Open
Conversation
fseldow
requested review from
AbelHu,
Devinwong,
SriHarsha001,
awesomenix,
calvin197,
cameronmeissner,
djsly,
ganeshkumarashok,
junjiezhang1997,
lilypan26,
mxj220,
pdamianov-dev,
phealy,
r2k1,
sulixu,
surajssd,
timmy-wright and
zachary-bailey
as code owners
Contributor
There was a problem hiding this comment.
Pull request overview
This PR adds support for downloading the Windows Azure VNet CNI plugin via ORAS when BootstrapProfileContainerRegistryServer is set (network-isolated cluster path), including a helper to parse package name/version from the CNI URL and a new Windows CSE exit code constant.
Changes:
- Add ORAS-based download path for Azure VNet CNI in
Install-VnetPluginswhen a bootstrap profile registry is provided. - Introduce
Get-PackageNameAndVersionFromCniUrland add unit tests for URL parsing. - Add a new Windows CSE exit code constant for generic ORAS package pull failures.
Reviewed changes
Copilot reviewed 3 out of 3 changed files in this pull request and generated 8 comments.
| File | Description |
|---|---|
| staging/cse/windows/azurecnifunc.ps1 | Adds ORAS download logic for Azure VNet CNI and a URL parsing helper (currently has correctness/robustness issues). |
| staging/cse/windows/azurecnifunc.tests.ps1 | Adds Pester tests validating CNI URL parsing for package name/version extraction. |
| parts/windows/windowscsehelper.ps1 | Adds a new ORAS-related exit code constant and increments WINDOWS_CSE_ERROR_MAX_CODE (requires corresponding ErrorCodeNames update). |
Comment on lines
+22
to
+30
| else { | ||
| # ni path | ||
| # Extract package name and version from URL for ORAS reference. | ||
| # URL format: https://packages.aks.azure.com/azure-cni/v${version}/binaries/<package-name>-windows-amd64-v${version}.zip | ||
| # packageName could be azure-vnet-cni, azure-vnet-cni-overlay, azure-vnet-cni-swift | ||
| $packageInfo = Get-PackageNameAndVersionFromCniUrl -Url $VNetCNIPluginsURL | ||
| if (-not $packageInfo) { | ||
| Set-ExitCode -ExitCode $global:WINDOWS_CSE_ERROR_DOWNLOAD_CNI_PACKAGE -ErrorMessage "Failed to extract containerd version tag from URL: $VNetCNIPluginsURL" | ||
| } |
| Retry-Command -Command "DownloadFileWithOras" -Args @{Reference = $orasReference; DestinationPath = $tarfile; CachedFile = $cachedFileName } -Retries 5 -RetryDelaySeconds 10 | ||
| } | ||
| catch { | ||
| Set-ExitCode -ExitCode $global:WINDOWS_CSE_ERROR_ORAS_PULL_CONTAINERD -ErrorMessage "Exhausted retries for oras pull $orasReference. Error: $_" |
Comment on lines
16
to
+43
| # Download Azure VNET CNI plugins. | ||
| # Mirror from https://github.com/Azure/azure-container-networking/releases | ||
| $zipfile = [Io.path]::Combine("$AzureCNIDir", "azure-vnet.zip") | ||
| DownloadFileOverHttp -Url $VNetCNIPluginsURL -DestinationPath $zipfile -ExitCode $global:WINDOWS_CSE_ERROR_DOWNLOAD_CNI_PACKAGE | ||
| if ([string]::IsNullOrEmpty($global:BootstrapProfileContainerRegistryServer)) { | ||
| DownloadFileOverHttp -Url $VNetCNIPluginsURL -DestinationPath $zipfile -ExitCode $global:WINDOWS_CSE_ERROR_DOWNLOAD_CNI_PACKAGE | ||
