Skip to content
This repository has been archived by the owner on Oct 24, 2023. It is now read-only.

Commit

Permalink
feat: Enabling SSH on windows nodes by default (#2759)
Browse files Browse the repository at this point in the history
  • Loading branch information
@marosset
marosset authored Apr 22, 2020
1 parent 5c4e4a7 commit b74f691
Show file tree
Hide file tree
Showing 16 changed files with 75 additions and 52 deletions.
2 changes: 1 addition & 1 deletion cmd/get_logs.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -142,7 +142,7 @@ func (glc *getLogsCmd) loadAPIModel() (err error) {
}
glc.linuxSSHConfig = helpers.SSHClientConfig(glc.cs.Properties.LinuxProfile.AdminUsername, lauth)

if glc.cs.Properties.WindowsProfile != nil && glc.cs.Properties.WindowsProfile.SSHEnabled {
if glc.cs.Properties.WindowsProfile != nil && glc.cs.Properties.WindowsProfile.GetSSHEnabled() {
glc.windowsSSHConfig = helpers.SSHClientConfig(
glc.cs.Properties.WindowsProfile.AdminUsername,
ssh.Password(glc.cs.Properties.WindowsProfile.AdminPassword))
Expand Down
36 changes: 18 additions & 18 deletions docs/topics/clusterdefinitions.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -853,24 +853,24 @@ https://{keyvaultname}.vault.azure.net:443/secrets/{secretName}/{version}

`windowsProfile` provides configuration specific to Windows nodes in the cluster

| Name | Required | Description |
| ----------------------------- | -------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| adminUsername | yes | Username for the Windows adminstrator account created on each Windows node |
| adminPassword | yes | Password for the Windows adminstrator account created on each Windows node |
| csiProxyURL | no | Path to a package containing csi proxy binaries for Windows. |
| enableAutomaticUpdates | no | If set to `true` Windows Update will be configured to automatically apply updates on Windows nodes. Default: `false` |
| enableCSIProxy | no | If set to `true` the csi-proxy specified by `windowsProfile.csiProxyURL` will get installed during node provisioning. See [Windows Csi Proxy](csi-proxy-windows.md) for more details. |
| windowsPublisher | no | Publisher used to find Windows VM to deploy from marketplace. Default: `microsoft-aks` |
| windowsOffer | no | Offer used to find Windows VM to deploy from marketplace. Default: `aks-windows` |
| windowsSku | no | SKU usedto find Windows VM to deploy from marketplace. Default: `2019-datacenter-core-smalldisk` |
| imageVersion | no | Specific image version to deploy from marketplace. Default: `17763.737.190923`. This default is incremented to include the latest Windows patches after being validated by the AKS Engine team. |
| windowsImageSourceURL | no | Path to an existing Azure storage blob with a sysprepped VHD. This is used to test pre-release or customized VHD files that you have uploaded to Azure. If provided, the above 4 parameters are ignored. |
| imageReference.name | no | Name of an Image. |
| imageReference.resourceGroup | no | Resource group that contains the Image. |
| imageReference.subscriptionId | no | ID of subscription containing a Shared Image Gallery. |
| imageReference.gallery | no | Name of a Shared Image Gallery. |
| imageReference.version | no | Version of an Image from a Shared Image Gallery. |
| sshEnabled | no | If set to `true`, OpenSSH will be installed on windows nodes to allow for ssh remoting. **Only for Windows version 1809/2019 or later** . The same SSH authorized public key(s) will be added from [linuxProfile.ssh.publicKeys](#linuxProfile) |
| Name | Required | Description |
| ----------------------------- | -------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| adminUsername | yes | Username for the Windows adminstrator account created on each Windows node |
| adminPassword | yes | Password for the Windows adminstrator account created on each Windows node |
| csiProxyURL | no | Path to a package containing csi proxy binaries for Windows. |
| enableAutomaticUpdates | no | If set to `true` Windows Update will be configured to automatically apply updates on Windows nodes. Default: `false` |
| enableCSIProxy | no | If set to `true` the csi-proxy specified by `windowsProfile.csiProxyURL` will get installed during node provisioning. See [Windows Csi Proxy](csi-proxy-windows.md) for more details. |
| windowsPublisher | no | Publisher used to find Windows VM to deploy from marketplace. Default: `microsoft-aks` |
| windowsOffer | no | Offer used to find Windows VM to deploy from marketplace. Default: `aks-windows` |
| windowsSku | no | SKU usedto find Windows VM to deploy from marketplace. Default: `2019-datacenter-core-smalldisk` |
| imageVersion | no | Specific image version to deploy from marketplace. Default: `17763.737.190923`. This default is incremented to include the latest Windows patches after being validated by the AKS Engine team. |
| windowsImageSourceURL | no | Path to an existing Azure storage blob with a sysprepped VHD. This is used to test pre-release or customized VHD files that you have uploaded to Azure. If provided, the above 4 parameters are ignored. |
| imageReference.name | no | Name of an Image. |
| imageReference.resourceGroup | no | Resource group that contains the Image. |
| imageReference.subscriptionId | no | ID of subscription containing a Shared Image Gallery. |
| imageReference.gallery | no | Name of a Shared Image Gallery. |
| imageReference.version | no | Version of an Image from a Shared Image Gallery. |
| sshEnabled | no | If set to `true`, OpenSSH will be installed on windows nodes to allow for ssh remoting. **Only for Windows version 1809/2019 or later**. The same SSH authorized public key(s) will be added from [linuxProfile.ssh.publicKeys](#linuxProfile). Default: `true` |

