Fix windows network configuration for VHD caching feature (#7313)

Author: r2k1

e2e/scenario_test.go

@@ -2195,14 +2195,18 @@ func Test_Ubuntu2404_VHDCaching(t *testing.T) {
 	RunScenario(t, &Scenario{
 		Description: "T",
 		Config: Config{
-			Cluster:    ClusterKubenet,
-			VHD:        config.VHDUbuntu2204Gen2Containerd,
-			VHDCaching: true,
-			BootstrapConfigMutator: func(nbc *datamodel.NodeBootstrappingConfiguration) {
-			},
+			Cluster:                ClusterKubenet,
+			VHD:                    config.VHDUbuntu2204Gen2Containerd,
+			VHDCaching:             true,
+			BootstrapConfigMutator: EmptyBootstrapConfigMutator,
 			Validator: func(ctx context.Context, s *Scenario) {
 			},
 			VMConfigMutator: func(vmss *armcompute.VirtualMachineScaleSet) {
+				// If the VHD has incorrect settings (like network misconfiguration)
+				// deploying more than one VM may expose the issue.
+				// This check is not always reliable, since only one VM is created per test run in the current framework.
+				// Therefore, tests may incorrectly pass more often than they fail in these cases.
+				vmss.SKU.Capacity = to.Ptr[int64](2)
 			},
 		},
 	})

e2e/scenario_win_test.go

@@ -346,10 +346,16 @@ func Test_Windows2022_VHDCaching(t *testing.T) {
 	RunScenario(t, &Scenario{
 		Description: "VHD Caching",
 		Config: Config{
-			Cluster:                ClusterAzureNetwork,
-			VHD:                    config.VHDWindows2022Containerd, // gen1 is default for windows 2022
-			VHDCaching:             true,
-			VMConfigMutator:        EmptyVMConfigMutator,
+			Cluster:    ClusterAzureNetwork,
+			VHD:        config.VHDWindows2022Containerd, // gen1 is default for windows 2022
+			VHDCaching: true,
+			VMConfigMutator: func(vmss *armcompute.VirtualMachineScaleSet) {
+				// If the VHD has incorrect settings (like network misconfiguration)
+				// deploying more than one VM may expose the issue.
+				// This check is not always reliable, since only one VM is created per test run in the current framework.
+				// Therefore, tests may incorrectly pass more often than they fail in these cases.
+				vmss.SKU.Capacity = to.Ptr[int64](2)
+			},
 			BootstrapConfigMutator: EmptyBootstrapConfigMutator,
 			Validator: func(ctx context.Context, s *Scenario) {
 				ValidateWindowsVersionFromWindowsSettings(ctx, s, "2022-containerd")

parts/windows/kuberneteswindowssetup.ps1

@@ -417,6 +417,50 @@ function BasePrep {
         New-HostsConfigService
     }
 
+    Set-Explorer
+    Adjust-PageFileSize
+    Logs-To-Event -TaskName "AKS.WindowsCSE.PreprovisionExtension" -TaskMessage "Start preProvisioning script"
+    PREPROVISION_EXTENSION
+    Update-ServiceFailureActions
+    Adjust-DynamicPortRange
+    Register-LogsCleanupScriptTask
+    Register-NodeResetScriptTask
+
+    Update-DefenderPreferences
+
+    $windowsVersion = Get-WindowsVersion
+    if ($windowsVersion -ne "1809") {
+        Logs-To-Event -TaskName "AKS.WindowsCSE.EnableSecureTLS" -TaskMessage "Skip secure TLS protocols for Windows version: $windowsVersion"
+    } else {
+        Logs-To-Event -TaskName "AKS.WindowsCSE.EnableSecureTLS" -TaskMessage "Start to enable secure TLS protocols"
+        try {
+            . C:\k\windowssecuretls.ps1
+            Enable-SecureTls
+        }
+        catch {
+            Set-ExitCode -ExitCode $global:WINDOWS_CSE_ERROR_ENABLE_SECURE_TLS -ErrorMessage $_
+        }
+    }
+
+    Enable-FIPSMode -FipsEnabled $fipsEnabled
+    if ($global:WindowsGmsaPackageUrl) {
+        Install-GmsaPlugin -GmsaPackageUrl $global:WindowsGmsaPackageUrl
+    }
+
+    Write-Log "BasePrep completed successfully"
+    Logs-To-Event -TaskName "AKS.WindowsCSE.BasePrep" -TaskMessage "BasePrep completed successfully"
+}
+
+# ====== NODE PREP: CLUSTER INTEGRATION ======
+# All operations that should only run when connecting to the actual cluster
+function NodePrep {
+    Install-KubernetesServices -KubeDir $global:KubeDir
+
+    Write-Log "Starting NodePrep - Cluster integration"
+    Logs-To-Event -TaskName "AKS.WindowsCSE.NodePrep" -TaskMessage "Starting NodePrep - Cluster integration"
+
+    Check-APIServerConnectivity -MasterIP $MasterIP
+
     Write-Log "Configuring networking with NetworkPlugin:$global:NetworkPlugin"
 
