Azure · AlisonB319 · Sep 12, 2024 · Sep 12, 2024 · Sep 12, 2024 · Sep 13, 2024
@@ -145,7 +145,7 @@ steps:
       -e PRIVATE_PACKAGES_URL="${PRIVATE_PACKAGES_URL}" \
       -e AZURE_MSI_RESOURCE_STRING=${AZURE_MSI_RESOURCE_STRING} \
       ${CONTAINER_IMAGE} make -f packer.mk run-packer
-    retryCountOnTaskFailure: 3
+    retryCountOnTaskFailure: 1 # for debugging
     displayName: Building VHD
   - bash: |
       OS_DISK_URI="$(cat packer-output | grep "OSDiskUri:" | cut -d " " -f 2)" && \

@@ -849,7 +849,7 @@
       }
     },
     {
-      "name": "containerd-wasm-spinkube",
+      "name": "spinkube",
       "downloadLocation": "/usr/local/bin",
       "downloadURIs": {
         "default": {

@@ -30,6 +30,7 @@ UBUNTU_OS_NAME="UBUNTU"
 MARINER_OS_NAME="MARINER"
 CPU_ARCH=""
 declare -a WASMSHIMPIDS=()
+declare -a SPINKUBEPIDS=()
 
 setCPUArch() {
     CPU_ARCH=$(getCPUArch)
@@ -200,96 +201,75 @@ downloadSecureTLSBootstrapKubeletExecPlugin() {
     fi
 }
 
+wasmFilesExist() {
+    local containerd_wasm_filepath=${1}
+    local shim_version=${2}
+    local shims_to_download=${3}
+    local version_suffix=${4}
+
+    local binary_version="$(echo "${shim_version}" | tr . -)"
+    for shim in "${shims_to_download[@]}"; do
+        if [ ! -f "${containerd_wasm_filepath}/containerd-shim-${shim}-${binary_version}-${version_suffix}" ]; then
+            return 1 # file is missing
+        fi
+    done
+    return 0 
+}
+
 # Install, download, update wasm must all be run from the same function call
 # in order to ensure WASMSHIMPIDS persists correctly since in bash a new
 # function call from install-dependnecies will create a new shell process.
 installContainerdWasmShims(){
     local download_location=${1}
     PACKAGE_DOWNLOAD_URL=${2}
     shift 2 # shift past the first 2 arguments to capture the list of versions
-    local package_versions=("$@")
+    local json_versions=("$@")
 
     local shims_to_download=("spin" "slight")
-    local version_suffix="-v1"
-    local mcr_registry_path="deislabs/containerd-wasm-shims"
-    local shim_filename="containerd-wasm-shims-linux-${CPU_ARCH}.tar.gz"
-    if [ "$shim_version" == "0.15.1" ]; then
-        version_suffix="-v2"
-        shims_to_download=("spin")
-        mcr_registry_path="spinkube/containerd-shim-spin"
-        shim_filename="containerd-shim-spin-v2"
-    elif [ "$shim_version" == "0.8.0" ]; then
-        shims_to_download+=("wws")
-    fi
-
+    package_versions=()
+    for version in "${json_versions[@]}"; do
+        if version == "0.8.0"; then
+            shims_to_download+=("wws")
+        fi
+        package_versions+=("v$version")
+    done
+
     for version in "${package_versions[@]}"; do
         containerd_wasm_url=$(evalPackageDownloadURL ${PACKAGE_DOWNLOAD_URL})
-        downloadContainerdWasmShims $download_location $containerd_wasm_url $version $shims_to_download $version_suffix $mcr_registry_path $shim_filename
+        downloadContainerdWasmShims $download_location $containerd_wasm_url $version $shims_to_download
     done
     wait ${WASMSHIMPIDS[@]}
     for version in "${package_versions[@]}"; do
-        updateContainerdWasmShimsPermissions $download_location $version $shims_to_download $version_suffix
+        updateContainerdWasmShimsPermissions $download_location $version $shims_to_download
     done
 }
 
