Fix for crs which drops \\ on windows named pipes

Author: jsturtevant

Tiltfile

@@ -196,13 +196,21 @@ def capz():
 
     k8s_yaml(blob(yaml))
 
-def calico_crs():
+def create_crs():
+    # create config maps
     local("kubectl delete configmaps calico-addon --ignore-not-found=true")
     local("kubectl create configmap calico-addon --from-file=templates/addons/calico.yaml")
     local("kubectl delete configmaps calico-ipv6-addon --ignore-not-found=true")
     local("kubectl create configmap calico-ipv6-addon --from-file=templates/addons/calico-ipv6.yaml")
     local("kubectl delete configmaps flannel-windows-addon --ignore-not-found=true")
-    local("kubectl create configmap flannel-windows-addon --from-file=templates/addons/windows/")
+
+    # need to set version for kube-proxy on windows.  
+    # This file is processed then reapply \\ due to the named pipes which need to be escaped for a bug in envsubst library
+	# https://github.com/kubernetes-sigs/cluster-api/issues/4016
+    os.putenv("KUBERNETES_VERSION", settings.get("kubernetes_version", {}))
+    local("kubectl create configmap flannel-windows-addon --from-file=templates/addons/windows/ --dry-run=client -o yaml | " + envsubst_cmd + " | sed -e 's/\\\\/\\\\\\\\/' | kubectl apply -f -")
+
+    # set up crs
     local("kubectl wait --for=condition=Available --timeout=300s -n capi-webhook-system deployment/capi-controller-manager")
     local("kubectl apply -f templates/addons/calico-resource-set.yaml")
     local("kubectl apply -f templates/addons/flannel-resource-set.yaml")
@@ -267,8 +275,9 @@ def deploy_worker_templates(template, substitutions):
                 yaml = yaml.replace("${" + substitution + "}", value)
 
     # programmatically define any remaining vars
+    # "windows" can not be for cluster name because it sets the dns to trademarked name during reconciliation
     substitutions = {
-        "CLUSTER_NAME": flavor + "-template",
+        "CLUSTER_NAME": flavor.replace("windows", "win") + "-template",
         "AZURE_LOCATION": "eastus",
         "AZURE_VNET_NAME": flavor + "-template-vnet",
         "AZURE_RESOURCE_GROUP": flavor + "-template-rg",
@@ -337,6 +346,6 @@ deploy_capi()
 
 capz()
 
-calico_crs()
+create_crs()
 
 flavors()

cloud/scope/machine.go

@@ -20,6 +20,7 @@ import (
 	"context"
 	"encoding/base64"
 	"encoding/json"
+	"strings"
 
 	"github.com/Azure/go-autorest/autorest/to"
 	"github.com/go-logr/logr"
@@ -263,11 +264,11 @@ func (m *MachineScope) Name() string {
 	// Windows Machine names cannot be longer than 15 chars
 	if m.AzureMachine.Spec.OSDisk.OSType == azure.WindowsOS && len(m.AzureMachine.Name) > 15 {
 		clustername := m.ClusterName()
-		if len(m.ClusterName()) > 5 {
-			clustername = clustername[0:5]
+		if len(m.ClusterName()) > 9 {
+			clustername = strings.TrimSuffix(clustername[0:9], "-")
 		}
 
-		return "win-" + clustername + "-" + m.AzureMachine.Name[len(m.AzureMachine.Name)-5:]
+		return clustername + "-" + m.AzureMachine.Name[len(m.AzureMachine.Name)-5:]
 	}
 	return m.AzureMachine.Name
 }

templates/addons/windows/flannel.yaml

@@ -706,9 +706,9 @@ spec:
         effect: NoSchedule
       containers:
       - name: kube-flannel
-        image: sigwindowstools/flannel:0.12.0
+        image: sigwindowstools/flannel:v0.13.0-nanoserver
         command:
-        - powershell
+        - pwsh
         args:
         - -file
         - /etc/kube-flannel-windows/run.ps1
@@ -739,6 +739,10 @@ spec:
               apiVersion: v1
               fieldPath: metadata.namespace
       volumes:
+      - name: wins
+        hostPath:
+          path: \\.\pipe\rancher_wins
+          type: null
       - name: opt
         hostPath:
           path: /opt
@@ -760,7 +764,4 @@ spec:
       - name: kubeadm-config
         configMap:
           name: kubeadm-config
-      - name: wins
-        hostPath:
-          path: \\.\pipe\rancher_wins
-          type: null
+