     # Configure network policy.
@@ -464,50 +508,6 @@ function BasePrep {
         Write-Log "Enable-WindowsCiliumNetworking is not a recognized function, will skip Windows Cilium Networking installation"
     }
 
-    Set-Explorer
-    Adjust-PageFileSize
-    Logs-To-Event -TaskName "AKS.WindowsCSE.PreprovisionExtension" -TaskMessage "Start preProvisioning script"
-    PREPROVISION_EXTENSION
-    Update-ServiceFailureActions
-    Adjust-DynamicPortRange
-    Register-LogsCleanupScriptTask
-    Register-NodeResetScriptTask
-
-    Update-DefenderPreferences
-
-    $windowsVersion = Get-WindowsVersion
-    if ($windowsVersion -ne "1809") {
-        Logs-To-Event -TaskName "AKS.WindowsCSE.EnableSecureTLS" -TaskMessage "Skip secure TLS protocols for Windows version: $windowsVersion"
-    } else {
-        Logs-To-Event -TaskName "AKS.WindowsCSE.EnableSecureTLS" -TaskMessage "Start to enable secure TLS protocols"
-        try {
-            . C:\k\windowssecuretls.ps1
-            Enable-SecureTls
-        }
-        catch {
-            Set-ExitCode -ExitCode $global:WINDOWS_CSE_ERROR_ENABLE_SECURE_TLS -ErrorMessage $_
-        }
-    }
-
-    Enable-FIPSMode -FipsEnabled $fipsEnabled
-    if ($global:WindowsGmsaPackageUrl) {
-        Install-GmsaPlugin -GmsaPackageUrl $global:WindowsGmsaPackageUrl
-    }
-
-    Write-Log "BasePrep completed successfully"
-    Logs-To-Event -TaskName "AKS.WindowsCSE.BasePrep" -TaskMessage "BasePrep completed successfully"
-}
-
-# ====== NODE PREP: CLUSTER INTEGRATION ======
-# All operations that should only run when connecting to the actual cluster
-function NodePrep {
-    Install-KubernetesServices -KubeDir $global:KubeDir
-
-    Write-Log "Starting NodePrep - Cluster integration"
-    Logs-To-Event -TaskName "AKS.WindowsCSE.NodePrep" -TaskMessage "Starting NodePrep - Cluster integration"
-
-    Check-APIServerConnectivity -MasterIP $MasterIP
-
     if ($global:WindowsCalicoPackageURL) {
         Start-InstallCalico -RootDir "c:\" -KubeServiceCIDR $global:KubeServiceCIDR -KubeDnsServiceIp $KubeDnsServiceIp
     }