-wasmFilesExist() {
-    local containerd_wasm_filepath=${1}
-    local shim_version=${2}
-    local shims_to_download=${3}
-    local version_suffix=${4}
-
-    local binary_version="$(echo "${shim_version}" | tr . -)"
-    for shim in "${shims_to_download[@]}"; do
-        if [ ! -f "${containerd_wasm_filepath}/containerd-shim-${shim}-v${binary_version}-${version_suffix}" ]; then
-            return 1 # file is missing
-        fi
-    done
-    return 0 
-}
-
 downloadContainerdWasmShims() {
     local containerd_wasm_filepath=${1}
     local containerd_wasm_url=${2}
     local shim_version=${3}
     local shims_to_download=${4}
-    local version_suffix=${5}
-    local mcr_registry_path=${6}
-    local shim_filename=${7}
-
     local binary_version="$(echo "${shim_version}" | tr . -)" # replaces . with - == 1.2.3 -> 1-2-3
 
-    echo "containerd_wasm_filepath: $containerd_wasm_filepath, containerd_wasm_url: $containerd_wasm_url, shim_version: $shim_version, binary_version: $binary_version, shims_to_download: ${shims_to_download[@]}, version_suffix: $version_suffix, mcr_registry_path: $mcr_registry_path, shim_filename: $shim_filename"
-
-    if wasmFilesExist "$containerd_wasm_filepath" "$shim_version" "$shims_to_download" "$version_suffix"; then
+    if wasmFilesExist "$containerd_wasm_filepath" "$shim_version" "$shims_to_download" "-v1"; then
         return
     fi
 
     # Oras download for WASM for Network Isolated Clusters
     BOOTSTRAP_PROFILE_CONTAINER_REGISTRY_SERVER="${BOOTSTRAP_PROFILE_CONTAINER_REGISTRY_SERVER:=}"
     if [[ ! -z ${BOOTSTRAP_PROFILE_CONTAINER_REGISTRY_SERVER} ]]; then
-        local registry_url="${BOOTSTRAP_PROFILE_CONTAINER_REGISTRY_SERVER}/oss/binaries/${mcr_registry_path}:v${shim_version}-linux-${CPU_ARCH}"
-        local wasm_shims_tgz_tmp="${containerd_wasm_filepath}/${shim_filename}"
-
-        # if shim version is 0.15.1, the downloaded binary is already named correctly, so no need to extract
-        # if shim version is not 0.15.1, extract the shims and rename them to match the binary version
-        if [ "$shim_version" == "0.15.1" ]; then
-            retrycmd_get_binary_from_registry_with_oras 120 5 "${wasm_shims_tgz_tmp}" "${registry_url}" || exit $ERR_ORAS_PULL_CONTAINERD_WASM
-            mv "${containerd_wasm_filepath}/containerd-shim-spin-${version_suffix}" "${containerd_wasm_filepath}/containerd-shim-spin-v${binary_version}${version_suffix}"
-        else
-            retrycmd_get_tarball_from_registry_with_oras 120 5 "${wasm_shims_tgz_tmp}" "${registry_url}" || exit $ERR_ORAS_PULL_CONTAINERD_WASM
-            tar -zxf "$wasm_shims_tgz_tmp" -C "$containerd_wasm_filepath"
-            for shim in "${shims_to_download[@]}"; do
-                mv "${containerd_wasm_filepath}/containerd-shim-${shim}-v${shim_version}${version_suffix}" "${containerd_wasm_filepath}/containerd-shim-${shim}-v${binary_version}${version_suffix}"
-            done
-        fi
+        local registry_url="${BOOTSTRAP_PROFILE_CONTAINER_REGISTRY_SERVER}/oss/binaries/deislabs/containerd-wasm-shims:v${shim_version}-linux-${CPU_ARCH}"
+        local wasm_shims_tgz_tmp=$containerd_wasm_filepath/containerd-wasm-shims-linux-${CPU_ARCH}.tar.gz
 
+        retrycmd_get_tarball_from_registry_with_oras 120 5 "${wasm_shims_tgz_tmp}" ${registry_url} || exit $ERR_ORAS_PULL_CONTAINERD_WASM
+        tar -zxf "$wasm_shims_tgz_tmp" -C $containerd_wasm_filepath
+        mv "$containerd_wasm_filepath/containerd-shim-*-v${shim_version}-v1" "$containerd_wasm_filepath/containerd-shim-*-${binary_version}-v1"
         rm -f "$wasm_shims_tgz_tmp"
         return
     fi
 
