CustomData

<#
    .SYNOPSIS
        Provisions VM as a Kubernetes agent.

    .DESCRIPTION
        Provisions VM as a Kubernetes agent.

        The parameters passed in are required, and will vary per-deployment.

        Notes on modifying this file:
        - This file extension is PS1, but it is actually used as a template from pkg/engine/template_generator.go
        - All of the lines that have braces in them will be modified. Please do not change them here, change them in the Go sources
        - Single quotes are forbidden, they are reserved to delineate the different members for the ARM template concat() call
        - windowscsehelper.ps1 contains basic util functions. It will be compressed to a zip file and then be converted to base64 encoding
          string and stored in $zippedFiles. Reason: This script is a template and has some limitations.
        - All other scripts will be packaged and published in a single package. It will be downloaded in provisioning VM.
          Reason: CustomData has length limitation 87380.
        - ProvisioningScriptsPackage contains scripts to start kubelet, kubeproxy, etc. The source is https://github.com/Azure/aks-engine/tree/master/staging/provisioning/windows
#>
[CmdletBinding(DefaultParameterSetName="Standard")]
param(
    [parameter(Mandatory=$true)]
    [ValidateNotNullOrEmpty()]
    $AgentKey,

    [parameter(Mandatory=$true)]
    [ValidateNotNullOrEmpty()]
    $AADClientSecret, # base64

    # C:\AzureData\provision.complete
    # MUST keep generating this file when CSE is done and do not change the name
    #  - It is used to avoid running CSE multiple times
    #  - Some customers use this file to check if CSE is done
    [parameter(Mandatory=$true)]
    [ValidateNotNullOrEmpty()]
    $CSEResultFilePath
)

# In an ideal world, all these values would be passed to this script in parameters. However, we don't live in an ideal world.
# https://learn.microsoft.com/en-gb/troubleshoot/windows-client/shell-experience/command-line-string-limitation

$MasterIP = "uttestdom-dns-5d7c849e.hcp.southcentralus.azmk8s.io"
$KubeDnsServiceIp="10.0.0.10"
$MasterFQDNPrefix="uttestdom"
$Location="southcentralus"

$UserAssignedClientID="userAssignedID"

$TargetEnvironment="AzurePublicCloud"
$AADClientId="msi"
$NetworkAPIVersion="2018-08-01"

# Do not parse the start time from $LogFile to simplify the logic
$StartTime=Get-Date
$global:ExitCode=0
$global:ErrorMessage=""

# These globals will not change between nodes in the same cluster, so they are not
# passed as powershell parameters

## SSH public keys to add to authorized_keys
$global:SSHKeys = @( "testsshkey" )

## Certificates generated by aks-engine
$global:CACertificate = ""
$global:AgentCertificate = ""

## Download sources provided by aks-engine
$global:KubeBinariesPackageSASURL = ""
$global:WindowsKubeBinariesURL = ""
$global:KubeBinariesVersion = "1.19.0"
$global:ContainerdUrl = "https://k8swin.blob.core.windows.net/k8s-windows/containerd/containerplat-aks-test-0.0.8.zip"
$global:ContainerdSdnPluginUrl = ""

## Docker Version
$global:DockerVersion = "20.10.9"

## ContainerD Usage
$global:DefaultContainerdWindowsSandboxIsolation = "process"
$global:ContainerdWindowsRuntimeHandlers = ""

## VM configuration passed by Azure
$global:WindowsTelemetryGUID = "fb801154-36b9-41bc-89c2-f4d4f05472b0"

$global:TenantId = "tenantID"

$global:SubscriptionId = "subID"
$global:ResourceGroup = "resourceGroupName"
$global:VmType = "vmss"
$global:SubnetName = "aks-subnet"
# NOTE: MasterSubnet is still referenced by `kubeletstart.ps1` and `windowsnodereset.ps1`
# for case of Kubenet
$global:MasterSubnet = ""
$global:SecurityGroupName = "aks-agentpool-36873793-nsg"
$global:VNetName = "aks-vnet-36873793"
$global:RouteTableName = "aks-agentpool-36873793-routetable"
$global:PrimaryAvailabilitySetName = ""
$global:PrimaryScaleSetName = "akswpool2"

$global:KubeClusterCIDR = "10.240.0.0/16"
$global:KubeServiceCIDR = "10.0.0.0/16"
$global:VNetCIDR = "10.0.0.0/8"

$global:KubeletNodeLabels = "agentpool=wpool2,kubernetes.azure.com/agentpool=wpool2,kubernetes.azure.com/node-image-version=AKSWindows-2019-17763.1577.201111"

$global:KubeletConfigArgs = @( "--address=0.0.0.0", "--anonymous-auth=false", "--authentication-token-webhook=true", "--authorization-mode=Webhook", "--azure-container-registry-config=c:\k\azure.json", "--cgroups-per-qos=false", "--client-ca-file=c:\k\ca.crt", "--cloud-config=c:\k\azure.json", "--cloud-provider=azure", "--cluster-dns=10.0.0.10", "--cluster-domain=cluster.local", "--enforce-node-allocatable=", "--event-qps=0", "--eviction-hard=", "--feature-gates=DynamicKubeletConfig=false,RotateKubeletServerCertificate=true", "--hairpin-mode=promiscuous-bridge", "--image-gc-high-threshold=85", "--image-gc-low-threshold=80", "--kube-reserved=cpu=100m,memory=1843Mi", "--kubeconfig=c:\k\config", "--max-pods=30", "--network-plugin=cni", "--node-status-update-frequency=10s", "--pod-infra-container-image=mcr.microsoft.com/oss/kubernetes/pause:3.9", "--pod-max-pids=-1", "--read-only-port=0", "--resolv-conf=""", "--rotate-certificates=false", "--streaming-connection-idle-timeout=4h", "--system-reserved=memory=2Gi", "--tls-cipher-suites=TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_RSA_WITH_AES_256_GCM_SHA384,TLS_RSA_WITH_AES_128_GCM_SHA256" )
$global:KubeproxyConfigArgs = @( "--metrics-bind-address=0.0.0.0:10249" )

$global:KubeproxyFeatureGates = @( "WinDSR=true", "WinOverlay=false" )

$global:UseManagedIdentityExtension = "true"
$global:UseInstanceMetadata = "true"

$global:LoadBalancerSku = "Standard"
$global:ExcludeMasterFromStandardLB = "true"