#### Windows Images

Expand Down
2 changes: 2 additions & 0 deletions pkg/api/const.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -483,6 +483,8 @@ const (
DefaultNonMasqueradeCIDR = "0.0.0.0/0"
// DefaultKubeProxyMode is the default KubeProxyMode value
DefaultKubeProxyMode KubeProxyMode = KubeProxyModeIPTables
// DefaultWindowsSSHEnabled is the default windowsProfile.sshEnabled value
DefaultWindowsSSHEnabled = true
)

const (
Expand Down
4 changes: 3 additions & 1 deletion pkg/api/converterfromapi.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -206,7 +206,9 @@ func convertWindowsProfileToVLabs(api *WindowsProfile, vlabsProfile *vlabs.Windo
convertKeyVaultSecretsToVlabs(&s, secret)
vlabsProfile.Secrets = append(vlabsProfile.Secrets, *secret)
}
vlabsProfile.SSHEnabled = api.SSHEnabled
if api.SSHEnabled != nil {
vlabsProfile.SSHEnabled = api.SSHEnabled
}
vlabsProfile.EnableAutomaticUpdates = api.EnableAutomaticUpdates
}

Expand Down
4 changes: 2 additions & 2 deletions pkg/api/converterfromapi_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -772,7 +772,7 @@ func TestConvertWindowsProfileToVlabs(t *testing.T) {
AdminPassword: "password",
EnableAutomaticUpdates: &falseVar,
ImageVersion: "17763.615.1907121548",
SSHEnabled: false,
SSHEnabled: &falseVar,
WindowsPublisher: "MicrosoftWindowsServer",
WindowsOffer: "WindowsServer",
WindowsSku: "2019-Datacenter-Core-smalldisk",
Expand All @@ -783,7 +783,7 @@ func TestConvertWindowsProfileToVlabs(t *testing.T) {
AdminPassword: "password",
EnableAutomaticUpdates: &falseVar,
ImageVersion: "17763.615.1907121548",
SSHEnabled: false,
SSHEnabled: &falseVar,
WindowsPublisher: "MicrosoftWindowsServer",
WindowsOffer: "WindowsServer",
WindowsSku: "2019-Datacenter-Core-smalldisk",
Expand Down
4 changes: 3 additions & 1 deletion pkg/api/convertertoapi.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -200,7 +200,9 @@ func convertVLabsWindowsProfile(vlabs *vlabs.WindowsProfile, api *WindowsProfile
convertVLabsKeyVaultSecrets(&s, secret)
api.Secrets = append(api.Secrets, *secret)
}
api.SSHEnabled = vlabs.SSHEnabled
if vlabs.SSHEnabled != nil {
api.SSHEnabled = vlabs.SSHEnabled
}
api.EnableAutomaticUpdates = vlabs.EnableAutomaticUpdates
}