pkg/agent/testdata/AKSWindows2019+CustomCloud+ootcredentialprovider/CustomData

@@ -411,6 +411,50 @@ function BasePrep {
         New-HostsConfigService
     }
 
+    Set-Explorer
+    Adjust-PageFileSize
+    Logs-To-Event -TaskName "AKS.WindowsCSE.PreprovisionExtension" -TaskMessage "Start preProvisioning script"
+    
+    Update-ServiceFailureActions
+    Adjust-DynamicPortRange
+    Register-LogsCleanupScriptTask
+    Register-NodeResetScriptTask
+
+    Update-DefenderPreferences
+
+    $windowsVersion = Get-WindowsVersion
+    if ($windowsVersion -ne "1809") {
+        Logs-To-Event -TaskName "AKS.WindowsCSE.EnableSecureTLS" -TaskMessage "Skip secure TLS protocols for Windows version: $windowsVersion"
+    } else {
+        Logs-To-Event -TaskName "AKS.WindowsCSE.EnableSecureTLS" -TaskMessage "Start to enable secure TLS protocols"
+        try {
+            . C:\k\windowssecuretls.ps1
+            Enable-SecureTls
+        }
+        catch {
+            Set-ExitCode -ExitCode $global:WINDOWS_CSE_ERROR_ENABLE_SECURE_TLS -ErrorMessage $_
+        }
+    }
+
+    Enable-FIPSMode -FipsEnabled $fipsEnabled
+    if ($global:WindowsGmsaPackageUrl) {
+        Install-GmsaPlugin -GmsaPackageUrl $global:WindowsGmsaPackageUrl
+    }
+
+    Write-Log "BasePrep completed successfully"
+    Logs-To-Event -TaskName "AKS.WindowsCSE.BasePrep" -TaskMessage "BasePrep completed successfully"
+}
+
+# ====== NODE PREP: CLUSTER INTEGRATION ======
+# All operations that should only run when connecting to the actual cluster
+function NodePrep {
+    Install-KubernetesServices -KubeDir $global:KubeDir
+
+    Write-Log "Starting NodePrep - Cluster integration"
+    Logs-To-Event -TaskName "AKS.WindowsCSE.NodePrep" -TaskMessage "Starting NodePrep - Cluster integration"
+
+    Check-APIServerConnectivity -MasterIP $MasterIP
+
     Write-Log "Configuring networking with NetworkPlugin:$global:NetworkPlugin"
 
     # Configure network policy.
@@ -458,50 +502,6 @@ function BasePrep {
         Write-Log "Enable-WindowsCiliumNetworking is not a recognized function, will skip Windows Cilium Networking installation"
     }
 
-    Set-Explorer
-    Adjust-PageFileSize
-    Logs-To-Event -TaskName "AKS.WindowsCSE.PreprovisionExtension" -TaskMessage "Start preProvisioning script"
-    
-    Update-ServiceFailureActions
-    Adjust-DynamicPortRange
-    Register-LogsCleanupScriptTask
-    Register-NodeResetScriptTask
-
-    Update-DefenderPreferences
-
-    $windowsVersion = Get-WindowsVersion
-    if ($windowsVersion -ne "1809") {
-        Logs-To-Event -TaskName "AKS.WindowsCSE.EnableSecureTLS" -TaskMessage "Skip secure TLS protocols for Windows version: $windowsVersion"
-    } else {
-        Logs-To-Event -TaskName "AKS.WindowsCSE.EnableSecureTLS" -TaskMessage "Start to enable secure TLS protocols"
-        try {
-            . C:\k\windowssecuretls.ps1
-            Enable-SecureTls
-        }
-        catch {
-            Set-ExitCode -ExitCode $global:WINDOWS_CSE_ERROR_ENABLE_SECURE_TLS -ErrorMessage $_
-        }
-    }
-
-    Enable-FIPSMode -FipsEnabled $fipsEnabled
-    if ($global:WindowsGmsaPackageUrl) {
-        Install-GmsaPlugin -GmsaPackageUrl $global:WindowsGmsaPackageUrl
-    }
-
-    Write-Log "BasePrep completed successfully"
-    Logs-To-Event -TaskName "AKS.WindowsCSE.BasePrep" -TaskMessage "BasePrep completed successfully"
-}
-
-# ====== NODE PREP: CLUSTER INTEGRATION ======
-# All operations that should only run when connecting to the actual cluster
-function NodePrep {
-    Install-KubernetesServices -KubeDir $global:KubeDir
-
-    Write-Log "Starting NodePrep - Cluster integration"
-    Logs-To-Event -TaskName "AKS.WindowsCSE.NodePrep" -TaskMessage "Starting NodePrep - Cluster integration"
-
-    Check-APIServerConnectivity -MasterIP $MasterIP
-
     if ($global:WindowsCalicoPackageURL) {
         Start-InstallCalico -RootDir "c:\" -KubeServiceCIDR $global:KubeServiceCIDR -KubeDnsServiceIp $KubeDnsServiceIp
     }

