feat: Enablshing SSH on windows nodes by default

docs/topics/clusterdefinitions.md

@@ -784,7 +784,7 @@ https://{keyvaultname}.vault.azure.net:443/secrets/{secretName}/{version}
 | imageReference.subscriptionId | no       | ID of subscription containing a Shared Image Gallery.                                                                                                                                                                                           |
 | imageReference.gallery        | no       | Name of a Shared Image Gallery.                                                                                                                                                                                                                 |
 | imageReference.version        | no       | Version of an Image from a Shared Image Gallery.                                                                                                                                                                                                |
-| sshEnabled                    | no       | If set to `true`, OpenSSH will be installed on windows nodes to allow for ssh remoting. **Only for Windows version 1809/2019 or later** . The same SSH authorized public key(s) will be added from [linuxProfile.ssh.publicKeys](#linuxProfile) |
+| sshEnabled                    | yes      | If set to `true`, OpenSSH will be installed on windows nodes to allow for ssh remoting. **Only for Windows version 1809/2019 or later** . The same SSH authorized public key(s) will be added from [linuxProfile.ssh.publicKeys](#linuxProfile) |
 
 #### Windows Images
 

pkg/api/const.go

@@ -463,6 +463,8 @@ const (
 	DefaultNonMasqueradeCIDR = "0.0.0.0/0"
 	// DefaultKubeProxyMode is the default KubeProxyMode value
 	DefaultKubeProxyMode KubeProxyMode = KubeProxyModeIPTables
+	// DefaultWindowsSshEnabled is the default windowsProfile.sshEnabled value
+	DefaultWindowsSshEnabled = true
 )
 
 const (

pkg/api/converterfromapi.go

@@ -204,7 +204,9 @@ func convertWindowsProfileToVLabs(api *WindowsProfile, vlabsProfile *vlabs.Windo
 		convertKeyVaultSecretsToVlabs(&s, secret)
 		vlabsProfile.Secrets = append(vlabsProfile.Secrets, *secret)
 	}
-	vlabsProfile.SSHEnabled = api.SSHEnabled
+	if api.SSHEnabled != nil {
+		vlabsProfile.SSHEnabled = api.SSHEnabled
+	}
 	vlabsProfile.EnableAutomaticUpdates = api.EnableAutomaticUpdates
 }
 

pkg/api/converterfromapi_test.go

@@ -745,7 +745,7 @@ func TestConvertWindowsProfileToVlabs(t *testing.T) {
 				AdminPassword:          "password",
 				EnableAutomaticUpdates: &falseVar,
 				ImageVersion:           "17763.615.1907121548",
-				SSHEnabled:             false,
+				SSHEnabled:             &falseVar,
 				WindowsPublisher:       "MicrosoftWindowsServer",
 				WindowsOffer:           "WindowsServer",
 				WindowsSku:             "2019-Datacenter-Core-smalldisk",
@@ -756,7 +756,7 @@ func TestConvertWindowsProfileToVlabs(t *testing.T) {
 				AdminPassword:          "password",
 				EnableAutomaticUpdates: &falseVar,
 				ImageVersion:           "17763.615.1907121548",
-				SSHEnabled:             false,
+				SSHEnabled:             &falseVar,
 				WindowsPublisher:       "MicrosoftWindowsServer",
 				WindowsOffer:           "WindowsServer",
 				WindowsSku:             "2019-Datacenter-Core-smalldisk",

pkg/api/convertertoapi.go

@@ -197,7 +197,9 @@ func convertVLabsWindowsProfile(vlabs *vlabs.WindowsProfile, api *WindowsProfile
 		convertVLabsKeyVaultSecrets(&s, secret)
 		api.Secrets = append(api.Secrets, *secret)
 	}
-	api.SSHEnabled = vlabs.SSHEnabled
+	if vlabs.SSHEnabled != nil {
+		api.SSHEnabled = vlabs.SSHEnabled
+	}
 	api.EnableAutomaticUpdates = vlabs.EnableAutomaticUpdates
 }
 