Expand Down
4 changes: 2 additions & 2 deletions pkg/api/convertertoapi_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -894,7 +894,7 @@ func TestConvertVLabsWindowsProfile(t *testing.T) {
AdminPassword: "password",
EnableAutomaticUpdates: &falseVar,
ImageVersion: "17763.615.1907121548",
SSHEnabled: false,
SSHEnabled: &falseVar,
WindowsPublisher: "MicrosoftWindowsServer",
WindowsOffer: "WindowsServer",
WindowsSku: "2019-Datacenter-Core-smalldisk",
Expand All @@ -905,7 +905,7 @@ func TestConvertVLabsWindowsProfile(t *testing.T) {
AdminPassword: "password",
EnableAutomaticUpdates: &falseVar,
ImageVersion: "17763.615.1907121548",
SSHEnabled: false,
SSHEnabled: &falseVar,
WindowsPublisher: "MicrosoftWindowsServer",
WindowsOffer: "WindowsServer",
WindowsSku: "2019-Datacenter-Core-smalldisk",
Expand Down
4 changes: 4 additions & 0 deletions pkg/api/defaults.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -766,6 +766,10 @@ func (p *Properties) setAgentProfileDefaults(isUpgrade, isScale bool) {
func (p *Properties) setWindowsProfileDefaults(isUpgrade, isScale bool) {
windowsProfile := p.WindowsProfile
if !isUpgrade && !isScale {
if windowsProfile.SSHEnabled == nil {
windowsProfile.SSHEnabled = to.BoolPtr(DefaultWindowsSSHEnabled)
}

// This allows caller to use the latest ImageVersion and WindowsSku for adding a new Windows pool to an existing cluster.
// We must assure that same WindowsPublisher and WindowsOffer are used in an existing cluster.
if windowsProfile.WindowsPublisher == AKSWindowsServer2019OSImageConfig.ImagePublisher && windowsProfile.WindowsOffer == AKSWindowsServer2019OSImageConfig.ImageOffer {
Expand Down
35 changes: 18 additions & 17 deletions pkg/api/defaults_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2001,6 +2001,7 @@ func TestDistroDefaults(t *testing.T) {
}

