Skip to content

chore: add agentbaker artifact streaming combo e2es #8332

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
mxj220 wants to merge 2 commits into
base: main
Choose a base branch
from
Open

chore: add agentbaker artifact streaming combo e2es #8332

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
fd91274
add agentbaker artifact streaming combo e2es
mxj220 Apr 16, 2026
13593e7
rename kata
mxj220 Apr 16, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
21 changes: 21 additions & 0 deletions e2e/config/vhd.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -60,6 +60,13 @@ var (
Distro: datamodel.AKSUbuntuContainerd2204Gen2,
Gallery: imageGalleryLinux,
}
VHDUbuntu2204Gen2TLContainerd = &Image{
Name: "2204gen2TLcontainerd",
OS: OSUbuntu,
Arch: "amd64",
Distro: datamodel.AKSUbuntuContainerd2204TLGen2,
Gallery: imageGalleryLinux,
}
VHDUbuntu2204FIPSContainerd = &Image{
Name: "2204fipscontainerd",
OS: OSUbuntu,
Expand Down Expand Up @@ -98,6 +105,20 @@ var (
Distro: datamodel.AKSAzureLinuxV3Gen2,
Gallery: imageGalleryLinux,
}
VHDAzureLinuxV3CVMGen2 = &Image{
Name: "V3gen2CVM",
OS: OSAzureLinux,
Arch: "amd64",
Distro: datamodel.AKSAzureLinuxV3CVMGen2,
Gallery: imageGalleryLinux,
}
VHDAzureLinuxV3KataGen2 = &Image{
Name: "V3katagen2",
OS: OSAzureLinux,
Arch: "amd64",
Distro: datamodel.AKSAzureLinuxV3Gen2Kata,
Gallery: imageGalleryLinux,
}
VHDAzureLinux3OSGuard = &Image{
Name: "AzureLinuxOSGuardOSGuardV3gen2fipsTL",
OS: OSAzureLinux,
Expand Down
213 changes: 213 additions & 0 deletions e2e/scenario_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1262,6 +1262,219 @@ func Test_Ubuntu2204_ArtifactStreaming_ARM64_Scriptless(t *testing.T) {
})
}

func Test_Ubuntu2204_ArtifactStreaming_TrustedLaunch(t *testing.T) {
RunScenario(t, &Scenario{
Description: "tests that a new ubuntu 2204 node using artifact streaming with trusted launch can be properly bootstrapped",
Config: Config{
Cluster: ClusterKubenet,
VHD: config.VHDUbuntu2204Gen2TLContainerd,
BootstrapConfigMutator: func(nbc *datamodel.NodeBootstrappingConfiguration) {
nbc.EnableArtifactStreaming = true
},
VMConfigMutator: func(vmss *armcompute.VirtualMachineScaleSet) {
vmss.Properties = addTrustedLaunchToVMSS(vmss.Properties)
},
Validator: func(ctx context.Context, s *Scenario) {
ValidateNonEmptyDirectory(ctx, s, "/etc/overlaybd")
ValidateSystemdUnitIsRunning(ctx, s, "overlaybd-snapshotter.service")
ValidateSystemdUnitIsRunning(ctx, s, "overlaybd-tcmu.service")
ValidateSystemdUnitIsRunning(ctx, s, "acr-mirror.service")
ValidateSystemdUnitIsRunning(ctx, s, "containerd.service")
},
},
})
}

func Test_Ubuntu2204_ArtifactStreaming_TrustedLaunch_Scriptless(t *testing.T) {
RunScenario(t, &Scenario{
Description: "tests that a new ubuntu 2204 node using artifact streaming with trusted launch can be properly bootstrapped",
Tags: Tags{
Scriptless: true,
},
Config: Config{
Cluster: ClusterKubenet,
VHD: config.VHDUbuntu2204Gen2TLContainerd,
AKSNodeConfigMutator: func(config *aksnodeconfigv1.Configuration) {
config.EnableArtifactStreaming = true
},
VMConfigMutator: func(vmss *armcompute.VirtualMachineScaleSet) {
vmss.Properties = addTrustedLaunchToVMSS(vmss.Properties)
},
Validator: func(ctx context.Context, s *Scenario) {
ValidateNonEmptyDirectory(ctx, s, "/etc/overlaybd")
ValidateSystemdUnitIsRunning(ctx, s, "overlaybd-snapshotter.service")
ValidateSystemdUnitIsRunning(ctx, s, "overlaybd-tcmu.service")
ValidateSystemdUnitIsRunning(ctx, s, "acr-mirror.service")
ValidateSystemdUnitIsRunning(ctx, s, "containerd.service")
},
},
})
}