| } | ||
| else { | ||
| # ni path | ||
| # Extract package name and version from URL for ORAS reference. | ||
| # URL format: https://packages.aks.azure.com/azure-cni/v${version}/binaries/<package-name>-windows-amd64-v${version}.zip | ||
| # packageName could be azure-vnet-cni, azure-vnet-cni-overlay, azure-vnet-cni-swift | ||
| $packageInfo = Get-PackageNameAndVersionFromCniUrl -Url $VNetCNIPluginsURL | ||
| if (-not $packageInfo) { | ||
| Set-ExitCode -ExitCode $global:WINDOWS_CSE_ERROR_DOWNLOAD_CNI_PACKAGE -ErrorMessage "Failed to extract containerd version tag from URL: $VNetCNIPluginsURL" | ||
| } | ||
| $containerdVersionTag = $packageInfo.Version | ||
| $orasPackageName = $packageInfo.PackageName | ||
|
|
||
| Logs-To-Event -TaskName "AKS.WindowsCSE.DownloadAzureVnetCniWithOras" -TaskMessage "Start to download Azure VNet CNI with oras. ContainerdVersionTag: $containerdVersionTag, BootstrapProfileContainerRegistryServer: $global:BootstrapProfileContainerRegistryServer" | ||
| $orasReference = "$global:BootstrapProfileContainerRegistryServer/aks/packages/azure/${orasPackageName}:${containerdVersionTag}" | ||
| $cachedFileName = Get-FileNameFromUrl -Url $VNetCNIPluginsURL | ||
| try { | ||
| Retry-Command -Command "DownloadFileWithOras" -Args @{Reference = $orasReference; DestinationPath = $tarfile; CachedFile = $cachedFileName } -Retries 5 -RetryDelaySeconds 10 | ||
| } | ||
| catch { | ||
| Set-ExitCode -ExitCode $global:WINDOWS_CSE_ERROR_ORAS_PULL_CONTAINERD -ErrorMessage "Exhausted retries for oras pull $orasReference. Error: $_" | ||
| } | ||
| } |
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
Comment on lines
+36
to
45
| $orasReference = "$global:BootstrapProfileContainerRegistryServer/aks/packages/azure/${orasPackageName}:${containerdVersionTag}" | ||
| $cachedFileName = Get-FileNameFromUrl -Url $VNetCNIPluginsURL | ||
| try { | ||
| Retry-Command -Command "DownloadFileWithOras" -Args @{Reference = $orasReference; DestinationPath = $zipfile; CachedFile = $cachedFileName } -Retries 5 -RetryDelaySeconds 10 | ||
| } | ||
| catch { | ||
| Set-ExitCode -ExitCode $global:WINDOWS_CSE_ERROR_ORAS_PULL_CONTAINERD -ErrorMessage "Exhausted retries for oras pull $orasReference. Error: $_" | ||
| } | ||
| } | ||
| AKS-Expand-Archive -path $zipfile -DestinationPath $AzureCNIBinDir |
Comment on lines
+34
to
+36
|
|
||
| Logs-To-Event -TaskName "AKS.WindowsCSE.DownloadAzureVnetCniWithOras" -TaskMessage "Start to download Azure VNet CNI with oras. ContainerdVersionTag: $containerdVersionTag, BootstrapProfileContainerRegistryServer: $global:BootstrapProfileContainerRegistryServer" | ||
| $orasReference = "$global:BootstrapProfileContainerRegistryServer/aks/packages/azure/${orasPackageName}:${containerdVersionTag}" |
|
|
||
| Logs-To-Event -TaskName "AKS.WindowsCSE.DownloadAzureVnetCniWithOras" -TaskMessage "Start to download Azure VNet CNI with oras. ContainerdVersionTag: $containerdVersionTag, BootstrapProfileContainerRegistryServer: $global:BootstrapProfileContainerRegistryServer" | ||
