break || if [ $i -eq $r ]; then return 1; else sleep $w; fi; done }; ERR_OUTBOUND_CONN_FAIL=50; retrycmd_if_failure 50 1 3 ` + ncBinary + ` -vz ` + registry + ` || exit $ERR_OUTBOUND_CONN_FAIL;`
}