From cb61127e6096c4662809bf05c3b8e7d389871e04 Mon Sep 17 00:00:00 2001 From: Ben Broderick Phillips Date: Thu, 3 Oct 2024 16:35:35 -0400 Subject: [PATCH] Run yum update in stress images. Remove account key from bicep (#9093) * Run yum update in stress images * Change storage account key lookup in stress bicep template --- .../cluster/azure/cluster/storage.bicep | 1 - tools/stress-cluster/cluster/azure/main.bicep | 12 ++++++++++-- .../images/test-resource-deployer/Dockerfile | 2 ++ .../services/Stress.Watcher/Dockerfile | 2 ++ 4 files changed, 14 insertions(+), 3 deletions(-) diff --git a/tools/stress-cluster/cluster/azure/cluster/storage.bicep b/tools/stress-cluster/cluster/azure/cluster/storage.bicep index afcc36ed8ae..c9d2eeb497b 100644 --- a/tools/stress-cluster/cluster/azure/cluster/storage.bicep +++ b/tools/stress-cluster/cluster/azure/cluster/storage.bicep @@ -17,5 +17,4 @@ resource fileshare 'Microsoft.Storage/storageAccounts/fileServices/shares@2021-0 } output name string = storage.name -output key string = storage.listKeys().keys[0].value output fileShareName string = fileShareName diff --git a/tools/stress-cluster/cluster/azure/main.bicep b/tools/stress-cluster/cluster/azure/main.bicep index dbd933f19ce..e4397384116 100644 --- a/tools/stress-cluster/cluster/azure/main.bicep +++ b/tools/stress-cluster/cluster/azure/main.bicep @@ -98,16 +98,24 @@ module containerRegistry 'cluster/acr.bicep' = { } } +var storageName = 'stressdebug${resourceSuffix}' + module storage 'cluster/storage.bicep' = { name: 'storage' scope: group params: { - storageName: 'stressdebug${resourceSuffix}' + storageName: storageName fileShareName: 'stressfiles${resourceSuffix}' location: clusterLocation } } +// Get storage account reference for key lookup (avoid key as secret output from storage module) +resource storageAccount 'Microsoft.Storage/storageAccounts@2019-06-01' existing = { + name: storageName + scope: group +} + var appInsightsInstrumentationKeySecretName = 'appInsightsInstrumentationKey-${resourceSuffix}' // Value is in dotenv format as it will be appended to stress test container dotenv files var appInsightsInstrumentationKeySecretValue = 'APPINSIGHTS_INSTRUMENTATIONKEY=${appInsights.outputs.instrumentationKey}\n' @@ -120,9 +128,9 @@ var appInsightsConnectionStringSecretValue = 'APPLICATIONINSIGHTS_CONNECTION_STR // See https://docs.microsoft.com/azure/aks/azure-files-volume#create-a-kubernetes-secret // See https://docs.microsoft.com/azure/aks/azure-files-csi var debugStorageKeySecretName = 'debugStorageKey-${resourceSuffix}' -var debugStorageKeySecretValue = storage.outputs.key var debugStorageAccountSecretName = 'debugStorageAccount-${resourceSuffix}' var debugStorageAccountSecretValue = storage.outputs.name +var debugStorageKeySecretValue = '${storageAccount.listKeys().keys[0].value}' module keyvault 'cluster/keyvault.bicep' = { name: 'keyvault' diff --git a/tools/stress-cluster/cluster/kubernetes/stress-test-addons/images/test-resource-deployer/Dockerfile b/tools/stress-cluster/cluster/kubernetes/stress-test-addons/images/test-resource-deployer/Dockerfile index 542264b9d7f..fdef974caf8 100644 --- a/tools/stress-cluster/cluster/kubernetes/stress-test-addons/images/test-resource-deployer/Dockerfile +++ b/tools/stress-cluster/cluster/kubernetes/stress-test-addons/images/test-resource-deployer/Dockerfile @@ -1,5 +1,7 @@ FROM mcr.microsoft.com/azure-powershell:mariner-2 +RUN yum update -y + RUN curl -LO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl" RUN install -o root -g root -m 0755 kubectl /usr/local/bin/kubectl RUN kubectl version --client diff --git a/tools/stress-cluster/services/Stress.Watcher/Dockerfile b/tools/stress-cluster/services/Stress.Watcher/Dockerfile index 5418963f176..f4523a09f37 100644 --- a/tools/stress-cluster/services/Stress.Watcher/Dockerfile +++ b/tools/stress-cluster/services/Stress.Watcher/Dockerfile @@ -1,5 +1,7 @@ FROM mcr.microsoft.com/dotnet/sdk:8.0-cbl-mariner2.0 AS build +RUN yum update -y + COPY ./src /src RUN cd /src && dotnet publish -c Release -o /stresswatcher -r linux-x64 -f net8.0 -p:PublishSingleFile=true --self-contained