| $orasReference = "$global:BootstrapProfileContainerRegistryServer/aks/packages/azure/${orasPackageName}:${containerdVersionTag}" | ||
| $cachedFileName = Get-FileNameFromUrl -Url $VNetCNIPluginsURL |
Comment on lines
+30
to
+36
| Set-ExitCode -ExitCode $global:WINDOWS_CSE_ERROR_DOWNLOAD_CNI_PACKAGE -ErrorMessage "Failed to extract containerd version tag from URL: $VNetCNIPluginsURL" | ||
| } | ||
| $containerdVersionTag = $packageInfo.Version | ||
| $orasPackageName = $packageInfo.PackageName | ||
|
|
||
| Logs-To-Event -TaskName "AKS.WindowsCSE.DownloadAzureVnetCniWithOras" -TaskMessage "Start to download Azure VNet CNI with oras. ContainerdVersionTag: $containerdVersionTag, BootstrapProfileContainerRegistryServer: $global:BootstrapProfileContainerRegistryServer" | ||
| $orasReference = "$global:BootstrapProfileContainerRegistryServer/aks/packages/azure/${orasPackageName}:${containerdVersionTag}" |
| Retry-Command -Command "DownloadFileWithOras" -Args @{Reference = $orasReference; DestinationPath = $zipfile; CachedFile = $cachedFileName } -Retries 5 -RetryDelaySeconds 10 | ||
| } | ||
| catch { | ||
| Set-ExitCode -ExitCode $global:WINDOWS_CSE_ERROR_ORAS_PULL_CONTAINERD -ErrorMessage "Exhausted retries for oras pull $orasReference. Error: $_" |
Comment on lines
+73
to
+111
| Describe 'Get-PackageNameAndVersionFromCniUrl' { | ||
| It 'Should parse package name and version for azure-vnet-cni URL' { | ||
| $url = 'https://packages.aks.azure.com/azure-cni/v1.6.20/binaries/azure-vnet-cni-windows-amd64-v1.6.20.zip' | ||
|
|
||
| $result = Get-PackageNameAndVersionFromCniUrl -Url $url | ||
|
|
||
| $result | Should -Not -BeNullOrEmpty | ||
| $result.PackageName | Should -Be 'azure-vnet-cni' | ||
| $result.Version | Should -Be 'v1.6.20' | ||
| } | ||
|
|
||
| It 'Should parse package name and version for azure-vnet-cni-swift URL' { | ||
| $url = 'https://packages.aks.azure.com/azure-cni/v1.6.20/binaries/azure-vnet-cni-swift-windows-amd64-v1.6.20.zip' | ||
|
|
||
| $result = Get-PackageNameAndVersionFromCniUrl -Url $url | ||
|
|
||
| $result | Should -Not -BeNullOrEmpty | ||
| $result.PackageName | Should -Be 'azure-vnet-cni-swift' | ||
| $result.Version | Should -Be 'v1.6.20' | ||
| } | ||
|
|
||
| It 'Should parse package name and hotfix version suffix from URL' { | ||
| $url = 'https://packages.aks.azure.com/azure-cni/v1.6.1-hotfix20241024ApipaGW/binaries/azure-vnet-cni-windows-amd64-v1.6.1-hotfix20241024ApipaGW.zip' | ||
|
|
||
| $result = Get-PackageNameAndVersionFromCniUrl -Url $url | ||
|
|
||
| $result | Should -Not -BeNullOrEmpty | ||
| $result.PackageName | Should -Be 'azure-vnet-cni' | ||
| $result.Version | Should -Be 'v1.6.1-hotfix20241024ApipaGW' | ||
| } | ||
|
|
||
| It 'Should return null for invalid URL format' { | ||
| $url = 'https://packages.aks.azure.com/azure-cni/v1.6.20/binaries/azure-vnet-cni-linux-amd64-v1.6.20.tar.gz' | ||
|
|
||
| $result = Get-PackageNameAndVersionFromCniUrl -Url $url | ||