func Test_Ubuntu2204_ArtifactStreaming_FIPS(t *testing.T) {
RunScenario(t, &Scenario{
Description: "tests that a new ubuntu 2204 FIPS node using artifact streaming can be properly bootstrapped",
Config: Config{
Cluster: ClusterKubenet,
VHD: config.VHDUbuntu2204Gen2FIPSContainerd,
BootstrapConfigMutator: func(nbc *datamodel.NodeBootstrappingConfiguration) {
nbc.EnableArtifactStreaming = true
},
VMConfigMutator: func(vmss *armcompute.VirtualMachineScaleSet) {
vmss.Properties.AdditionalCapabilities = &armcompute.AdditionalCapabilities{
EnableFips1403Encryption: to.Ptr(true),
}
settings := vmss.Properties.VirtualMachineProfile.ExtensionProfile.Extensions[0].Properties.ProtectedSettings
vmss.Properties.VirtualMachineProfile.ExtensionProfile.Extensions[0].Properties.Settings = settings
vmss.Properties.VirtualMachineProfile.ExtensionProfile.Extensions[0].Properties.ProtectedSettings = nil
},
Validator: func(ctx context.Context, s *Scenario) {
ValidateNonEmptyDirectory(ctx, s, "/etc/overlaybd")
ValidateSystemdUnitIsRunning(ctx, s, "overlaybd-snapshotter.service")
ValidateSystemdUnitIsRunning(ctx, s, "overlaybd-tcmu.service")
ValidateSystemdUnitIsRunning(ctx, s, "acr-mirror.service")
ValidateSystemdUnitIsRunning(ctx, s, "containerd.service")
},
},
})
}

func Test_Ubuntu2204_ArtifactStreaming_FIPS_Scriptless(t *testing.T) {
RunScenario(t, &Scenario{
Description: "tests that a new ubuntu 2204 FIPS node using artifact streaming can be properly bootstrapped",
Tags: Tags{
Scriptless: true,
},
Config: Config{
Cluster: ClusterKubenet,
VHD: config.VHDUbuntu2204Gen2FIPSContainerd,
AKSNodeConfigMutator: func(config *aksnodeconfigv1.Configuration) {
config.EnableArtifactStreaming = true
},
VMConfigMutator: func(vmss *armcompute.VirtualMachineScaleSet) {
vmss.Properties.AdditionalCapabilities = &armcompute.AdditionalCapabilities{
EnableFips1403Encryption: to.Ptr(true),
}
settings := vmss.Properties.VirtualMachineProfile.ExtensionProfile.Extensions[0].Properties.ProtectedSettings
vmss.Properties.VirtualMachineProfile.ExtensionProfile.Extensions[0].Properties.Settings = settings
vmss.Properties.VirtualMachineProfile.ExtensionProfile.Extensions[0].Properties.ProtectedSettings = nil
},
Validator: func(ctx context.Context, s *Scenario) {
ValidateNonEmptyDirectory(ctx, s, "/etc/overlaybd")
ValidateSystemdUnitIsRunning(ctx, s, "overlaybd-snapshotter.service")
ValidateSystemdUnitIsRunning(ctx, s, "overlaybd-tcmu.service")
ValidateSystemdUnitIsRunning(ctx, s, "acr-mirror.service")
ValidateSystemdUnitIsRunning(ctx, s, "containerd.service")
},
},
})
}