$global:PrivateEgressProxyAddress = ""

# Windows defaults, not changed by aks-engine
$global:CacheDir = "c:\akse-cache"
$global:KubeDir = "c:\k"
$global:HNSModule = [Io.path]::Combine("$global:KubeDir", "hns.v2.psm1")

$global:KubeDnsSearchPath = "svc.cluster.local"

$global:CNIPath = [Io.path]::Combine("$global:KubeDir", "cni")
$global:NetworkMode = "L2Bridge"
$global:CNIConfig = [Io.path]::Combine($global:CNIPath, "config", "`$global:NetworkMode.conf")
$global:CNIConfigPath = [Io.path]::Combine("$global:CNIPath", "config")


$global:AzureCNIDir = [Io.path]::Combine("$global:KubeDir", "azurecni")
$global:AzureCNIBinDir = [Io.path]::Combine("$global:AzureCNIDir", "bin")
$global:AzureCNIConfDir = [Io.path]::Combine("$global:AzureCNIDir", "netconf")

# Azure cni configuration
# $global:NetworkPolicy = "" # BUG: unused
$global:NetworkPlugin = "azure"
$global:VNetCNIPluginsURL = "https://acs-mirror.azureedge.net/azure-cni/v1.1.3/binaries/azure-vnet-cni-singletenancy-windows-amd64-v1.1.3.zip"
$global:IsDualStackEnabled = $false
$global:IsAzureCNIOverlayEnabled = $false
$global:CiliumDataplaneEnabled = $false
$global:IsIMDSRestrictionEnabled = $false

# Kubelet credential provider
$global:CredentialProviderURL = ""

# CSI Proxy settings
$global:EnableCsiProxy = [System.Convert]::ToBoolean("false");
$global:CsiProxyUrl = "";

# Hosts Config Agent settings
$global:EnableHostsConfigAgent = [System.Convert]::ToBoolean("false");

# These scripts are used by cse
$global:CSEScriptsPackageUrl = "";

# The windows nvidia gpu driver related url is used by windows cse
$global:GpuDriverURL = "";

# PauseImage
$global:WindowsPauseImageURL = "mcr.microsoft.com/oss/kubernetes/pause:1.4.0";
$global:AlwaysPullWindowsPauseImage = [System.Convert]::ToBoolean("false");

# Calico
$global:WindowsCalicoPackageURL = "";

## GPU install
$global:ConfigGPUDriverIfNeeded = [System.Convert]::ToBoolean("true");

# GMSA
$global:WindowsGmsaPackageUrl = "";

# TLS Bootstrap Token
$global:TLSBootstrapToken = ""

# Disable OutBoundNAT in Azure CNI configuration
$global:IsDisableWindowsOutboundNat = [System.Convert]::ToBoolean("false");