pkg/api/convertertoapi_test.go

@@ -874,7 +874,7 @@ func TestConvertVLabsWindowsProfile(t *testing.T) {
 				AdminPassword:          "password",
 				EnableAutomaticUpdates: &falseVar,
 				ImageVersion:           "17763.615.1907121548",
-				SSHEnabled:             false,
+				SSHEnabled:             &falseVar,
 				WindowsPublisher:       "MicrosoftWindowsServer",
 				WindowsOffer:           "WindowsServer",
 				WindowsSku:             "2019-Datacenter-Core-smalldisk",
@@ -885,7 +885,7 @@ func TestConvertVLabsWindowsProfile(t *testing.T) {
 				AdminPassword:          "password",
 				EnableAutomaticUpdates: &falseVar,
 				ImageVersion:           "17763.615.1907121548",
-				SSHEnabled:             false,
+				SSHEnabled:             &falseVar,
 				WindowsPublisher:       "MicrosoftWindowsServer",
 				WindowsOffer:           "WindowsServer",
 				WindowsSku:             "2019-Datacenter-Core-smalldisk",

pkg/api/defaults.go

@@ -709,6 +709,11 @@ func (p *Properties) setAgentProfileDefaults(isUpgrade, isScale bool) {
 func (p *Properties) setWindowsProfileDefaults(isUpgrade, isScale bool) {
 	windowsProfile := p.WindowsProfile
 	if !isUpgrade && !isScale {
+		if windowsProfile.SSHEnabled == nil {
+			sshEnabled := DefaultWindowsSshEnabled
+			windowsProfile.SSHEnabled = &sshEnabled
+		}
+
 		// This allows caller to use the latest ImageVersion and WindowsSku for adding a new Windows pool to an existing cluster.
 		// We must assure that same WindowsPublisher and WindowsOffer are used in an existing cluster.
 		if windowsProfile.WindowsPublisher == AKSWindowsServer2019OSImageConfig.ImagePublisher && windowsProfile.WindowsOffer == AKSWindowsServer2019OSImageConfig.ImageOffer {