|
|
||
| $result | Should -Be $null | ||
| } | ||
| } |
- ORAS reference construction for azure-vnet-cni, overlay, and swift variants - Correct destination path passed to ORAS download - URL parse failure handling with correct error code - ORAS pull failure with correct error code - HTTP download fallback when registry server is not set
Comment on lines
+34
to
+36
|
|
||
| Logs-To-Event -TaskName "AKS.WindowsCSE.DownloadAzureVnetCniWithOras" -TaskMessage "Start to download Azure VNet CNI with oras. ContainerdVersionTag: $containerdVersionTag, BootstrapProfileContainerRegistryServer: $global:BootstrapProfileContainerRegistryServer" | ||
| $orasReference = "$global:BootstrapProfileContainerRegistryServer/aks/packages/azure/${orasPackageName}:${containerdVersionTag}" |
Comment on lines
+36
to
+40
| $orasReference = "$global:BootstrapProfileContainerRegistryServer/aks/packages/azure/${orasPackageName}:${containerdVersionTag}" | ||
| $cachedFileName = Get-FileNameFromUrl -Url $VNetCNIPluginsURL | ||
| try { | ||
| Retry-Command -Command "DownloadFileWithOras" -Args @{Reference = $orasReference; DestinationPath = $zipfile; CachedFile = $cachedFileName } -Retries 5 -RetryDelaySeconds 10 | ||
| } |
Comment on lines
+30
to
+36
| Set-ExitCode -ExitCode $global:WINDOWS_CSE_ERROR_DOWNLOAD_CNI_PACKAGE -ErrorMessage "Failed to extract containerd version tag from URL: $VNetCNIPluginsURL" | ||
| } | ||
| $containerdVersionTag = $packageInfo.Version | ||
| $orasPackageName = $packageInfo.PackageName | ||
|
|
||
| Logs-To-Event -TaskName "AKS.WindowsCSE.DownloadAzureVnetCniWithOras" -TaskMessage "Start to download Azure VNet CNI with oras. ContainerdVersionTag: $containerdVersionTag, BootstrapProfileContainerRegistryServer: $global:BootstrapProfileContainerRegistryServer" | ||
| $orasReference = "$global:BootstrapProfileContainerRegistryServer/aks/packages/azure/${orasPackageName}:${containerdVersionTag}" |
| Retry-Command -Command "DownloadFileWithOras" -Args @{Reference = $orasReference; DestinationPath = $zipfile; CachedFile = $cachedFileName } -Retries 5 -RetryDelaySeconds 10 | ||
| } | ||
| catch { | ||
| Set-ExitCode -ExitCode $global:WINDOWS_CSE_ERROR_ORAS_PULL_CONTAINERD -ErrorMessage "Exhausted retries for oras pull $orasReference. Error: $_" |
Comment on lines
+62
to
+63
| $pattern = '/binaries/(?<PackageName>.+)-windows-amd64-(?<Version>v[0-9]+(?:\.[0-9]+)*(?:-[A-Za-z0-9._-]+)?)\.zip$' | ||
| if ($Url -match $pattern) { |
| -VNetCNIPluginsURL "https://packages.aks.azure.com/azure-cni/v1.6.20/binaries/azure-vnet-cni-windows-amd64-v1.6.20.zip" } | Should -Throw "*Exhausted retries*" | ||
|
|
||
| Assert-MockCalled -CommandName "Set-ExitCode" -Exactly -Times 1 -ParameterFilter { | ||
| $ExitCode -eq $global:WINDOWS_CSE_ERROR_ORAS_PULL_CONTAINERD |
Follow containerdfunc.tests.ps1 pattern - mock DownloadFileWithOras instead of Retry-Command, mock Move-Item/Remove-Item for file cleanup
Comment on lines
+34
to
+36
|
|
||