# Base64 representation of ZIP archive
$zippedFiles = "UEsDBBQACAAIAAAAAAAAAAAAAAAAAAAAAAAcAAAAd2luZG93cy93aW5kb3dzY3NlaGVscGVyLnBzMdR8e3PbOPLg//oUOFn3i30TKrYTOzOa4t4wEu1wLFE6krKTjVMamIQkrClCS4B2PJl89ysAfIAUSSu5uV/VprZmbbJfaDT6haYPgLfGFFA/xlsGMAUJRQFgBARoiSME7iDFPkgYDsEyiXyGSUQ7B8ASsHeIMRQr0DkIwBFga5TSpSCJAhQDyuAKR6tXPkWvHnEUkEfa73QOwEhiwzAE6AtmwCcBEiRuJBAYuqZkukkoAxvI/DX445Oh/XPx+ac/Or1VSO5gOLix7NH0xl0MXXPhzodD03X149q3puNMncXcvrKnN7Z+Ag7ABYlBEqEvW+QzFAAUxyQGPkxWawbunsRafMH2LiT+PZftPrlDcYQYoulSKGLJtr+lJy0sR9Mbezw1RosLa2wubizv/cIxPeejftqCZNnX0ytzYX4wh3PPeDc29dct0IKyPfUW5gfL9fQ3LaDD9+bwamHMrIVrOtemsxhObdsceta15X3Uz1owZ8bcNRfWxLhUeZ23YFya3sKdv7NNbzFzzAvrg/62Fdo2HcMzF970yrQXF1NnYTgT/ecWFNv0bqbO1cKyPdO5MIamq0j2yx6IxsiYeaajYJ20Wc/EsI1Lc2La3sKaqUht+z80xtZwKtRtDc2FMRxO57anYrcZwnBqe4Zlm85IYFi26xnjsTnST9oMooLlzG3bsi/1kzbLmM5M23XfV9m0mUSGcmE55o0xHgvc4dS+sC7nDkdusw7LvjbG1mgxMxxjYvJdsOyF8c+5Y6Yk9JM2c7Gni9F0eGU6C2+6eDe3xqPUQvO16ydttsONc2gshqbjWRfW0PBMVz9ps5n8HFexTttMxpzMvI+7KG0GY9r8wC9cc8h14Y1d/bTNQi4nrrEwP8wMe7QwnOF769rUT9uMQyJIJrPpjem4783xeDFzrGtrbF6a+mmbmQhs1/QWjnlpuZ7zcTEznYnlutbU1k/brGUX89oYz7k2Wp0Ix7Ims6njLYbDS/PatD1XP231JGUU4+p6NhvPLy07Q271KVNvcTGd26PyaddPW/1JjiQt0Z5P3pmO/rrNMgqcmTO9trj+LPty4Q4da+a5+us2E3E9w+EuZGQuHJOrVGItPMO90l+3WUthxa65mBnDK+PS1F+3mUuOcTV/Zzq26ZlugdhmKQUr2yow2iwkx3hvu4vJdDTnca/NOJQzKZxszqXNPHIkYSc5SptRKFqz+HZ9+Fjg7eczCoecIb5pMw6+p95wthh9tI2JNVwIW3YMm+O1GYY0v9QxVv3hmzbDmM25DyhivP6mzSgkH8+4LKO0Zh6FCt5ZtuF8zLKVNovI9GB+GI7nI7OkhzbD4HjzUb3+2mwjw6vj1+41FsO5600ni5HhGXyB+ptfwAFwEEtinhdjmiWYJEA8l/Qp8jcBzx3B4xpFYDi4Nf5MYjSCDN4OE8rIhv/Yv8MRCAiiICKMp8qUPSOGK3zCfOwtxtNL/ez4/0EK13QQTULWD8lqfyGG09lHznsxnI7HPLWc2rlXO2szXsd0rX+ai6m7GDk8ip21hr3ZXII5WbZiCE4XhsXzlrPWCNiA61kTczr39LPWANiAfD1ZCPG5X3fnM245XI7WiNhAau7IVMo1Pf2sNTjO5gv3ar6w7ItpEVD0s9bo2MC0qFMMazx3TP2sNX1SqchEzrUubcMTmG0+sYm/+WFozvhP+nmbZ3xOZ+YHUz9vs7L5bGR4PNLyeLYYjueuJ8sgnnKet5qcmcZca3Z9znOC81YjMz3V512bjkiRzttsK13RYuiYI9P2LGMsk4OR6QAdnJ+Bg6JaBksSAxxRBsMQRyvgxyhAEcMwBNuYPOAAxXtFJs5qVOaln5/vcArIYxQSGDSwAkuIwyRGbX5hd1G52t/u8PPXyL9vYuaTaIlXe/A0Rr/PXW8xMy5NUSTzE6qftxn2eDq9ms/kTthDU/pzz7jUz3/ZkTEkRIiYbEFEArQlJHx1PQEMrih4wBBYk5HbOQC7TCbGh8VwOjIBpoBE4ZNsweAIJBFmgCHKKGAEPKAYL5+4Z2ZrFIMIParuO4IbxAnAIJDI2aJMDjMkAbLhBtHOAZiFCFLEmciuRhLHKGLgAYYJAmTZJiCkAiUH5b9U5IAR5+7HaMOJYtE8aTuAGW397XGnEA4GQZVw1ez46y307+FKtoqcmYRjhHTq1w508NthBwAAuqocaaeo+3L3VeojZJuoGaCpqdOMsdPRaQYtt3Oa4Vp7Oc1otY2cZvCdLk4baF0Lpxm+rX/zPNZO86YZpaFx06LaZ5o2LZgNDZu9MdJmTTN8baPmefCGJk2rxbY3aFq26NnmTLu9Vfole5zDvTFqGzIt4NVmTIvgu42Y54CbmzDPYDY0YL4HSzZfnsGoNl72Bq82Xdpspbbhsg+C2mzZB76u0dKM19Zk2cciiwbLHtC7zZU9kJTGyh7QRVNlD+ByQ2UPBLWZsgf4TiNlH5ydJkrL5jU2UJpx2ponzVjVxslz9CtNk73igtoweX7Nu82Ldpz6RsnzON/DZ7dB0g5b6mK06aix19CMVOkztPi01h7D9+Ol/YXvR6ztLXw/GaWv0I6821P4fmbVfsKeFCq9hD2x6voI34+q9BCakdv6By0sK72DdsjdvkEzfEvPYB+fWlP+txy3xhK+GaeuBG+Gbiq/u50jXix6a5SVgCAgG4gjXiffido2yIvAmYQYpbXjxb+DCOigFyVhmNGI0RLFMQpyahf/Z2QXBLLX9ZS6WRXah/e0D/9MYtT3yabbOQAXMAzvoH8v6AG8VDj5MIoI48L6JGLQZ4rEGVoDP+hTbYN5aSu5oWCF+hFiXa4Te+qZA3CVzyZco5hionSNBTscge5DN2c4wRHewHAH6waz9RgyRNlQYqE44BKc9E9/7h93wQG4wWEI/DWMVogX+4zIngKJY+Qz8JAyF93kRwRost2SmInaPRvt8AvKKXi6KxsuVLJR5ixyeoyI9oWCetr/8kOrOZXLeX3aP+YbZoRsTZLVOl1FxDAU5DO7SOIQYAooYgBHwLhy87ZDRB5fiiUyrpEIySGaZBtAJvssSxKG5BFHK/AAYwzvQkRFT8NYoYi9g/cozlVinpqy7dPP1+QyjlHInZoGl/7hpH/ef32mScs7eXWHIxhjRF8V6tEqMFo6saLBTXD+ps9g3F/92U31HgoV1e1LJkxViWVh3vZPj58TRoX5TmFO+1+y7WgU6FSV6LR/3H/TLlAJpEGeoqn0gCJGx2S1wtFqhGPOZDi4TTdPXJjcjsmK3s7CZIUjejvBfkwoWbL+kGy2CUN9eaPjitko8wtDEVfvrSR8WxxLD9J7G27EMspPPbxBLoObrXzVSae4ljhkKAYx2pAHftwTeThj7l5iCg5vj4/A4xr7awBjBHy4ZUksu4URpZs++oIASdg2YfLEhmS14na8jsWZ2JJHFNM1CsNOysgRjOwkDCn4CnoLoMVoG0IfgRe3xy9eghcvwLdOBsxlpkLmr6DbO7xETBvxw6FdkHgDGSBHA9BbdAVGOkYGbmLMkDYmq8PeBlEKV+gIfBXRorehK+7G08fgr4K+eC8xp3I1HLjzrSCbe1QcoukDit8ztk3pzmAMN7JLyP99Er8jhuLDCYwCyEj8xNmyOEFHnz9RFuNo9TkH783j8OUPI48QZTiCXMQZZOu9CeGIKVTML5gNSYDEk6OO+L8DcIFjfo7WyL/njokixOMR5CaDwCNm0uVRbm15KzmMEQyegA/9NQoAkRN91+9HcgP8EMFoHodckHkc9t1tiNnhi//94ujTsRSnx4mnBvzJmvb5oj4PBpeIXaQvDnMqqaA9imDsr0Wr9kg8wUtwmJn+kEvCj5wGowAceogyjRMFVYCjzEzKNLkQI8xDE4mfCknoDoOXhewvBZYrSEy3fG8+DwZGGGZ0MKJS0G+dQl7JsT8kScSAFiFwrAqUWzXozqm41ZAazsIbWSqq08CQbJ84lNiqZUw2oJdx+HT8+YhvZ9V0ujkvjqxZDG1AqqkcEWgK0g4FcSx9lK6M/xeFFJW16icxmsWEEZ+EVNky8RpHdQCf3CfK0KZvI9Z3+XvMnjII72mLPg8GEmKEljAJ2UuwDwYNX6f2w/8tSYygvwaHvW0Kxz1cRseMko3c+msYJog+L1LJmEC2xbvr0yLC0qhCQc67ilyru5/0AqEE/a2z+1NZ4PgB+2hGcMQmMIIrFHOFVJbBj2iFZaGu3gRutyiQJ3kuEhbtHaSIP9CsCDMMQ/4zP+S1JixQAjB3xgIGaP9QaTKSX9soVl1rs4VIJAxmMVnFiFKZfaPI516kt/u0QKrFeOHiEEUsfOLZAY4S9EJhkwnGQweP45lmRxiuIkIZ9mnfZWT7CJnPPZfLYMxs9KjYOYufKhvcg/FKGPvXeYz1QhO/ggliaxLo3UvEur+CaSKcj17Vw7cSNQex+Ekbks2Gu7z8h64VPZB7pDmIMkm2CzSDM5bsNY6HEQVn8senEQrhk4t8EgUUnBwXZpWONZfX4CKmZXEEFD/1lGe8/pikwbd7AXEoEwn1iq5Yex8IeBHgayy6vBFC5YfKgVZDgLHdWhHFqzWjwxCj1L2Kaq560nqIJ1RABzZ61KZ3/+IVSbdIxoztNsS+UHtGsT+CDHJD4RkT7YuEzEMh2nANdmuI97P0jO9kllXUAs5iskUxw4h+6mbRr/uZm3R2JuqwJnwXffqpO0piIemESqSywswQbikKJjgMMZV7XKbWpLy+F0P/XqzzULI8UrbnmaNVf0rrXESmGRTIIFZ2D/XB61tHTQRVg+zsnanp7RlSe4KlN+Zpqu2Lp1JpyoJdxEB+VvgS81/44UVfMCtOhEpNLj2vNFIkvZzTHfA6k9e/f2UX8hRtYcyF5g8geCTxPYxJEgWAYr5XXUBi8AIERHQA+GsOmH/ssEWxIMPEPqxoWQhFPP2wJK2a7v/F0/3/+Xb4QupCjEYUYqtbOSOUbUkkfReMWVoUxem28tJJ84gmjBJoeQ3UNa7cflpkDV2zn5GpUOlKlNwzCZfNt8CPEa82YAQ4b4Z5EIJUJMOxJCHT20m6B1BKK72Hy/OzJEQBp23IN5r5BfkJQ6BbFEa8hJKOOBHzD93CY//RTSXVMlHTFOuPbspxG+PIx1sY1jGd5S+1OUWxFQD3o+uZE8ANjkQ8UQFpMmD4vsw7nSQaowcUgvd4tUaUpdbDYrxaiS3HVOqAZOe2l72TEvxO7rz0gWYwAPKi7ahvBEEaTQ5Pzo6440TcFwFtmtMS3wThJi0CLdVjpmmtWKKiCi0TIBeNp62icuZImVKBnykVLvl/xXAQT6Z5HFL31UErTBmKq8IUdpZag+YXFmVF24SlEURZVvXUD4WJBXvZmHoiJJ6WVyY/4OB2fNRFEobPF5F6bwlDWl+MZtLMadpJWaEIxTAE2yTeEpr6qqOi6tFswkpFWSbDUUPxI9cNgoxTgSE6YxURirDKbUmWNPy/wvRzUFDhDf6RtnqBSHYqRYwao/aTQg68UiVGHYA1Y1s6ePWKMujfkwcUL0Py2PfJ5hV89frN2dkvZ2dvXp3/8vbk9LzYdL4ID222JIbxU8E87W5sYSxzlywlLZXPHI//luah2eaBXpQW2ynSZYKDz4OBjR75Tyn0Hto7/J3gKFVkKokgfVQy23JqurfNKo2LaxhiXjzYhNlJGE5jc7NlT4d15piy2bsn0kx6DeladFMV6jxz/htIl9OMNAX//0K3lM+rB5Gb7GEPAx0c/wp+BerJ2y1VDsBIpgQhWQFRPch8Qfy4gU/5ZQFFEcUMPyAQQAZLNJQjJAQDPQwGoOfL/SrnwrEcPf+vfDvBb5xVDlNUBHVFSQ//9FPpgazDgbZCubLrqm22jskj6C1KL8pVlsgSNDdEaNuk3wKpnJmmhZhMBrhZ7X8SWjLMnNpz/rtE4dPnsk2PMWV7Eng2Q8YRK5MPQ/KIggxStneOj8oYu6eBG2YrTLlS1cFJo3XzrQ+Lrf9VGEhDqOGwwEkikQ8o6s3VBPr9fmGs/1ULk78Whjc2XM/8YHliMlaLCMPRrlaq9qiKpHCQBwMFIIlo4vuI0mUShk+yMVuMGZd4dhstWMu012LK/J+ftkRqzl8lToI9RFcFrzv2O6dI/N/3dhrML2uYUJ5lxalBiSBds1vlHMugFMVM46W3KSL4/se0rWXP6fHIuLeTf75XX59KpXxKqdT36i6nUvl8p67g5pl+Wm29S3AY2MnmDsUp89SPi3KAJxFpc+MJdN9fjSeDW3d64d0YjllcfWXXY8D2body4jy9le0e9dMHgk+TENk9dpof3Sky6Q3CCkj6iJnoBSsYqg67J2/fnr/ugq/ZoronPx//0lWOQvf0+PWbn1WIkFH/9Pj0tAx19vqXEtTp6/cViPOT42MVgtfbp8enZypU2vfesx/XOFZfPxbZ0LZjBCxxFIjaJL38BEJdIBL6GpT0XW3gNdrNDCYU/eftWz1Ude/qoP7T986S3w9pxUW6uAgItGmkFdMUmrqlivv8DtfZKzjkF6bfhW5b73A0wvEPoQ5JtPwhXK6DH0YsjaJ0Um9/wI9A6TOczE+md4EvZZeG/y9iKMabNEN/ROIKf5u2X/EDCp+y8Rpxo6gOTByLGAnDsEq9L15E5FF+d5T5ow4Avcey29VrfHGnlBOkxgOUSSGRvShb7YwH1a3fnVQa1KjrJShzHlTl64LO/p3DVNJCEGHk02iHbWMvEVfXOgJ3nAYgUc24Uh+U1jwobqufV0UKyV+9SydXqjoBjUqRFmbJe/stpOxlPWtx2Q944iYu8dQbu5oprXT4pi+Im1/gZhuiAehmTZCm6TRl4Cb72z+vHo77x/035/VDOfJdwzQO5+2RfKBsk4QMb0NUM7VExViWsG+anjUUBVuCI6Z+JldSyN+xNinjjcJ6V4dtViNHcOr3C/HkXpyu7qsuoESZrRsItgCc9EGaVoE7tIYPmMRy7kOqINvsFPq0z8NU1XNkUoq5ytUqlB/hiYGstAcISAzWhC3xl05aFZX1aEYBvcFsfdh91c1T155fnRzTnxlzk1HrAAzF+Ape8vWu4QPKzdNF8QOKAXde4JDntWS5xD6GIXhCTNy5rMWlFV+6ezV/CSAFZMtXICJoDi2S4xDfI8CzN3AkUK929+YfOjjpv37dl/eoYuEVh6mhf6sJnhxY+ZTif951cUdiOAzGyCMK2I9MNB6Jhkhp4GRX4zxSPTM8JxMEUQnyBf63CL+X7Pozc4idIr8pNacoCR9QUDFweL9C2bYOaph1axIWrrzyg59qMDtSiB+OSt8RfXYjTOl3vobd3A5o5TVUlqTlSZaSb4mnaf6k5lJAS3OjPEkqJZZlHfwthXemx70L71oKu5e48hZcXJvpXStaitlETCIYdouzXrmf3Z3wKlEReXtWYytMaDYHoH/Krs+myyVF7PNgMGe+TR77HplH+At/o97tp438Xpoz8td6zUBl9+np6UmbTLQgAO/fDzabAaX95XLZzWbtQkhZeca09DibOQA6ON5Ze3kKlSug2y1poEK8OtO6C6iw6x2K2xG8QXQLI6BJ029gbUZBSRWlabyaUdpeSYSmqVqVYqfqS3aoaiVzSvWonl4dHCJ/TcoP/+LH9gHFzCPa75RE6bamI638CdDBb5KaUvm+J5SJ8ZEB6PZQ9DDIbip59OoWB6I7VrZAAKt7UgeYbUEJOH+oIKSphbrmwe6J+tbp/la3pFQV6sNdVUjEf1ESueLk1qoin/kVEtdtpSr1dIvkUqxAhVcfK9BZFj0A3ZP+ybH6qqTUii2ocGbuBeReFb8qQIoCFY2UFSgVpijjL9FW4B5bXM59bZhN/9b7WnY13/qciLy2NK5c8IjDELAYiuud4suK+k9asnGTIO1zFN/epNVCU37cOeA57u9JhMDJCVu/FIlaH4DfE55KxmluKkZQClEeEXiEkYh4ItdbZh/ThGSFfZ6UytkTRjoHAEU0iXl+B5n4zqZefiybnmI8VPSKHxHwYVSQTqUgYQCGI1skyAf5cH0WzShiUg9S6fn3HLkvqftuJ6VcfAAkPjESf9NU7AFkDG22LNuAXViwFBPc4u9rLOVClxCHFOCUQtsilDtbkQVpqYi0JOPfEpjzr6U4yR+Pztk3UPtRyaYYmq6czn6UxA3ETFyqNFxI9bblvc4GZ/WKIqrXVyd7XF8dcJ+4xPFG7nZqq9zf3YWYrnkiGyGf4QfMnvimNxj9HVqSGIm/SVMeixEDKcWNUM0ka4zolkSUh6/0mvMG3Tno3wkvAbV5jIvSuPe1tN5vSq38ao1gyNZ/dsXo0jtIsT+DsRh8FzGeJMxFPjhLO5zpWFB1brdeMpF+6fIeMX/YdxlkCRUXKyU0kcCUUHmZdnp8XHdtrMR7M9O5LB9KWi/vc78L/gLThGl2NnOi/ruLEbwvPVXmu+vvvCsLPS69VUX84iM5EvW4xiF3pOKbAUZaDKYiOshpyA9xGhYilLjo58B9JxWxdtK9dqPqsNVNUymoE/CdkgxY7F7Tzf8BsJbpmREXXd95bF6W/KnqS1UmLcdfdWAlnLIR7IwkgcbL3KovUhQDCvUcgDlF5c+f0JdtiH3MQrHeNFTKji8PbPLPOWGaX+VKz9YSzPSmhUsR9i15s5I8Z7GBeKfpOqsmGTwYDtrE68r0phy0RYikj3ArMxj5tXD6R8rnzrjoxIk/cIVivMTK98Al5kU0rXwt8bfEz+KLi1KckV+SZt0HBUi85ufhfxwqj4Em/0i68rHwbZGT3fKk7K/M8G+55advb8Wny0flMHSDXsi7hjt4Fz6JFApHYJbchdgHfkiSIAdOr8cUcVXbVAvIOrsS57k6yp/x5wmfwvIluEtY1giMXrC8tVm7Z+AJFeMbggXQ25MhreQcC3tr+xhcUw99jtLyOXf54DrpNHVqnSWTzO6H6i0yU+6z2m36WP0o7VCWTEg0Qp9vfv+vsr00mmoxLt78CfvLtoMttVV0JJ9dbCObPZZbr6gfWWyDyvdYqjSMmjP1rfN/AwAA//9QSwcIFXiNPmIaAAC4YQAAUEsDBBQACAAIAAAAAAAAAAAAAAAAAAAAAAAUAAAAd2luZG93cy9zZW5kbG9ncy5wczGsU09P204Qve+nmN+SQyL97NhBRIXWLTSlYJU/EYZKLeWwjSf2ivWutTt2WyG+e7U2IVBA6qF78sy8eTNvZvxmgwEAhNmXk9N5lmad5d9FrYzIHQhQpoDvjc4VAhmgEqE0jmBpLFgkK7EVClop4KBBR5+Pj0zhQtbTftjPZmfp/Dw9Pfm3zP6di2v0NLWwokJCC2YJAr6mc1hKhaBF1RE3XcH/4UcpFyVIBw41rSoeGkd7BWq6p/UFfWTcVl3gyBSAOq+N1BSyjbfsclblCum91LnUxXB0xboOhh3DpSMrdXHVGYO5oJKNGJNLGP43PEdHgXf1gdEIbjqYRWqsZreMDQ6MUBkJwj1bOEhgt0fwY6TS5DzhB0j8de+7sJInvCSqd8bjePoqnG6G8WQ7jKfjSixKqXH8bmGqOimMUM6TrjIPUeRoHU92b/jPoHJBi9ZJo3nCJ1E8CeI42Iz4Lbt90BAkMBimujXXGJyho74j2H3U8Si8Nxkb9Jt+Scm8+QslO5uTrcn0wSpWKan+KBXypJvkU1n323xG31YQbQdRfMe0Bi2URE3BwliLSpA0Wvo+X8L58+IJ3/uUzbL9uWoKqV+CrstHYRxGT2FGk5AarS+4Hnk4W/nXX2n+Z3JbCT8bZYogx1qZXxVq8kTDZ5nOjMJUOxJ6gUfS0SOHxy1l0dhO/p114v+jwNVKEvBvIR9dRv15+wN55iLWa/8dAAD//1BLBwiFX+NRIQIAAF4EAABQSwECFAAUAAgACAAAAAAAFXiNPmIaAAC4YQAAHAAAAAAAAAAAAAAAAAAAAAAAd2luZG93cy93aW5kb3dzY3NlaGVscGVyLnBzMVBLAQIUABQACAAIAAAAAACFX+NRIQIAAF4EAAAUAAAAAAAAAAAAAAAAAKwaAAB3aW5kb3dzL3NlbmRsb2dzLnBzMVBLBQYAAAAAAgACAIwAAAAPHQAAAAA="