func Test_AzureLinuxV3_ArtifactStreaming_CVM(t *testing.T) {
RunScenario(t, &Scenario{
Description: "tests that a new azure linux v3 CVM node using artifact streaming can be properly bootstrapped",
Config: Config{
Cluster: ClusterKubenet,
VHD: config.VHDAzureLinuxV3CVMGen2,
BootstrapConfigMutator: func(nbc *datamodel.NodeBootstrappingConfiguration) {
nbc.EnableArtifactStreaming = true
nbc.AgentPoolProfile.VMSize = "Standard_DC2as_v5"
},
VMConfigMutator: func(vmss *armcompute.VirtualMachineScaleSet) {
vmss.SKU.Name = to.Ptr("Standard_DC2as_v5")
vmss.Properties = addConfidentialVMToVMSS(vmss.Properties)
},
Validator: func(ctx context.Context, s *Scenario) {
ValidateNonEmptyDirectory(ctx, s, "/etc/overlaybd")
ValidateSystemdUnitIsRunning(ctx, s, "overlaybd-snapshotter.service")
ValidateSystemdUnitIsRunning(ctx, s, "overlaybd-tcmu.service")
ValidateSystemdUnitIsRunning(ctx, s, "acr-mirror.service")
ValidateSystemdUnitIsRunning(ctx, s, "containerd.service")
},
},
})
}

func Test_AzureLinuxV3_ArtifactStreaming_CVM_Scriptless(t *testing.T) {
RunScenario(t, &Scenario{
Description: "tests that a new azure linux v3 CVM node using artifact streaming can be properly bootstrapped",
Tags: Tags{
Scriptless: true,
},
Config: Config{
Cluster: ClusterKubenet,
VHD: config.VHDAzureLinuxV3CVMGen2,
AKSNodeConfigMutator: func(config *aksnodeconfigv1.Configuration) {
config.EnableArtifactStreaming = true
config.VmSize = "Standard_DC2as_v5"
},
VMConfigMutator: func(vmss *armcompute.VirtualMachineScaleSet) {
vmss.SKU.Name = to.Ptr("Standard_DC2as_v5")
vmss.Properties = addConfidentialVMToVMSS(vmss.Properties)
},
Validator: func(ctx context.Context, s *Scenario) {
ValidateNonEmptyDirectory(ctx, s, "/etc/overlaybd")
ValidateSystemdUnitIsRunning(ctx, s, "overlaybd-snapshotter.service")
ValidateSystemdUnitIsRunning(ctx, s, "overlaybd-tcmu.service")
ValidateSystemdUnitIsRunning(ctx, s, "acr-mirror.service")
ValidateSystemdUnitIsRunning(ctx, s, "containerd.service")
},
},
})
}

func Test_AzureLinuxV3_ArtifactStreaming_Kata(t *testing.T) {
RunScenario(t, &Scenario{
Description: "tests that a new azure linux v3 node with Kata VM isolation using artifact streaming can be properly bootstrapped",
Config: Config{
Cluster: ClusterKubenet,
VHD: config.VHDAzureLinuxV3KataGen2,
BootstrapConfigMutator: func(nbc *datamodel.NodeBootstrappingConfiguration) {
nbc.EnableArtifactStreaming = true
nbc.AgentPoolProfile.VMSize = "Standard_D4s_v3"
},
VMConfigMutator: func(vmss *armcompute.VirtualMachineScaleSet) {
vmss.SKU.Name = to.Ptr("Standard_D4s_v3")
},
Validator: func(ctx context.Context, s *Scenario) {
ValidateNonEmptyDirectory(ctx, s, "/etc/overlaybd")
ValidateSystemdUnitIsRunning(ctx, s, "overlaybd-snapshotter.service")
ValidateSystemdUnitIsRunning(ctx, s, "overlaybd-tcmu.service")
ValidateSystemdUnitIsRunning(ctx, s, "acr-mirror.service")
ValidateSystemdUnitIsRunning(ctx, s, "containerd.service")
},
},
})
}

