fix: Pipeline agent image update from 18.04 to 22.04 | AzSecPack

.pipelines/containers/manifest-template.yaml

@@ -19,9 +19,16 @@ steps:
     retryCountOnTaskFailure: 3
 
   - script: |
-      set -e
+      set -ex
+      echo "checking XDG_RUNTIME_DIR"
+      echo $XDG_RUNTIME_DIR
       make ${{ parameters.name }}-manifest-push
       mkdir -p $(Build.ArtifactStagingDirectory)/images
+
+      echo "setting XDG_RUNTIME_DIR"
+      export XDG_RUNTIME_DIR=/run/user/$(id -u)
+      echo $XDG_RUNTIME_DIR
+
       make ${{ parameters.name }}-skopeo-archive IMAGE_ARCHIVE_DIR=$(Build.ArtifactStagingDirectory)/images
     name: manifest_push
     displayName: Manifest Push

.pipelines/singletenancy/azure-cni-overlay/azure-cni-overlay-e2e-step-template.yaml

@@ -99,7 +99,7 @@ steps:
         make -C ./hack/aks azcfg AZCLI=az REGION=$(REGION_AKS_CLUSTER_TEST)
         kubectl get pods -owide -A
         echo "Validating Node Restart"
-        sudo CNI_TYPE=cniv2 RESTART_CASE=true go test -timeout 30m -tags load -run ^TestValidateState$
+        CNI_TYPE=cniv2 RESTART_CASE=true go test -timeout 30m -tags load -run ^TestValidateState$
     displayName: "Validate Node Restart"
     retryCountOnTaskFailure: 3
 
@@ -108,12 +108,12 @@ steps:
       kubectl get pod -owide -A
       echo "validate pod state before CNS restarts"
       cd test/integration/load
-      sudo CNI_TYPE=cniv2 go test -timeout 30m -tags load -run ^TestValidateState$
+      CNI_TYPE=cniv2 go test -timeout 30m -tags load -run ^TestValidateState$
       kubectl rollout restart ds azure-cns -n kube-system
       kubectl rollout status ds azure-cns -n kube-system
       kubectl get pod -owide -A
       echo "validate pods after CNS restart"
-      sudo CNI_TYPE=cniv2 go test -timeout 30m -tags load -run ^TestValidateState$
+      CNI_TYPE=cniv2 go test -timeout 30m -tags load -run ^TestValidateState$
     name: "restartCNS_ValidatePodState"
     displayName: "Restart CNS and validate pod state"
     retryCountOnTaskFailure: 3

.pipelines/singletenancy/dualstack-overlay/dualstackoverlay-e2e-step-template.yaml

@@ -56,16 +56,16 @@ steps:
       set -e
       cd test/integration/load
       echo "DualStack Overlay Linux control plane Node properties test"
-      sudo CNI_TYPE=dualstack go test -timeout 30m -tags load -run ^TestDualStackProperties$
+      CNI_TYPE=dualstack go test -timeout 30m -tags load -run ^TestDualStackProperties$
       echo "DualStack Overlay Linux control plane Load test"
-      sudo go test -timeout 30m -tags load -run ^TestLoad$
+      go test -timeout 30m -tags load -run ^TestLoad$
       echo "DualStack Overlay Linux control plane CNS validation test"
-      sudo CNI_TYPE=dualstack go test -timeout 30m -tags load -run ^TestValidateState$
+      CNI_TYPE=dualstack go test -timeout 30m -tags load -run ^TestValidateState$
       cd ../datapath
       echo "Dualstack Overlay Linux datapath IPv6 test"
-      sudo go test -count=1 datapath_linux_test.go -timeout 3m -tags connection -run ^TestDatapathLinux$ -tags=connection,integration -isDualStack=true
+      go test -count=1 datapath_linux_test.go -timeout 3m -tags connection -run ^TestDatapathLinux$ -tags=connection,integration -isDualStack=true
       echo "Dualstack Overlay Linux datapath IPv4 test"
-      sudo go test -count=1 datapath_linux_test.go -timeout 3m -tags connection -run ^TestDatapathLinux$ -tags=connection,integration
+      go test -count=1 datapath_linux_test.go -timeout 3m -tags connection -run ^TestDatapathLinux$ -tags=connection,integration
       echo "cleaning up load-test namespace"
       kubectl delete ns load-test
     retryCountOnTaskFailure: 3
@@ -100,7 +100,7 @@ steps:
         make -C ./hack/aks azcfg AZCLI=az REGION=$(REGION_DUALSTACKOVERLAY_CLUSTER_TEST)
         kubectl get pods -A
         echo "Validating Node Restart"
-        sudo CNI_TYPE=dualstack RESTART_CASE=true go test -timeout 30m -tags load -run ^TestValidateState$
+        CNI_TYPE=dualstack RESTART_CASE=true go test -timeout 30m -tags load -run ^TestValidateState$
     displayName: "Validate Node Restart"
     retryCountOnTaskFailure: 3
 
@@ -109,12 +109,12 @@ steps:
       kubectl get pod -owide -A
       echo "validate pod state before CNS restarts"
       cd test/integration/load
-      sudo CNI_TYPE=dualstack go test -timeout 30m -tags load -run ^TestValidateState$
+      CNI_TYPE=dualstack go test -timeout 30m -tags load -run ^TestValidateState$
       kubectl rollout restart ds azure-cns -n kube-system
       kubectl rollout status ds azure-cns -n kube-system
       kubectl get pod -owide -A
       echo "validate pods after CNS restarts"
-      sudo CNI_TYPE=dualstack go test -timeout 30m -tags load -run ^TestValidateState$
+      CNI_TYPE=dualstack go test -timeout 30m -tags load -run ^TestValidateState$
     name: "restartCNS_ValidatePodState"
     displayName: "Restart CNS and Validate Pod State"
     retryCountOnTaskFailure: 3