$global:KubeClusterConfigPath = "c:\k\kubeclusterconfig.json"
$fipsEnabled = [System.Convert]::ToBoolean("false")

# HNS remediator
$global:HNSRemediatorIntervalInMinutes = [System.Convert]::ToUInt32("0");

# Log generator
$global:LogGeneratorIntervalInMinutes = [System.Convert]::ToUInt32("0");

$global:EnableIncreaseDynamicPortRange = $false

$global:RebootNeeded = $false

$global:IsSkipCleanupNetwork = [System.Convert]::ToBoolean("false");

$global:EnableKubeletServingCertificateRotation = [System.Convert]::ToBoolean("false")

# Extract cse helper script from ZIP
[io.file]::WriteAllBytes("scripts.zip", [System.Convert]::FromBase64String($zippedFiles))
Expand-Archive scripts.zip -DestinationPath "C:\\AzureData\\" -Force

# Dot-source windowscsehelper.ps1 with functions that are called in this script
. c:\AzureData\windows\windowscsehelper.ps1
# util functions only can be used after this line, for example, Write-Log

$global:OperationId = New-Guid

try
{
    Logs-To-Event -TaskName "AKS.WindowsCSE.ExecuteCustomDataSetupScript" -TaskMessage ".\CustomDataSetupScript.ps1 -MasterIP $MasterIP -KubeDnsServiceIp $KubeDnsServiceIp -MasterFQDNPrefix $MasterFQDNPrefix -Location $Location -AADClientId $AADClientId -NetworkAPIVersion $NetworkAPIVersion -TargetEnvironment $TargetEnvironment -CSEResultFilePath $CSEResultFilePath"

    # Exit early if the script has been executed
    if (Test-Path -Path $CSEResultFilePath -PathType Leaf) {
        Write-Log "The script has been executed before, will exit without doing anything."
        return
    }

    # This involes using proxy, log the config before fetching packages
    Write-Log "private egress proxy address is '$global:PrivateEgressProxyAddress'"
    # TODO update to use proxy

    $WindowsCSEScriptsPackage = "aks-windows-cse-scripts-current.zip"
    # CSEScriptsPackage is cached on VHD. Previously the cse package version was managed in components.json, whereas RP set the package URL which is a storage account.
    # From 2025-06 The CSE packages is eleased on the VHD. RP can use fully qualified URL to download CSE scripts package when required out of VHD release cycle. 
    # In the transition period, it is important that when deal with older VHD versions, the agentbaker runtime provision script needs to be compatible with the latest known storage account package, 0.0.52.
    Write-Log "Requested CSEScriptsPackageUrl is $global:CSEScriptsPackageUrl"
    if ($global:CSEScriptsPackageUrl.EndsWith("/")) {
        $search = @()
        if ($global:CacheDir -and (Test-Path $global:CacheDir)) {
            $search = [IO.Directory]::GetFiles($global:CacheDir, $WindowsCSEScriptsPackage, [IO.SearchOption]::AllDirectories)
            # list files in the cache directory. 
            Write-Log "the directory $global:CacheDir contains the following files:"
            Get-ChildItem -Path $global:CacheDir | ForEach-Object { Write-Log "  $_" }
        }
 
        if ($search.Count -eq 0) {
            Write-Log "Could not find windows cse package on VHD. Use remote version instead."
            $WindowsCSEScriptsPackage = "aks-windows-cse-scripts-v0.0.52.zip"
        }
        Write-Log "WindowsCSEScriptsPackage is $WindowsCSEScriptsPackage"
        $global:CSEScriptsPackageUrl = $global:CSEScriptsPackageUrl + $WindowsCSEScriptsPackage
    }
    Write-Log "CSEScriptsPackageUrl used for provision is $global:CSEScriptsPackageUrl"

    # Download CSE function scripts
    Logs-To-Event -TaskName "AKS.WindowsCSE.DownloadAndExpandCSEScriptPackageUrl" -TaskMessage "Start to get CSE scripts. CSEScriptsPackageUrl: $global:CSEScriptsPackageUrl"
    $tempfile = 'c:\csescripts.zip'
    DownloadFileOverHttp -Url $global:CSEScriptsPackageUrl -DestinationPath $tempfile -ExitCode $global:WINDOWS_CSE_ERROR_DOWNLOAD_CSE_PACKAGE
    Expand-Archive $tempfile -DestinationPath "C:\\AzureData\\windows" -Force
    Remove-Item -Path $tempfile -Force

    # Dot-source cse scripts with functions that are called in this script
    . c:\AzureData\windows\azurecnifunc.ps1
    . c:\AzureData\windows\calicofunc.ps1
    . c:\AzureData\windows\configfunc.ps1
    . c:\AzureData\windows\containerdfunc.ps1
    . c:\AzureData\windows\kubeletfunc.ps1
    . c:\AzureData\windows\kubernetesfunc.ps1
    . c:\AzureData\windows\nvidiagpudriverfunc.ps1