func Test_AzureLinuxV3_ArtifactStreaming_Kata_Scriptless(t *testing.T) {
RunScenario(t, &Scenario{
Description: "tests that a new azure linux v3 node with Kata VM isolation using artifact streaming can be properly bootstrapped",
Tags: Tags{
Scriptless: true,
},
Config: Config{
Cluster: ClusterKubenet,
VHD: config.VHDAzureLinuxV3KataGen2,
AKSNodeConfigMutator: func(config *aksnodeconfigv1.Configuration) {
config.EnableArtifactStreaming = true
config.IsKata = true
config.VmSize = "Standard_D4s_v3"
},
VMConfigMutator: func(vmss *armcompute.VirtualMachineScaleSet) {
vmss.SKU.Name = to.Ptr("Standard_D4s_v3")
},
Validator: func(ctx context.Context, s *Scenario) {
ValidateNonEmptyDirectory(ctx, s, "/etc/overlaybd")
ValidateSystemdUnitIsRunning(ctx, s, "overlaybd-snapshotter.service")
ValidateSystemdUnitIsRunning(ctx, s, "overlaybd-tcmu.service")
ValidateSystemdUnitIsRunning(ctx, s, "acr-mirror.service")
ValidateSystemdUnitIsRunning(ctx, s, "containerd.service")
},
},
})
}

func Test_Ubuntu2204_ChronyRestarts_Taints_And_Tolerations(t *testing.T) {
RunScenario(t, &Scenario{
Description: "Tests that the chrony service restarts if it is killed. Also tests taints and tolerations",
Expand Down
36 changes: 36 additions & 0 deletions e2e/test_helpers.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -548,6 +548,42 @@ func addTrustedLaunchToVMSS(properties *armcompute.VirtualMachineScaleSetPropert
return properties
}

func addConfidentialVMToVMSS(properties *armcompute.VirtualMachineScaleSetProperties) *armcompute.VirtualMachineScaleSetProperties {
if properties == nil {
properties = &armcompute.VirtualMachineScaleSetProperties{}
}

if properties.VirtualMachineProfile == nil {
properties.VirtualMachineProfile = &armcompute.VirtualMachineScaleSetVMProfile{}
}

if properties.VirtualMachineProfile.SecurityProfile == nil {
properties.VirtualMachineProfile.SecurityProfile = &armcompute.SecurityProfile{}
}

properties.VirtualMachineProfile.SecurityProfile.SecurityType = to.Ptr(armcompute.SecurityTypesConfidentialVM)
if properties.VirtualMachineProfile.SecurityProfile.UefiSettings == nil {
properties.VirtualMachineProfile.SecurityProfile.UefiSettings = &armcompute.UefiSettings{}
}
properties.VirtualMachineProfile.SecurityProfile.UefiSettings.SecureBootEnabled = to.Ptr(true)
properties.VirtualMachineProfile.SecurityProfile.UefiSettings.VTpmEnabled = to.Ptr(true)

if properties.VirtualMachineProfile.StorageProfile == nil {
properties.VirtualMachineProfile.StorageProfile = &armcompute.VirtualMachineScaleSetStorageProfile{}
}
if properties.VirtualMachineProfile.StorageProfile.OSDisk == nil {
properties.VirtualMachineProfile.StorageProfile.OSDisk = &armcompute.VirtualMachineScaleSetOSDisk{}
}
if properties.VirtualMachineProfile.StorageProfile.OSDisk.ManagedDisk == nil {
properties.VirtualMachineProfile.StorageProfile.OSDisk.ManagedDisk = &armcompute.VirtualMachineScaleSetManagedDiskParameters{}
}
properties.VirtualMachineProfile.StorageProfile.OSDisk.ManagedDisk.SecurityProfile = &armcompute.VMDiskSecurityProfile{
SecurityEncryptionType: to.Ptr(armcompute.SecurityEncryptionTypesVMGuestStateOnly),
}

return properties
}

func createVMExtensionLinuxAKSNode(ctx context.Context, location *string) (*armcompute.VirtualMachineScaleSetExtension, error) {
ctx, cancel := context.WithTimeout(ctx, 30*time.Second)
defer cancel()
Expand Down
Loading