templates/addons/windows/kube-proxy-windows.yaml

@@ -16,9 +16,7 @@ data:
     yq w -i /host/var/lib/kube-proxy/config.conf featureGates.WinOverlay true
     yq w -i /host/var/lib/kube-proxy/config.conf mode "kernelspace"
     wins cli process run --path /k/kube-proxy/kube-proxy.exe --args "--v=6 --config=/var/lib/kube-proxy/config.conf --hostname-override=$env:NODE_NAME --feature-gates=WinOverlay=true"
-
 kind: ConfigMap
-apiVersion: v1
 metadata:
   labels:
     app: kube-proxy
@@ -44,7 +42,7 @@ spec:
       serviceAccountName: kube-proxy
       containers:
       - command:
-        - powershell
+        - pwsh
         args:
         - -file
         - /var/lib/kube-proxy-windows/run-script.ps1
@@ -58,13 +56,13 @@ spec:
           valueFrom:
             fieldRef:
               fieldPath: status.podIP
-        image: sigwindowstools/kube-proxy:v1.19.1
+        image: sigwindowstools/kube-proxy:${KUBERNETES_VERSION}-nanoserver
         name: kube-proxy
         volumeMounts:
-        - name: host
-          mountPath: /host
         - name: wins
           mountPath: \\.\pipe\rancher_wins
+        - name: host
+          mountPath: /host
         - mountPath: /var/lib/kube-proxy
           name: kube-proxy
         - mountPath: /var/lib/kube-proxy-windows
@@ -76,6 +74,10 @@ spec:
         operator: Exists
       - operator: Exists
       volumes:
+      - name: wins
+        hostPath:
+          path: \\.\pipe\rancher_wins
+          type: null
       - configMap:
           defaultMode: 420
           name: kube-proxy-windows
@@ -86,9 +88,5 @@ spec:
       - hostPath:
           path: /
         name: host
-      - name: wins
-        hostPath:
-          path: \\.\pipe\rancher_wins
-          type: null
   updateStrategy:
     type: RollingUpdate

templates/addons/windows/kustomization.yaml

@@ -0,0 +1,6 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+namespace: kube-system
+resources:
+  - flannel.yaml
+  - kube-proxy-windows.yaml

templates/cluster-template-machinepool-windows.yaml

@@ -254,16 +254,16 @@ spec:
       # https://github.com/kubernetes-sigs/sig-windows-tools/issues/103#issuecomment-709426828
       ipmo C:\k\debug\hns.psm1;
       New-HnsNetwork -Type Overlay -AddressPrefix "192.168.255.0/30" -Gateway "192.168.255.1" -Name "External" -AdapterName "Ethernet 2" -SubnetPolicies @(@{Type = "VSID"; VSID = 9999; })
-    path: C:\create-external-network.ps1
+    path: C:/create-external-network.ps1
     permissions: "0744"
   - content: |
-      [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String("${AZURE_SSH_PUBLIC_KEY_B64:=''}")) > C:\ProgramData\ssh\administrators_authorized_keys
-      icacls C:\ProgramData\ssh\administrators_authorized_keys /remove "NT AUTHORITY\Authenticated Users"
-      icacls C:\ProgramData\ssh\administrators_authorized_keys /inheritance:r
-      icacls C:\ProgramData\ssh\administrators_authorized_keys /grant SYSTEM:`(F`)
-      icacls C:\ProgramData\ssh\administrators_authorized_keys /grant BUILTIN\Administrators:`(F`)
+      [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String("${AZURE_SSH_PUBLIC_KEY_B64:=''}")) | Add-Content C:/ProgramData/ssh/administrators_authorized_keys
+      icacls C:/ProgramData/ssh/administrators_authorized_keys /remove "NT AUTHORITY\Authenticated Users"
+      icacls C:/ProgramData/ssh/administrators_authorized_keys /inheritance:r
+      icacls C:/ProgramData/ssh/administrators_authorized_keys /grant SYSTEM:F
+      icacls C:/ProgramData/ssh/administrators_authorized_keys /grant BUILTIN\Administrators:F
       restart-service sshd
-    path: C:\configure-ssh.ps1
+    path: C:/configure-ssh.ps1
     permissions: "0744"
   joinConfiguration:
     nodeRegistration:
@@ -273,5 +273,5 @@ spec:
         pod-infra-container-image: mcr.microsoft.com/oss/kubernetes/pause:1.4.1
       name: '{{ ds.meta_data["local_hostname"] }}'
   preKubeadmCommands:
-  - powershell c:\create-external-network.ps1
-  - powershell c:\configure-ssh.ps1
+  - powershell c:/create-external-network.ps1
+  - powershell c:/configure-ssh.ps1