    # Install OpenSSH if SSH enabled
    $sshEnabled = [System.Convert]::ToBoolean("true")

    if ( $sshEnabled ) {
        Install-OpenSSH -SSHKeys $SSHKeys
    }

    Set-TelemetrySetting -WindowsTelemetryGUID $global:WindowsTelemetryGUID

    Resize-OSDrive

    Initialize-DataDisks

    Initialize-DataDirectories

    Logs-To-Event -TaskName "AKS.WindowsCSE.GetProvisioningAndLogCollectionScripts" -TaskMessage "Start to get provisioning scripts and log collection scripts"
    Create-Directory -FullPath "c:\k"
    Write-Log "Remove `"NT AUTHORITY\Authenticated Users`" write permissions on files in c:\k"
    icacls.exe "c:\k" /inheritance:r
    icacls.exe "c:\k" /grant:r SYSTEM:`(OI`)`(CI`)`(F`)
    icacls.exe "c:\k" /grant:r BUILTIN\Administrators:`(OI`)`(CI`)`(F`)
    icacls.exe "c:\k" /grant:r BUILTIN\Users:`(OI`)`(CI`)`(RX`)
    Write-Log "c:\k permissions: "
    icacls.exe "c:\k"
    Get-ProvisioningScripts
    Get-LogCollectionScripts

    # NOTE: this function MUST be called before Write-KubeClusterConfig since it has the potential
    # to mutate both kubelet config args and kubelet node labels.
    Configure-KubeletServingCertificateRotation

    Write-KubeClusterConfig -MasterIP $MasterIP -KubeDnsServiceIp $KubeDnsServiceIp

    Install-CredentialProvider -KubeDir $global:KubeDir -CustomCloudContainerRegistryDNSSuffix ""

    Get-KubePackage -KubeBinariesSASURL $global:KubeBinariesPackageSASURL

    $cniBinPath = $global:AzureCNIBinDir
    $cniConfigPath = $global:AzureCNIConfDir
    if ($global:NetworkPlugin -eq "kubenet") {
        $cniBinPath = $global:CNIPath
        $cniConfigPath = $global:CNIConfigPath
    }

    Install-Containerd-Based-On-Kubernetes-Version -ContainerdUrl $global:ContainerdUrl -CNIBinDir $cniBinPath -CNIConfDir $cniConfigPath -KubeDir $global:KubeDir -KubernetesVersion $global:KubeBinariesVersion

    Retag-ImagesForAzureChinaCloud -TargetEnvironment $TargetEnvironment

    # For AKSClustomCloud, TargetEnvironment must be set to AzureStackCloud
    Write-AzureConfig `
        -KubeDir $global:KubeDir `
        -AADClientId $AADClientId `
        -AADClientSecret $([System.Text.Encoding]::ASCII.GetString([System.Convert]::FromBase64String($AADClientSecret))) `
        -TenantId $global:TenantId `
        -SubscriptionId $global:SubscriptionId `
        -ResourceGroup $global:ResourceGroup `
        -Location $Location `
        -VmType $global:VmType `
        -SubnetName $global:SubnetName `
        -SecurityGroupName $global:SecurityGroupName `
        -VNetName $global:VNetName `
        -RouteTableName $global:RouteTableName `
        -PrimaryAvailabilitySetName $global:PrimaryAvailabilitySetName `
        -PrimaryScaleSetName $global:PrimaryScaleSetName `
        -UseManagedIdentityExtension $global:UseManagedIdentityExtension `
        -UserAssignedClientID $UserAssignedClientID `
        -UseInstanceMetadata $global:UseInstanceMetadata `
        -LoadBalancerSku $global:LoadBalancerSku `
        -ExcludeMasterFromStandardLB $global:ExcludeMasterFromStandardLB `
        -TargetEnvironment $TargetEnvironment

    # we borrow the logic of AzureStackCloud to achieve AKSCustomCloud.
    # In case of AKSCustomCloud, customer cloud env will be loaded from azurestackcloud.json
    

    Write-CACert -CACertificate $global:CACertificate `
        -KubeDir $global:KubeDir

    if ($global:EnableCsiProxy) {
        New-CsiProxyService -CsiProxyPackageUrl $global:CsiProxyUrl -KubeDir $global:KubeDir
    }

    if ($global:TLSBootstrapToken) {
        Write-BootstrapKubeConfig -CACertificate $global:CACertificate `
            -KubeDir $global:KubeDir `
            -MasterFQDNPrefix $MasterFQDNPrefix `
            -MasterIP $MasterIP `
            -TLSBootstrapToken $global:TLSBootstrapToken

        # NOTE: we need kubeconfig to setup calico even if TLS bootstrapping is enabled
        #       This kubeconfig will deleted after calico installation.
        # TODO(hbc): once TLS bootstrap is fully enabled, remove this if block
        Write-Log "Write temporary kube config"
    } else {
        Write-Log "Write kube config"
    }

    Write-KubeConfig -CACertificate $global:CACertificate `
        -KubeDir $global:KubeDir `
        -MasterFQDNPrefix $MasterFQDNPrefix `
        -MasterIP $MasterIP `
        -AgentKey $AgentKey `
        -AgentCertificate $global:AgentCertificate

    if ($global:EnableHostsConfigAgent) {
        New-HostsConfigService
    }

    Write-Log "Configuring networking with NetworkPlugin:$global:NetworkPlugin"

    # Configure network policy.
    Get-HnsPsm1 -HNSModule $global:HNSModule
    Import-Module $global:HNSModule

    Install-VnetPlugins -AzureCNIConfDir $global:AzureCNIConfDir `
        -AzureCNIBinDir $global:AzureCNIBinDir `
        -VNetCNIPluginsURL $global:VNetCNIPluginsURL

    Set-AzureCNIConfig -AzureCNIConfDir $global:AzureCNIConfDir `
        -KubeDnsSearchPath $global:KubeDnsSearchPath `
        -KubeClusterCIDR $global:KubeClusterCIDR `
        -KubeServiceCIDR $global:KubeServiceCIDR `
        -VNetCIDR $global:VNetCIDR `
        -IsDualStackEnabled $global:IsDualStackEnabled `
        -IsAzureCNIOverlayEnabled $global:IsAzureCNIOverlayEnabled


    if ($TargetEnvironment -ieq "AzureStackCloud") {
        GenerateAzureStackCNIConfig `
            -TenantId $global:TenantId `
            -SubscriptionId $global:SubscriptionId `
            -ResourceGroup $global:ResourceGroup `
            -AADClientId $AADClientId `
            -KubeDir $global:KubeDir `
            -AADClientSecret $([System.Text.Encoding]::ASCII.GetString([System.Convert]::FromBase64String($AADClientSecret))) `
            -NetworkAPIVersion $NetworkAPIVersion `
            -AzureEnvironmentFilePath $([io.path]::Combine($global:KubeDir, "azurestackcloud.json")) `
            -IdentitySystem "azure_ad"
    }