| Logs-To-Event -TaskName "AKS.WindowsCSE.DownloadAzureVnetCniWithOras" -TaskMessage "Start to download Azure VNet CNI with oras. ContainerdVersionTag: $containerdVersionTag, BootstrapProfileContainerRegistryServer: $global:BootstrapProfileContainerRegistryServer" | ||
| $orasReference = "$global:BootstrapProfileContainerRegistryServer/aks/packages/azure/${orasPackageName}:${containerdVersionTag}" |
Comment on lines
+38
to
+42
| try { | ||
| Retry-Command -Command "DownloadFileWithOras" -Args @{Reference = $orasReference; DestinationPath = $zipfile; CachedFile = $cachedFileName } -Retries 5 -RetryDelaySeconds 10 | ||
| } | ||
| catch { | ||
| Set-ExitCode -ExitCode $global:WINDOWS_CSE_ERROR_ORAS_PULL_CONTAINERD -ErrorMessage "Exhausted retries for oras pull $orasReference. Error: $_" |
Comment on lines
+30
to
+36
| Set-ExitCode -ExitCode $global:WINDOWS_CSE_ERROR_DOWNLOAD_CNI_PACKAGE -ErrorMessage "Failed to extract containerd version tag from URL: $VNetCNIPluginsURL" | ||
| } | ||
| $containerdVersionTag = $packageInfo.Version | ||
| $orasPackageName = $packageInfo.PackageName | ||
|
|
||
| Logs-To-Event -TaskName "AKS.WindowsCSE.DownloadAzureVnetCniWithOras" -TaskMessage "Start to download Azure VNet CNI with oras. ContainerdVersionTag: $containerdVersionTag, BootstrapProfileContainerRegistryServer: $global:BootstrapProfileContainerRegistryServer" | ||
| $orasReference = "$global:BootstrapProfileContainerRegistryServer/aks/packages/azure/${orasPackageName}:${containerdVersionTag}" |
| -VNetCNIPluginsURL "https://packages.aks.azure.com/azure-cni/v1.6.20/binaries/azure-vnet-cni-windows-amd64-v1.6.20.zip" } | Should -Throw "*Exhausted retries*" | ||
|
|
||
| Assert-MockCalled -CommandName "Set-ExitCode" -Exactly -Times 1 -ParameterFilter { | ||
| $ExitCode -eq $global:WINDOWS_CSE_ERROR_ORAS_PULL_CONTAINERD |
ParameterFilter needs named params to match against
Comment on lines
+34
to
+36
|
|
||
| Logs-To-Event -TaskName "AKS.WindowsCSE.DownloadAzureVnetCniWithOras" -TaskMessage "Start to download Azure VNet CNI with oras. ContainerdVersionTag: $containerdVersionTag, BootstrapProfileContainerRegistryServer: $global:BootstrapProfileContainerRegistryServer" | ||
| $orasReference = "$global:BootstrapProfileContainerRegistryServer/aks/packages/azure/${orasPackageName}:${containerdVersionTag}" |
Comment on lines
+37
to
+40
| $cachedFileName = Get-FileNameFromUrl -Url $VNetCNIPluginsURL | ||
| try { | ||
| Retry-Command -Command "DownloadFileWithOras" -Args @{Reference = $orasReference; DestinationPath = $zipfile; CachedFile = $cachedFileName } -Retries 5 -RetryDelaySeconds 10 | ||
| } |
Comment on lines
+30
to
+36
| Set-ExitCode -ExitCode $global:WINDOWS_CSE_ERROR_DOWNLOAD_CNI_PACKAGE -ErrorMessage "Failed to extract containerd version tag from URL: $VNetCNIPluginsURL" | ||
| } | ||
| $containerdVersionTag = $packageInfo.Version | ||
| $orasPackageName = $packageInfo.PackageName | ||
|
|
||
| Logs-To-Event -TaskName "AKS.WindowsCSE.DownloadAzureVnetCniWithOras" -TaskMessage "Start to download Azure VNet CNI with oras. ContainerdVersionTag: $containerdVersionTag, BootstrapProfileContainerRegistryServer: $global:BootstrapProfileContainerRegistryServer" | ||