pkg/agent/testdata/AKSWindows2019+CustomCloud/CustomData

@@ -411,6 +411,50 @@ function BasePrep {
         New-HostsConfigService
     }
 
+    Set-Explorer
+    Adjust-PageFileSize
+    Logs-To-Event -TaskName "AKS.WindowsCSE.PreprovisionExtension" -TaskMessage "Start preProvisioning script"
+    
+    Update-ServiceFailureActions
+    Adjust-DynamicPortRange
+    Register-LogsCleanupScriptTask
+    Register-NodeResetScriptTask
+
+    Update-DefenderPreferences
+
+    $windowsVersion = Get-WindowsVersion
+    if ($windowsVersion -ne "1809") {
+        Logs-To-Event -TaskName "AKS.WindowsCSE.EnableSecureTLS" -TaskMessage "Skip secure TLS protocols for Windows version: $windowsVersion"
+    } else {
+        Logs-To-Event -TaskName "AKS.WindowsCSE.EnableSecureTLS" -TaskMessage "Start to enable secure TLS protocols"
+        try {
+            . C:\k\windowssecuretls.ps1
+            Enable-SecureTls
+        }
+        catch {
+            Set-ExitCode -ExitCode $global:WINDOWS_CSE_ERROR_ENABLE_SECURE_TLS -ErrorMessage $_
+        }
+    }
+
+    Enable-FIPSMode -FipsEnabled $fipsEnabled
+    if ($global:WindowsGmsaPackageUrl) {
+        Install-GmsaPlugin -GmsaPackageUrl $global:WindowsGmsaPackageUrl
+    }
+
+    Write-Log "BasePrep completed successfully"
+    Logs-To-Event -TaskName "AKS.WindowsCSE.BasePrep" -TaskMessage "BasePrep completed successfully"
+}
+
+# ====== NODE PREP: CLUSTER INTEGRATION ======
+# All operations that should only run when connecting to the actual cluster
+function NodePrep {
+    Install-KubernetesServices -KubeDir $global:KubeDir
+
+    Write-Log "Starting NodePrep - Cluster integration"
+    Logs-To-Event -TaskName "AKS.WindowsCSE.NodePrep" -TaskMessage "Starting NodePrep - Cluster integration"
+
+    Check-APIServerConnectivity -MasterIP $MasterIP
+
     Write-Log "Configuring networking with NetworkPlugin:$global:NetworkPlugin"
 
     # Configure network policy.
@@ -458,50 +502,6 @@ function BasePrep {
         Write-Log "Enable-WindowsCiliumNetworking is not a recognized function, will skip Windows Cilium Networking installation"
     }
 
-    Set-Explorer
-    Adjust-PageFileSize
-    Logs-To-Event -TaskName "AKS.WindowsCSE.PreprovisionExtension" -TaskMessage "Start preProvisioning script"
-    
-    Update-ServiceFailureActions
-    Adjust-DynamicPortRange
-    Register-LogsCleanupScriptTask
-    Register-NodeResetScriptTask
-
-    Update-DefenderPreferences
-
-    $windowsVersion = Get-WindowsVersion
-    if ($windowsVersion -ne "1809") {
-        Logs-To-Event -TaskName "AKS.WindowsCSE.EnableSecureTLS" -TaskMessage "Skip secure TLS protocols for Windows version: $windowsVersion"
-    } else {
-        Logs-To-Event -TaskName "AKS.WindowsCSE.EnableSecureTLS" -TaskMessage "Start to enable secure TLS protocols"
-        try {
-            . C:\k\windowssecuretls.ps1
-            Enable-SecureTls
-        }
-        catch {
-            Set-ExitCode -ExitCode $global:WINDOWS_CSE_ERROR_ENABLE_SECURE_TLS -ErrorMessage $_
-        }
-    }
-
-    Enable-FIPSMode -FipsEnabled $fipsEnabled
-    if ($global:WindowsGmsaPackageUrl) {
-        Install-GmsaPlugin -GmsaPackageUrl $global:WindowsGmsaPackageUrl
-    }
-
-    Write-Log "BasePrep completed successfully"
-    Logs-To-Event -TaskName "AKS.WindowsCSE.BasePrep" -TaskMessage "BasePrep completed successfully"
-}
-
-# ====== NODE PREP: CLUSTER INTEGRATION ======
-# All operations that should only run when connecting to the actual cluster
-function NodePrep {
-    Install-KubernetesServices -KubeDir $global:KubeDir
-
-    Write-Log "Starting NodePrep - Cluster integration"
-    Logs-To-Event -TaskName "AKS.WindowsCSE.NodePrep" -TaskMessage "Starting NodePrep - Cluster integration"
-
-    Check-APIServerConnectivity -MasterIP $MasterIP
-
     if ($global:WindowsCalicoPackageURL) {
         Start-InstallCalico -RootDir "c:\" -KubeServiceCIDR $global:KubeServiceCIDR -KubeDnsServiceIp $KubeDnsServiceIp
     }