templates/cluster-template-windows.yaml

@@ -264,16 +264,16 @@ spec:
           # https://github.com/kubernetes-sigs/sig-windows-tools/issues/103#issuecomment-709426828
           ipmo C:\k\debug\hns.psm1;
           New-HnsNetwork -Type Overlay -AddressPrefix "192.168.255.0/30" -Gateway "192.168.255.1" -Name "External" -AdapterName "Ethernet 2" -SubnetPolicies @(@{Type = "VSID"; VSID = 9999; })
-        path: C:\create-external-network.ps1
+        path: C:/create-external-network.ps1
         permissions: "0744"
       - content: |
-          [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String("${AZURE_SSH_PUBLIC_KEY_B64:=''}")) | Add-Content C:\ProgramData\ssh\administrators_authorized_keys
-          icacls C:\ProgramData\ssh\administrators_authorized_keys /remove "NT AUTHORITY\Authenticated Users"
-          icacls C:\ProgramData\ssh\administrators_authorized_keys /inheritance:r
-          icacls C:\ProgramData\ssh\administrators_authorized_keys /grant SYSTEM:`(F`)
-          icacls C:\ProgramData\ssh\administrators_authorized_keys /grant BUILTIN\Administrators:`(F`)
+          [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String("${AZURE_SSH_PUBLIC_KEY_B64:=''}")) | Add-Content C:/ProgramData/ssh/administrators_authorized_keys
+          icacls C:/ProgramData/ssh/administrators_authorized_keys /remove "NT AUTHORITY\Authenticated Users"
+          icacls C:/ProgramData/ssh/administrators_authorized_keys /inheritance:r
+          icacls C:/ProgramData/ssh/administrators_authorized_keys /grant SYSTEM:F
+          icacls C:/ProgramData/ssh/administrators_authorized_keys /grant BUILTIN\Administrators:F
           restart-service sshd
-        path: C:\configure-ssh.ps1
+        path: C:/configure-ssh.ps1
         permissions: "0744"
       joinConfiguration:
         nodeRegistration:
@@ -283,5 +283,5 @@ spec:
             pod-infra-container-image: mcr.microsoft.com/oss/kubernetes/pause:1.4.1
           name: '{{ ds.meta_data["local_hostname"] }}'
       preKubeadmCommands:
-      - powershell c:\create-external-network.ps1
-      - powershell c:\configure-ssh.ps1
+      - powershell c:/create-external-network.ps1
+      - powershell c:/configure-ssh.ps1