| $orasReference = "$global:BootstrapProfileContainerRegistryServer/aks/packages/azure/${orasPackageName}:${containerdVersionTag}" |
| # and Windows single-tenancy variants such as azure-vnet-cni-singletenancy (including suffixed forms). | ||
| $packageInfo = Get-PackageNameAndVersionFromCniUrl -Url $VNetCNIPluginsURL | ||
| if (-not $packageInfo) { | ||
| Set-ExitCode -ExitCode $global:WINDOWS_CSE_ERROR_DOWNLOAD_CNI_PACKAGE -ErrorMessage "Failed to extract containerd version tag from URL: $VNetCNIPluginsURL" |
| -VNetCNIPluginsURL "https://packages.aks.azure.com/azure-cni/v1.6.20/binaries/azure-vnet-cni-windows-amd64-v1.6.20.zip" } | Should -Throw "*Exhausted retries*" | ||
|
|
||
| Assert-MockCalled -CommandName "Set-ExitCode" -Exactly -Times 1 -ParameterFilter { | ||
| $ExitCode -eq $global:WINDOWS_CSE_ERROR_ORAS_PULL_CONTAINERD |
Comment on lines
+155
to
+184
| It 'Should call DownloadFileWithOras with correct reference for azure-vnet-cni' { | ||
| $global:BootstrapProfileContainerRegistryServer = "myregistry.azurecr.io" | ||
|
|
||
| Install-VnetPlugins -AzureCNIConfDir "$TestDrive\cniconf" -AzureCNIBinDir "$TestDrive\cnibin" ` | ||
| -VNetCNIPluginsURL "https://packages.aks.azure.com/azure-cni/v1.6.20/binaries/azure-vnet-cni-windows-amd64-v1.6.20.zip" | ||
|
|
||
| Assert-MockCalled -CommandName "DownloadFileWithOras" -Exactly -Times 1 -ParameterFilter { | ||
| $Reference -eq "myregistry.azurecr.io/aks/packages/azure/azure-vnet-cni:v1.6.20" | ||
| } | ||
| } | ||
|
|
||
| It 'Should call DownloadFileWithOras with correct reference for azure-vnet-cni-overlay' { | ||
| $global:BootstrapProfileContainerRegistryServer = "myregistry.azurecr.io" | ||
|
|
||
| Install-VnetPlugins -AzureCNIConfDir "$TestDrive\cniconf" -AzureCNIBinDir "$TestDrive\cnibin" ` | ||
| -VNetCNIPluginsURL "https://packages.aks.azure.com/azure-cni/v1.6.20/binaries/azure-vnet-cni-overlay-windows-amd64-v1.6.20.zip" | ||
|
|
||
| Assert-MockCalled -CommandName "DownloadFileWithOras" -Exactly -Times 1 -ParameterFilter { | ||
| $Reference -eq "myregistry.azurecr.io/aks/packages/azure/azure-vnet-cni-overlay:v1.6.20" | ||
| } | ||
| } | ||
|
|
||
| It 'Should call DownloadFileWithOras with correct reference for azure-vnet-cni-swift' { | ||
| $global:BootstrapProfileContainerRegistryServer = "myregistry.azurecr.io" | ||
|
|
||
| Install-VnetPlugins -AzureCNIConfDir "$TestDrive\cniconf" -AzureCNIBinDir "$TestDrive\cnibin" ` | ||
| -VNetCNIPluginsURL "https://packages.aks.azure.com/azure-cni/v1.6.20/binaries/azure-vnet-cni-swift-windows-amd64-v1.6.20.zip" | ||
|
|
||
| Assert-MockCalled -CommandName "DownloadFileWithOras" -Exactly -Times 1 -ParameterFilter { | ||
| $Reference -eq "myregistry.azurecr.io/aks/packages/azure/azure-vnet-cni-swift:v1.6.20" |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What this PR does / why we need it:
feat(windows): oras pull azure vnet cni
Which issue(s) this PR fixes:
Fixes #