pkg/api/defaults_test.go

@@ -1689,6 +1689,7 @@ func TestDistroDefaults(t *testing.T) {
 }
 
 func TestWindowsProfileDefaults(t *testing.T) {
+	trueVar := true
 
 	var tests = []struct {
 		name                   string // test case name
@@ -1710,7 +1711,7 @@ func TestWindowsProfileDefaults(t *testing.T) {
 				AdminPassword:         "",
 				WindowsImageSourceURL: "",
 				WindowsDockerVersion:  "",
-				SSHEnabled:            false,
+				SSHEnabled:            &trueVar,
 			},
 			false,
 			false,
@@ -1731,7 +1732,7 @@ func TestWindowsProfileDefaults(t *testing.T) {
 				AdminPassword:         "",
 				WindowsImageSourceURL: "",
 				WindowsDockerVersion:  "",
-				SSHEnabled:            false,
+				SSHEnabled:            &trueVar,
 			},
 			false,
 			false,
@@ -1753,7 +1754,7 @@ func TestWindowsProfileDefaults(t *testing.T) {
 				AdminPassword:         "",
 				WindowsImageSourceURL: "",
 				WindowsDockerVersion:  "",
-				SSHEnabled:            false,
+				SSHEnabled:            &trueVar,
 			},
 			false,
 			false,
@@ -1775,7 +1776,7 @@ func TestWindowsProfileDefaults(t *testing.T) {
 				AdminPassword:         "",
 				WindowsImageSourceURL: "",
 				WindowsDockerVersion:  "",
-				SSHEnabled:            false,
+				SSHEnabled:            &trueVar,
 			},
 			false,
 			false,
@@ -1796,7 +1797,7 @@ func TestWindowsProfileDefaults(t *testing.T) {
 				AdminPassword:         "",
 				WindowsImageSourceURL: "",
 				WindowsDockerVersion:  "",
-				SSHEnabled:            false,
+				SSHEnabled:            &trueVar,
 			},
 			false,
 			false,
@@ -1818,7 +1819,7 @@ func TestWindowsProfileDefaults(t *testing.T) {
 				AdminPassword:         "",
 				WindowsImageSourceURL: "",
 				WindowsDockerVersion:  "",
-				SSHEnabled:            false,
+				SSHEnabled:            &trueVar,
 			},
 			false,
 			false,
@@ -1840,7 +1841,7 @@ func TestWindowsProfileDefaults(t *testing.T) {
 				AdminPassword:         "",
 				WindowsImageSourceURL: "",
 				WindowsDockerVersion:  "",
-				SSHEnabled:            false,
+				SSHEnabled:            &trueVar,
 			},
 			false,
 			false,
@@ -1863,7 +1864,7 @@ func TestWindowsProfileDefaults(t *testing.T) {
 				AdminPassword:         "",
 				WindowsImageSourceURL: "",
 				WindowsDockerVersion:  "",
-				SSHEnabled:            false,
+				SSHEnabled:            &trueVar,
 			},
 			false,
 			false,
@@ -1885,7 +1886,7 @@ func TestWindowsProfileDefaults(t *testing.T) {
 				AdminPassword:         "",
 				WindowsImageSourceURL: "",
 				WindowsDockerVersion:  "",
-				SSHEnabled:            false,
+				SSHEnabled:            &trueVar,
 			},
 			false,
 			false,
@@ -1908,7 +1909,7 @@ func TestWindowsProfileDefaults(t *testing.T) {
 				AdminPassword:         "",
 				WindowsImageSourceURL: "",
 				WindowsDockerVersion:  "",
-				SSHEnabled:            false,
+				SSHEnabled:            &trueVar,
 			},
 			false,
 			false,
@@ -1931,7 +1932,7 @@ func TestWindowsProfileDefaults(t *testing.T) {
 				AdminPassword:         "",
 				WindowsImageSourceURL: "",
 				WindowsDockerVersion:  "",
-				SSHEnabled:            false,
+				SSHEnabled:            nil,
 			},
 			false,
 			true,
@@ -1954,7 +1955,7 @@ func TestWindowsProfileDefaults(t *testing.T) {
 				AdminPassword:         "",
 				WindowsImageSourceURL: "",
 				WindowsDockerVersion:  "",
-				SSHEnabled:            false,
+				SSHEnabled:            nil,
 			},
 			false,
 			true,
@@ -1977,7 +1978,7 @@ func TestWindowsProfileDefaults(t *testing.T) {
 				AdminPassword:         "",
 				WindowsImageSourceURL: "",
 				WindowsDockerVersion:  "",
-				SSHEnabled:            false,
+				SSHEnabled:            nil,
 			},
 			false,
 			true,
@@ -2000,7 +2001,7 @@ func TestWindowsProfileDefaults(t *testing.T) {
 				AdminPassword:         "",
 				WindowsImageSourceURL: "",
 				WindowsDockerVersion:  "",
-				SSHEnabled:            false,
+				SSHEnabled:            nil,
 			},
 			false,
 			true,
@@ -2023,7 +2024,7 @@ func TestWindowsProfileDefaults(t *testing.T) {
 				AdminPassword:         "",
 				WindowsImageSourceURL: "",
 				WindowsDockerVersion:  "",
-				SSHEnabled:            false,
+				SSHEnabled:            nil,
 			},
 			false,
 			true,
@@ -2046,7 +2047,7 @@ func TestWindowsProfileDefaults(t *testing.T) {
 				AdminPassword:         "",
 				WindowsImageSourceURL: "",
 				WindowsDockerVersion:  "",
-				SSHEnabled:            false,
+				SSHEnabled:            nil,
 			},
 			false,
 			true,
@@ -2069,7 +2070,7 @@ func TestWindowsProfileDefaults(t *testing.T) {
 				AdminPassword:         "",
 				WindowsImageSourceURL: "",
 				WindowsDockerVersion:  "",
-				SSHEnabled:            false,
+				SSHEnabled:            nil,
 			},
 			false,
 			false,