-    # install from acs-mirror
     for shim in "${shims_to_download[@]}"; do
-        retrycmd_if_failure 30 5 60 curl -fSLv -o "$containerd_wasm_filepath/containerd-shim-${shim}-v${binary_version}${version_suffix}" "$containerd_wasm_url/containerd-shim-${shim}-${version_suffix}" 2>&1 | tee $CURL_OUTPUT >/dev/null | grep -E "^(curl:.*)|([eE]rr.*)$" && (cat $CURL_OUTPUT && exit $ERR_KRUSTLET_DOWNLOAD_TIMEOUT) &
+        retrycmd_if_failure 30 5 60 curl -fSLv -o "$containerd_wasm_filepath/containerd-shim-${shim}-${binary_version}-v1" "$containerd_wasm_url/containerd-shim-${shim}-v1" 2>&1 | tee $CURL_OUTPUT >/dev/null | grep -E "^(curl:.*)|([eE]rr.*)$" && (cat $CURL_OUTPUT && exit $ERR_KRUSTLET_DOWNLOAD_TIMEOUT) &
         WASMSHIMPIDS+=($!)
     done
 }
@@ -298,25 +278,66 @@ updateContainerdWasmShimsPermissions() {
     local containerd_wasm_filepath=${1}
     local shim_version=${2}
     local shims_to_download=${3}
-    local version_suffix=${4}
-
     local binary_version="$(echo "${shim_version}" | tr . -)"
 
-    echo "Updating permissions containerd_wasm_filepath: $containerd_wasm_filepath, shim_version: $shim_version, binary_version: $binary_version, shims_to_download: ${shims_to_download[@]}, version_suffix: $version_suffix"
+    for shim in "${shims_to_download[@]}"; do
+        chmod 755 "$containerd_wasm_filepath/containerd-${shim}-spin-${binary_version}-v1"
+    done
+}
+
+installSpinKube(){
+    local download_location=${1}
+    PACKAGE_DOWNLOAD_URL=${2}
+    shift 2 # shift past the first 2 arguments to capture the list of versions
+    local json_versions=("$@")
+
+    package_versions=()
+    for version in "${json_versions[@]}"; do
+        package_versions+=("v$version")
+    done
+
+    for version in "${package_versions[@]}"; do
+        containerd_wasm_url=$(evalPackageDownloadURL ${PACKAGE_DOWNLOAD_URL})
+        downloadSpinKube $download_location $containerd_wasm_url $version
+    done
+    wait ${SPINKUBEPIDS[@]}
+    for version in "${package_versions[@]}"; do
+        updateSpinKubePermissions $download_location $version
+    done
+}
+
+downloadSpinKube(){
+    local containerd_wasm_filepath=${1}
+    local containerd_wasm_url=${2}
+    local shim_version=${3}
+    local binary_version="$(echo "${shim_version}" | tr . -)"
 
-    if [ "$shim_version" == "0.15.1" ]; then
-        echo "inside the 0.15.1: $shim_version"
-        chmod 755 "$containerd_wasm_filepath/containerd-shim-spin-v${binary_version}-${version_suffix}"
-        # spin shim v0.15.1 cannot be renamed: https://github.com/spinkube/containerd-shim-spin/issues/190
-        # so we rename the shim back to containerd-shim-spin-v2
-        mv "$containerd_wasm_filepath/containerd-shim-spin-v${binary_version}-${version_suffix}" "$containerd_wasm_filepath/containerd-shim-spin-${version_suffix}"
+    if wasmFilesExist "$containerd_wasm_filepath" "$shim_version" "spin" "-v2"; then
         return
     fi
 