templates/flavors/machinepool-windows/machine-pool-deployment-windows.yaml

@@ -43,8 +43,8 @@ metadata:
   name: "${CLUSTER_NAME}-mp-win"
 spec:
   preKubeadmCommands:
-    - powershell c:\create-external-network.ps1
-    - powershell c:\configure-ssh.ps1
+    - powershell c:/create-external-network.ps1
+    - powershell c:/configure-ssh.ps1
   joinConfiguration:
     nodeRegistration:
       name: '{{ ds.meta_data["local_hostname"] }}'
@@ -60,20 +60,20 @@ spec:
     owner: root:root
     path: c:/k/azure.json
     permissions: "0644"
-  - path: C:\create-external-network.ps1
+  - path: C:/create-external-network.ps1
     permissions: "0744"
     content: |
       # required as a work around for Flannel and Wins bugs
       # https://github.com/coreos/flannel/issues/1359
       # https://github.com/kubernetes-sigs/sig-windows-tools/issues/103#issuecomment-709426828
       ipmo C:\k\debug\hns.psm1;
       New-HnsNetwork -Type Overlay -AddressPrefix "192.168.255.0/30" -Gateway "192.168.255.1" -Name "External" -AdapterName "Ethernet 2" -SubnetPolicies @(@{Type = "VSID"; VSID = 9999; })
-  - path: C:\configure-ssh.ps1
+  - path: C:/configure-ssh.ps1
     permissions: "0744"
     content: |
-      [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String("${AZURE_SSH_PUBLIC_KEY_B64:=''}")) > C:\ProgramData\ssh\administrators_authorized_keys
-      icacls C:\ProgramData\ssh\administrators_authorized_keys /remove "NT AUTHORITY\Authenticated Users"
-      icacls C:\ProgramData\ssh\administrators_authorized_keys /inheritance:r
-      icacls C:\ProgramData\ssh\administrators_authorized_keys /grant SYSTEM:`(F`)
-      icacls C:\ProgramData\ssh\administrators_authorized_keys /grant BUILTIN\Administrators:`(F`)
+      [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String("${AZURE_SSH_PUBLIC_KEY_B64:=''}")) | Add-Content C:/ProgramData/ssh/administrators_authorized_keys
+      icacls C:/ProgramData/ssh/administrators_authorized_keys /remove "NT AUTHORITY\Authenticated Users"
+      icacls C:/ProgramData/ssh/administrators_authorized_keys /inheritance:r
+      icacls C:/ProgramData/ssh/administrators_authorized_keys /grant SYSTEM:F
+      icacls C:/ProgramData/ssh/administrators_authorized_keys /grant BUILTIN\Administrators:F
       restart-service sshd

templates/flavors/windows/machine-deployment-windows.yaml

@@ -48,8 +48,8 @@ spec:
   template:
     spec:
       preKubeadmCommands:
-        - powershell c:\create-external-network.ps1
-        - powershell c:\configure-ssh.ps1
+        - powershell c:/create-external-network.ps1
+        - powershell c:/configure-ssh.ps1
       joinConfiguration:
         nodeRegistration:
           name: '{{ ds.meta_data["local_hostname"] }}'
@@ -65,20 +65,20 @@ spec:
         owner: root:root
         path: c:/k/azure.json
         permissions: "0644"
-      - path: C:\create-external-network.ps1
+      - path: C:/create-external-network.ps1
         permissions: "0744"
         content: |
           # required as a work around for Flannel and Wins bugs
           # https://github.com/coreos/flannel/issues/1359
           # https://github.com/kubernetes-sigs/sig-windows-tools/issues/103#issuecomment-709426828
           ipmo C:\k\debug\hns.psm1;
           New-HnsNetwork -Type Overlay -AddressPrefix "192.168.255.0/30" -Gateway "192.168.255.1" -Name "External" -AdapterName "Ethernet 2" -SubnetPolicies @(@{Type = "VSID"; VSID = 9999; })
-      - path: C:\configure-ssh.ps1
+      - path: C:/configure-ssh.ps1
         permissions: "0744"
         content: |
-          [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String("${AZURE_SSH_PUBLIC_KEY_B64:=''}")) | Add-Content C:\ProgramData\ssh\administrators_authorized_keys
-          icacls C:\ProgramData\ssh\administrators_authorized_keys /remove "NT AUTHORITY\Authenticated Users"
-          icacls C:\ProgramData\ssh\administrators_authorized_keys /inheritance:r
-          icacls C:\ProgramData\ssh\administrators_authorized_keys /grant SYSTEM:`(F`)
-          icacls C:\ProgramData\ssh\administrators_authorized_keys /grant BUILTIN\Administrators:`(F`)
-          restart-service sshd
+          [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String("${AZURE_SSH_PUBLIC_KEY_B64:=''}")) | Add-Content C:/ProgramData/ssh/administrators_authorized_keys
+          icacls C:/ProgramData/ssh/administrators_authorized_keys /remove "NT AUTHORITY\Authenticated Users"
+          icacls C:/ProgramData/ssh/administrators_authorized_keys /inheritance:r
+          icacls C:/ProgramData/ssh/administrators_authorized_keys /grant SYSTEM:F
+          icacls C:/ProgramData/ssh/administrators_authorized_keys /grant BUILTIN\Administrators:F
+          restart-service sshd