pkg/api/types.go

@@ -217,7 +217,7 @@ type WindowsProfile struct {
 	WindowsSku             string            `json:"windowsSku"`
 	WindowsDockerVersion   string            `json:"windowsDockerVersion"`
 	Secrets                []KeyVaultSecrets `json:"secrets,omitempty"`
-	SSHEnabled             bool              `json:"sshEnabled,omitempty"`
+	SSHEnabled             *bool             `json:"sshEnabled,omitempty"`
 	EnableAutomaticUpdates *bool             `json:"enableAutomaticUpdates,omitempty"`
 }
 
@@ -1702,6 +1702,14 @@ func (w *WindowsProfile) GetWindowsSku() string {
 	return KubernetesDefaultWindowsSku
 }
 
+// GetSshEnabled gets it ssh should be enabled for Windows nodes
+func (w *WindowsProfile) GetSshEnabled() bool {
+	if w.SSHEnabled != nil {
+		return *w.SSHEnabled
+	}
+	return DefaultWindowsSshEnabled
+}
+
 // GetEnableWindowsUpdate gets the flag for enable windows update or returns the default value
 func (w *WindowsProfile) GetEnableWindowsUpdate() bool {
 	if w.EnableAutomaticUpdates != nil {

pkg/api/types_test.go

@@ -3139,6 +3139,7 @@ func TestIsDCOS19(t *testing.T) {
 }
 
 func TestWindowsProfile(t *testing.T) {
+	trueVar := true
 	w := WindowsProfile{}
 
 	if w.HasSecrets() || w.HasCustomImage() {
@@ -3182,7 +3183,7 @@ func TestWindowsProfile(t *testing.T) {
 	w = WindowsProfile{
 		WindowsDockerVersion: "18.03.1-ee-3",
 		WindowsSku:           "Datacenter-Core-1809-with-Containers-smalldisk",
-		SSHEnabled:           true,
+		SSHEnabled:           &trueVar,
 	}
 
 	dv = w.GetWindowsDockerVersion()
@@ -3195,7 +3196,7 @@ func TestWindowsProfile(t *testing.T) {
 		t.Fatalf("Expected GetWindowsSku() to equal Datacenter-Core-1809-with-Containers-smalldisk, got %s", windowsSku)
 	}
 
-	se := w.SSHEnabled
+	se := w.GetSshEnabled()
 	if !se {
 		t.Fatalf("Expected SSHEnabled to return true, got %v", se)
 	}

pkg/api/vlabs/types.go

@@ -169,7 +169,7 @@ type WindowsProfile struct {
 	WindowsSku             string            `json:"WindowsSku"`
 	WindowsDockerVersion   string            `json:"windowsDockerVersion"`
 	Secrets                []KeyVaultSecrets `json:"secrets,omitempty"`
-	SSHEnabled             bool              `json:"sshEnabled,omitempty"`
+	SSHEnabled             *bool             `json:"sshEnabled,omitempty"`
 	EnableAutomaticUpdates *bool             `json:"enableAutomaticUpdates,omitempty"`
 }
 

pkg/engine/template_generator.go

@@ -586,7 +586,7 @@ func getContainerServiceFuncMap(cs *api.ContainerService) template.FuncMap {
 			return cs.Properties.WindowsProfile.HasCustomImage()
 		},
 		"WindowsSSHEnabled": func() bool {
-			return cs.Properties.WindowsProfile.SSHEnabled
+			return cs.Properties.WindowsProfile.GetSshEnabled()
 		},
 		"GetConfigurationScriptRootURL": func() string {
 			linuxProfile := cs.Properties.LinuxProfile

pkg/engine/virtualmachines_test.go

@@ -191,13 +191,14 @@ func TestCreateAgentAvailabilitySetVM(t *testing.T) {
 	}
 
 	// Test with OSDiskSize specified, Windows, StorageAccount, and DiskSizes
+	trueVar := true
 	profile := cs.Properties.AgentPoolProfiles[0]
 	profile.OSType = api.Windows
 	profile.DiskSizesGB = []int{256, 256, 256}
 	profile.OSDiskSizeGB = 512
 	profile.StorageProfile = api.StorageAccount
 	cs.Properties.WindowsProfile = &api.WindowsProfile{
-		SSHEnabled: true,
+		SSHEnabled: &trueVar,
 	}
 