    New-ExternalHnsNetwork -IsDualStackEnabled $global:IsDualStackEnabled

    Install-KubernetesServices `
        -KubeDir $global:KubeDir

    Set-Explorer
    Adjust-PageFileSize
    Logs-To-Event -TaskName "AKS.WindowsCSE.PreprovisionExtension" -TaskMessage "Start preProvisioning script"
    
    Update-ServiceFailureActions
    Adjust-DynamicPortRange
    Register-LogsCleanupScriptTask
    Register-NodeResetScriptTask
    Update-DefenderPreferences

    $windowsVersion = Get-WindowsVersion
    if ($windowsVersion -ne "1809") {
        Logs-To-Event -TaskName "AKS.WindowsCSE.EnableSecureTLS" -TaskMessage "Skip secure TLS protocols for Windows version: $windowsVersion"
    } else {
        Logs-To-Event -TaskName "AKS.WindowsCSE.EnableSecureTLS" -TaskMessage "Start to enable secure TLS protocols"
        try {
            . C:\k\windowssecuretls.ps1
            Enable-SecureTls
        }
        catch {
            Set-ExitCode -ExitCode $global:WINDOWS_CSE_ERROR_ENABLE_SECURE_TLS -ErrorMessage $_
        }
    }

    Enable-FIPSMode -FipsEnabled $fipsEnabled
    if ($global:WindowsGmsaPackageUrl) {
        Install-GmsaPlugin -GmsaPackageUrl $global:WindowsGmsaPackageUrl
    }

    Check-APIServerConnectivity -MasterIP $MasterIP

    if ($global:WindowsCalicoPackageURL) {
        Start-InstallCalico -RootDir "c:\" -KubeServiceCIDR $global:KubeServiceCIDR -KubeDnsServiceIp $KubeDnsServiceIp
    }

    Start-InstallGPUDriver -EnableInstall $global:ConfigGPUDriverIfNeeded -GpuDriverURL $global:GpuDriverURL

    if (Test-Path $CacheDir)
    {
        Write-Log "Removing aks cache directory"
        Remove-Item $CacheDir -Recurse -Force
    }

    if ($global:TLSBootstrapToken) {
        Write-Log "Removing temporary kube config"
        $kubeConfigFile = [io.path]::Combine($KubeDir, "config")
        Remove-Item $kubeConfigFile
    }

    Enable-GuestVMLogs -IntervalInMinutes $global:LogGeneratorIntervalInMinutes

    if ($global:RebootNeeded) {
        Logs-To-Event -TaskName "AKS.WindowsCSE.RestartComputer" -TaskMessage "Setup Complete, calling Postpone-RestartComputer with reboot"
        Postpone-RestartComputer
    } else {
        Logs-To-Event -TaskName "AKS.WindowsCSE.StartScheduledTask" -TaskMessage "Setup Complete, start NodeResetScriptTask to register Windows node without reboot"
        Start-ScheduledTask -TaskName "k8s-restart-job"

        $timeout = 180 ##  seconds
        $timer = [Diagnostics.Stopwatch]::StartNew()
        while ((Get-ScheduledTask -TaskName 'k8s-restart-job').State -ne 'Ready') {
            # The task `k8s-restart-job` needs ~8 seconds.
            if ($timer.Elapsed.TotalSeconds -gt $timeout) {
                Set-ExitCode -ExitCode $global:WINDOWS_CSE_ERROR_START_NODE_RESET_SCRIPT_TASK -ErrorMessage "NodeResetScriptTask is not finished after [$($timer.Elapsed.TotalSeconds)] seconds"
            }

            Write-Log -Message "Waiting on NodeResetScriptTask..."
            Start-Sleep -Seconds 3
        }
        $timer.Stop()
        Write-Log -Message "We waited [$($timer.Elapsed.TotalSeconds)] seconds on NodeResetScriptTask"
    }
}
catch
{
    # Set-ExitCode will exit with the specified ExitCode immediately and not be caught by this catch block
    # Ideally all exceptions will be handled and no exception will be thrown.
    Set-ExitCode -ExitCode $global:WINDOWS_CSE_ERROR_UNKNOWN -ErrorMessage $_
}
finally
{
    # Generate CSE result so it can be returned as the CSE response in csecmd.ps1
    $ExecutionDuration=$(New-Timespan -Start $StartTime -End $(Get-Date))
    Write-Log "CSE ExecutionDuration: $ExecutionDuration. ExitCode: $global:ExitCode"

    Logs-To-Event -TaskName "AKS.WindowsCSE.cse_main" -TaskMessage "ExitCode: $global:ExitCode. ErrorMessage: $global:ErrorMessage."

    # $CSEResultFilePath is used to avoid running CSE multiple times
    if ($global:ExitCode -ne 0) {
        # $JsonString = "ExitCode: |{0}|, Output: |{1}|, Error: |{2}|"
        # Max length of the full error message returned by Windows CSE is ~256. We use 240 to be safe.
        $errorMessageLength = "ExitCode: |$global:ExitCode|, Output: |$($global:ErrorCodeNames[$global:ExitCode])|, Error: ||".Length
        $turncatedErrorMessage = $global:ErrorMessage.Substring(0, [Math]::Min(240 - $errorMessageLength, $global:ErrorMessage.Length))
        Set-Content -Path $CSEResultFilePath -Value "ExitCode: |$global:ExitCode|, Output: |$($global:ErrorCodeNames[$global:ExitCode])|, Error: |$turncatedErrorMessage|"
    }
    else {
        Set-Content -Path $CSEResultFilePath -Value $global:ExitCode -Force
    }

    if ($global:ExitCode -eq $global:WINDOWS_CSE_ERROR_DOWNLOAD_CSE_PACKAGE) {
        Write-Log "Do not call Upload-GuestVMLogs because there is no cse script package downloaded"
    }
    else {
        Upload-GuestVMLogs -ExitCode $global:ExitCode
    }
}