templates/test/cluster-template-prow-machine-pool-windows.yaml

@@ -257,16 +257,16 @@ spec:
       # https://github.com/kubernetes-sigs/sig-windows-tools/issues/103#issuecomment-709426828
       ipmo C:\k\debug\hns.psm1;
       New-HnsNetwork -Type Overlay -AddressPrefix "192.168.255.0/30" -Gateway "192.168.255.1" -Name "External" -AdapterName "Ethernet 2" -SubnetPolicies @(@{Type = "VSID"; VSID = 9999; })
-    path: C:\create-external-network.ps1
+    path: C:/create-external-network.ps1
     permissions: "0744"
   - content: |
-      [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String("${AZURE_SSH_PUBLIC_KEY_B64:=''}")) > C:\ProgramData\ssh\administrators_authorized_keys
-      icacls C:\ProgramData\ssh\administrators_authorized_keys /remove "NT AUTHORITY\Authenticated Users"
-      icacls C:\ProgramData\ssh\administrators_authorized_keys /inheritance:r
-      icacls C:\ProgramData\ssh\administrators_authorized_keys /grant SYSTEM:`(F`)
-      icacls C:\ProgramData\ssh\administrators_authorized_keys /grant BUILTIN\Administrators:`(F`)
+      [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String("${AZURE_SSH_PUBLIC_KEY_B64:=''}")) | Add-Content C:/ProgramData/ssh/administrators_authorized_keys
+      icacls C:/ProgramData/ssh/administrators_authorized_keys /remove "NT AUTHORITY\Authenticated Users"
+      icacls C:/ProgramData/ssh/administrators_authorized_keys /inheritance:r
+      icacls C:/ProgramData/ssh/administrators_authorized_keys /grant SYSTEM:F
+      icacls C:/ProgramData/ssh/administrators_authorized_keys /grant BUILTIN\Administrators:F
       restart-service sshd
-    path: C:\configure-ssh.ps1
+    path: C:/configure-ssh.ps1
     permissions: "0744"
   joinConfiguration:
     nodeRegistration:
@@ -276,8 +276,8 @@ spec:
         pod-infra-container-image: mcr.microsoft.com/oss/kubernetes/pause:1.4.1
       name: '{{ ds.meta_data["local_hostname"] }}'
   preKubeadmCommands:
-  - powershell c:\create-external-network.ps1
-  - powershell c:\configure-ssh.ps1
+  - powershell c:/create-external-network.ps1
+  - powershell c:/configure-ssh.ps1
 ---
 apiVersion: v1
 data: ${CNI_RESOURCES_WINDOWS}
@@ -299,24 +299,3 @@ spec:
   - kind: ConfigMap
     name: cni-${CLUSTER_NAME}-crs-0
   strategy: ApplyOnce
----
-apiVersion: v1
-data: ${WINDOWS_RESOURCES_KUBEPROXY}
-kind: ConfigMap
-metadata:
-  name: kubeproxy-${CLUSTER_NAME}-crs-0
-  namespace: default
----
-apiVersion: addons.cluster.x-k8s.io/v1alpha3
-kind: ClusterResourceSet
-metadata:
-  name: win-kubeproxy-${CLUSTER_NAME}-crs-0
-  namespace: default
-spec:
-  clusterSelector:
-    matchLabels:
-      cni: ${CLUSTER_NAME}-crs-0
-  resources:
-  - kind: ConfigMap
-    name: kubeproxy-${CLUSTER_NAME}-crs-0
-  strategy: ApplyOnce