 	tg, _ := InitializeTemplateGenerator(Context{})

pkg/engine/virtualmachinescalesets_test.go

@@ -429,12 +429,13 @@ func TestCreateAgentVMSS(t *testing.T) {
 
 	// Now Test AgentVMSS with windows
 	// Restore LoadBalancerSku back to default and provide LoadBalancerBackendAddressPoolIDs
+	trueVar := true
 	cs.Properties.OrchestratorProfile.KubernetesConfig.LoadBalancerSku = api.DefaultLoadBalancerSku
 	cs.Properties.AgentPoolProfiles[0].LoadBalancerBackendAddressPoolIDs = []string{"/subscriptions/123/resourceGroups/rg/providers/Microsoft.Network/loadBalancers/mySLB/backendAddressPools/mySLBBEPool"}
 	cs.Properties.AgentPoolProfiles[0].OSType = "Windows"
 	cs.Properties.AgentPoolProfiles[0].AcceleratedNetworkingEnabledWindows = to.BoolPtr(true)
 	cs.Properties.WindowsProfile = &api.WindowsProfile{
-		SSHEnabled: true,
+		SSHEnabled: &trueVar,
 	}
 
 	actual = CreateAgentVMSS(cs, cs.Properties.AgentPoolProfiles[0])
@@ -756,10 +757,11 @@ func TestCreateAgentVMSSHostedMasterProfile(t *testing.T) {
 	}
 
 	// Now Test AgentVMSS with windows
+	trueVar := true
 	cs.Properties.AgentPoolProfiles[0].OSType = "Windows"
 	cs.Properties.AgentPoolProfiles[0].AcceleratedNetworkingEnabledWindows = to.BoolPtr(true)
 	cs.Properties.WindowsProfile = &api.WindowsProfile{
-		SSHEnabled: true,
+		SSHEnabled: &trueVar,
 	}
 
 	actual = CreateAgentVMSS(cs, cs.Properties.AgentPoolProfiles[0])

test/e2e/kubernetes/kubernetes_test.go

@@ -277,7 +277,7 @@ var _ = Describe("Azure Container Cluster using the Kubernetes Orchestrator", fu
 					dockerVersionCmd := fmt.Sprintf("\"docker version\"")
 					for _, n := range nodes {
 						if n.IsWindows() {
-							if eng.ExpandedDefinition.Properties.WindowsProfile != nil && !eng.ExpandedDefinition.Properties.WindowsProfile.SSHEnabled {
+							if eng.ExpandedDefinition.Properties.WindowsProfile != nil && !eng.ExpandedDefinition.Properties.WindowsProfile.GetSshEnabled() {
 								log.Printf("Can't ssh into Windows node %s because there is no SSH listener", n.Metadata.Name)
 								continue
 							}
@@ -1118,7 +1118,7 @@ var _ = Describe("Azure Container Cluster using the Kubernetes Orchestrator", fu
 		It("kubelet service should be able to recover when the docker service is stopped", func() {
 			if !eng.ExpandedDefinition.Properties.HasNonRegularPriorityScaleset() {
 				if eng.HasWindowsAgents() {
-					if eng.ExpandedDefinition.Properties.WindowsProfile != nil && eng.ExpandedDefinition.Properties.WindowsProfile.SSHEnabled {
+					if eng.ExpandedDefinition.Properties.WindowsProfile != nil && eng.ExpandedDefinition.Properties.WindowsProfile.GetSshEnabled() {
 						nodes, err := node.GetReadyWithRetry(1*time.Second, cfg.Timeout)
 						Expect(err).NotTo(HaveOccurred())
 						simulateDockerdCrashScript := "simulate-dockerd-crash.cmd"