func TestWindowsProfileDefaults(t *testing.T) {
trueVar := true

var tests = []struct {
name string // test case name
Expand All @@ -2022,7 +2023,7 @@ func TestWindowsProfileDefaults(t *testing.T) {
AdminPassword: "",
WindowsImageSourceURL: "",
WindowsDockerVersion: "",
SSHEnabled: false,
SSHEnabled: &trueVar,
},
false,
false,
Expand All @@ -2043,7 +2044,7 @@ func TestWindowsProfileDefaults(t *testing.T) {
AdminPassword: "",
WindowsImageSourceURL: "",
WindowsDockerVersion: "",
SSHEnabled: false,
SSHEnabled: &trueVar,
},
false,
false,
Expand All @@ -2065,7 +2066,7 @@ func TestWindowsProfileDefaults(t *testing.T) {
AdminPassword: "",
WindowsImageSourceURL: "",
WindowsDockerVersion: "",
SSHEnabled: false,
SSHEnabled: &trueVar,
},
false,
false,
Expand All @@ -2087,7 +2088,7 @@ func TestWindowsProfileDefaults(t *testing.T) {
AdminPassword: "",
WindowsImageSourceURL: "",
WindowsDockerVersion: "",
SSHEnabled: false,
SSHEnabled: &trueVar,
},
false,
false,
Expand All @@ -2108,7 +2109,7 @@ func TestWindowsProfileDefaults(t *testing.T) {
AdminPassword: "",
WindowsImageSourceURL: "",
WindowsDockerVersion: "",
SSHEnabled: false,
SSHEnabled: &trueVar,
},
false,
false,
Expand All @@ -2130,7 +2131,7 @@ func TestWindowsProfileDefaults(t *testing.T) {
AdminPassword: "",
WindowsImageSourceURL: "",
WindowsDockerVersion: "",
SSHEnabled: false,
SSHEnabled: &trueVar,
},
false,
false,
Expand All @@ -2152,7 +2153,7 @@ func TestWindowsProfileDefaults(t *testing.T) {
AdminPassword: "",
WindowsImageSourceURL: "",
WindowsDockerVersion: "",
SSHEnabled: false,
SSHEnabled: &trueVar,
},
false,
false,
Expand All @@ -2175,7 +2176,7 @@ func TestWindowsProfileDefaults(t *testing.T) {
AdminPassword: "",
WindowsImageSourceURL: "",
WindowsDockerVersion: "",
SSHEnabled: false,
SSHEnabled: &trueVar,
},
false,
false,
Expand All @@ -2197,7 +2198,7 @@ func TestWindowsProfileDefaults(t *testing.T) {
AdminPassword: "",
WindowsImageSourceURL: "",
WindowsDockerVersion: "",
SSHEnabled: false,
SSHEnabled: &trueVar,
},
false,
false,
Expand All @@ -2220,7 +2221,7 @@ func TestWindowsProfileDefaults(t *testing.T) {
AdminPassword: "",
WindowsImageSourceURL: "",
WindowsDockerVersion: "",
SSHEnabled: false,
SSHEnabled: &trueVar,
},
false,
false,
Expand All @@ -2243,7 +2244,7 @@ func TestWindowsProfileDefaults(t *testing.T) {
AdminPassword: "",
WindowsImageSourceURL: "",
WindowsDockerVersion: "",
SSHEnabled: false,
SSHEnabled: nil,
},
false,
true,
Expand All @@ -2266,7 +2267,7 @@ func TestWindowsProfileDefaults(t *testing.T) {
AdminPassword: "",
WindowsImageSourceURL: "",
WindowsDockerVersion: "",
SSHEnabled: false,
SSHEnabled: nil,
},
false,
true,
Expand All @@ -2289,7 +2290,7 @@ func TestWindowsProfileDefaults(t *testing.T) {
AdminPassword: "",
WindowsImageSourceURL: "",
WindowsDockerVersion: "",
SSHEnabled: false,
SSHEnabled: nil,
},
false,
true,
Expand All @@ -2312,7 +2313,7 @@ func TestWindowsProfileDefaults(t *testing.T) {
AdminPassword: "",
WindowsImageSourceURL: "",
WindowsDockerVersion: "",
SSHEnabled: false,
SSHEnabled: nil,
},
false,
true,
Expand All @@ -2335,7 +2336,7 @@ func TestWindowsProfileDefaults(t *testing.T) {
AdminPassword: "",
WindowsImageSourceURL: "",
WindowsDockerVersion: "",
SSHEnabled: false,
SSHEnabled: nil,
},
false,
true,
Expand All @@ -2358,7 +2359,7 @@ func TestWindowsProfileDefaults(t *testing.T) {
AdminPassword: "",
WindowsImageSourceURL: "",
WindowsDockerVersion: "",
SSHEnabled: false,
SSHEnabled: nil,
},
false,
true,
Expand All @@ -2381,7 +2382,7 @@ func TestWindowsProfileDefaults(t *testing.T) {
AdminPassword: "",
WindowsImageSourceURL: "",
WindowsDockerVersion: "",
SSHEnabled: false,
SSHEnabled: nil,
},
false,
false,
Expand Down
Loading

0 comments on commit b74f691

Please sign in to comment.