Makefile

@@ -499,7 +499,7 @@ manifest-push: # util target to push multiarch container manifest.
 	$(CONTAINER_BUILDER) manifest push --all $(IMAGE_REGISTRY)/$(IMAGE):$(TAG) docker://$(IMAGE_REGISTRY)/$(IMAGE):$(TAG)
 
 manifest-skopeo-archive: # util target to export tar archive of multiarch container manifest.
-	skopeo copy --all docker://$(IMAGE_REGISTRY)/$(IMAGE):$(TAG) oci-archive:$(IMAGE_ARCHIVE_DIR)/$(IMAGE)-$(TAG).tar
+	skopeo copy --all docker://$(IMAGE_REGISTRY)/$(IMAGE):$(TAG) oci-archive:$(IMAGE_ARCHIVE_DIR)/$(IMAGE)-$(TAG).tar --debug
 
 ## Build specific multiplat images.
 

network/network_linux.go

@@ -4,7 +4,6 @@
 package network
 
 import (
-	"errors"
 	"fmt"
 	"net"
 	"strconv"
@@ -16,6 +15,7 @@
 	"github.com/Azure/azure-container-networking/network/networkutils"
 	"github.com/Azure/azure-container-networking/ovsctl"
 	"github.com/Azure/azure-container-networking/platform"
+	"github.com/pkg/errors"
 	"go.uber.org/zap"
 	"golang.org/x/sys/unix"
 )
@@ -39,6 +39,8 @@
 	LocalIPKey = "localIP"
 	// InfraVnetIPKey key for infra vnet
 	InfraVnetIPKey = "infraVnetIP"
+	// Ubuntu Release Version for checking which command to use.
+	Ubuntu22 = "22.04"
 )
 
 const (
@@ -243,10 +245,69 @@
 	return false
 }
 
+func (nm *networkManager) systemVersion() (string, error) {
+	osVersion, err := nm.plClient.ExecuteCommand("lsb_release -rs")
+	if err != nil {
+		return osVersion, errors.Wrap(err, "error retrieving the system distribution version")
+	}
+	return osVersion, nil
+}
+
+func (nm *networkManager) addDomain(ifName, domain string) (string, error) {
+	osVersion, err := nm.systemVersion()
+	if err != nil {
+		return osVersion, err
+	}
+
+	var cmd string
+	switch {
+	case strings.HasPrefix(osVersion, Ubuntu22):
+		cmd = fmt.Sprintf("resolvectl domain %s %s", ifName, domain)
+	default:
+		cmd = fmt.Sprintf("systemd-resolve --interface %s --set-domain %s", ifName, domain)
+	}
+	return cmd, nil
+}
+
+func (nm *networkManager) addDNSServers(ifName string, dnsServers []string) (string, error) {
+	osVersion, err := nm.systemVersion()
+	if err != nil {
+		return osVersion, err
+	}
+
+	var cmd string
+	switch {
+	case strings.HasPrefix(osVersion, Ubuntu22):
+		cmd = fmt.Sprintf("resolvectl dns %s %s", ifName, strings.Join(dnsServers, " "))
+	default:
+		cmd = fmt.Sprintf("systemd-resolve --interface %s %s", ifName, strings.Join(dnsServers, "--set-dns "))
+	}
+	return cmd, nil
+}
+
+func (nm *networkManager) ifNameStatus(ifName string) (string, error) {
+	osVersion, err := nm.systemVersion()
+	if err != nil {
+		return osVersion, err
+	}
+	var cmd string
+	switch {
+	case strings.HasPrefix(osVersion, Ubuntu22):
+		cmd = fmt.Sprintf("resolvectl status %s", ifName)
+	default:
+		cmd = fmt.Sprintf("systemd-resolve --status %s", ifName)
+	}
+	return cmd, nil
+}
+
 func (nm *networkManager) readDNSInfo(ifName string) (DNSInfo, error) {
 	var dnsInfo DNSInfo
 
-	cmd := fmt.Sprintf("systemd-resolve --status %s", ifName)
+	cmd, err := nm.ifNameStatus(ifName)
+	if err != nil {
+		return dnsInfo, err
+	}
+
 	out, err := nm.plClient.ExecuteCommand(cmd)
 	if err != nil {
 		return dnsInfo, err
@@ -333,7 +394,8 @@
 
 func (nm *networkManager) applyDNSConfig(extIf *externalInterface, ifName string) error {
 	var (
-		setDnsList string
+		setDNSList []string
+		cmd        string
 		err        error
 	)
 
@@ -344,21 +406,31 @@
 				continue
 			}
 
-			buf := fmt.Sprintf("--set-dns=%s", server)
-			setDnsList = setDnsList + " " + buf
+			setDNSList = append(setDNSList, server)
 		}
 
-		if setDnsList != "" {
-			cmd := fmt.Sprintf("systemd-resolve --interface=%s%s", ifName, setDnsList)
+		if len(setDNSList) > 0 {
+			cmd, err = nm.addDNSServers(ifName, setDNSList)
+			if err != nil {
+				return err
+			}
+
 			_, err = nm.plClient.ExecuteCommand(cmd)
 			if err != nil {
 				return err
 			}
 		}
 
 		if extIf.DNSInfo.Suffix != "" {
-			cmd := fmt.Sprintf("systemd-resolve --interface=%s --set-domain=%s", ifName, extIf.DNSInfo.Suffix)
+			cmd, err = nm.addDomain(ifName, extIf.DNSInfo.Suffix)
+			if err != nil {
+				return err
+			}
+
 			_, err = nm.plClient.ExecuteCommand(cmd)
+			if err != nil {
+				return err
+			}
 		}
 
 	}