-    for shim in "${shims_to_download[@]}"; do
-        echo "updating for shil: $shim ----> $containerd_wasm_filepath/containerd-shim-${shim}-v${binary_version}-${version_suffix}"
-        chmod 755 "$containerd_wasm_filepath/containerd-shim-${shim}-v${binary_version}-${version_suffix}"
-    done
+    BOOTSTRAP_PROFILE_CONTAINER_REGISTRY_SERVER="${BOOTSTRAP_PROFILE_CONTAINER_REGISTRY_SERVER:=}"
+    if [[ ! -z ${BOOTSTRAP_PROFILE_CONTAINER_REGISTRY_SERVER} ]]; then
+        local registry_url="${BOOTSTRAP_PROFILE_CONTAINER_REGISTRY_SERVER}/oss/binaries/spinkube/containerd-shim-spin:${shim_version}-linux-${CPU_ARCH}"
+        local wasm_shims_tgz_tmp="${containerd_wasm_filepath}/containerd-shim-spin-v2"
+        retrycmd_get_binary_from_registry_with_oras 120 5 "${wasm_shims_tgz_tmp}" "${registry_url}" || exit $ERR_ORAS_PULL_CONTAINERD_WASM
+        mv "${containerd_wasm_filepath}/containerd-shim-spin-v2" "${containerd_wasm_filepath}/containerd-shim-spin-${binary_version}-v2"
+        rm -f "$wasm_shims_tgz_tmp"
+        return 
+    fi
+
+    retrycmd_if_failure 30 5 60 curl -fSLv -o "$containerd_wasm_filepath/containerd-shim-spin-${binary_version}-v2" "$containerd_wasm_url/containerd-shim-spin-v2" 2>&1 | tee $CURL_OUTPUT >/dev/null | grep -E "^(curl:.*)|([eE]rr.*)$" && (cat $CURL_OUTPUT && exit $ERR_KRUSTLET_DOWNLOAD_TIMEOUT) &
+    SPINKUBEPIDS+=($!)
+}
+
+updateSpinKubePermissions() {
+    local containerd_wasm_filepath=${1}
+    local shim_version=${2}
+    local shims_to_download=${3}
+    local binary_version="$(echo "${shim_version}" | tr . -)"
+
+    chmod 755 "$containerd_wasm_filepath/containerd-shim-spin-${binary_version}-v2"
-    chmod 755 "$containerd_wasm_filepath/containerd-shim-spin-${binary_version}-v2"
+    chmod 755 "$containerd_wasm_filepath/containerd-shim-spin-v2"
-    chmod 755 "$containerd_wasm_filepath/containerd-shim-spin-${binary_version}-v2"
+    chmod 755 "$containerd_wasm_filepath/containerd-shim-spin-v2"
+    mv "$containerd_wasm_filepath/containerd-shim-spin-${binary_version}-v2" "$containerd_wasm_filepath/containerd-shim-spin-v2"
 }
 
 # TODO (alburgess) have oras version managed by dependant or Renovate

@@ -132,14 +132,18 @@ setupCNIDirs
 logs_to_events "AKS.CSE.installNetworkPlugin" installNetworkPlugin
 
 if [ "${IS_KRUSTLET}" == "true" ]; then
-    components_filepath="/opt/azure/components.json"
-    versions=$(jq -r '.Packages[] | select(.name == "containerd-wasm-shims") | .downloadURIs.default.current.versionsV2[].latestVersion' "$components_filepath")
-    downloadLocation=$(jq -r '.Packages[] | select(.name == "containerd-wasm-shims") | .downloadLocation' "$components_filepath")
-    downloadURL=$(jq -r '.Packages[] | select(.name == "containerd-wasm-shims") | .downloadURIs.default.current.downloadURL' "$components_filepath")
+    local components_filepath="/opt/azure/components.json"
 
-    logs_to_events "AKS.CSE.downloadKrustlet" installContainerdWasmShims "$downloadLocation" "$downloadURL" "$versions"
-fi
+    local versionsWasm=$(jq -r '.Packages[] | select(.name == "containerd-wasm-shims") | .downloadURIs.default.current.versionsV2[].latestVersion' "$components_filepath")
+    local downloadLocationWasm=$(jq -r '.Packages[] | select(.name == "containerd-wasm-shims") | .downloadLocation' "$components_filepath")
+    local downloadURLWasm=$(jq -r '.Packages[] | select(.name == "containerd-wasm-shims") | .downloadURIs.default.current.downloadURL' "$components_filepath")
+    logs_to_events "AKS.CSE.downloadKrustlet" installContainerdWasmShims "$downloadLocationWasm" "$downloadURLWasm" "$versionsWasm"
 
+    local versionsSpinKube=$(jq -r '.Packages[] | select(.name == spinkube") | .downloadURIs.default.current.versionsV2[].latestVersion' "$components_filepath")
+    local downloadLocationSpinKube=$(jq -r '.Packages[] | select(.name == "spinkube) | .downloadLocation' "$components_filepath")
+    local downloadURLSpinKube=$(jq -r '.Packages[] | select(.name == "spinkube") | .downloadURIs.default.current.downloadURL' "$components_filepath")
+    logs_to_events "AKS.CSE.downloadKrustlet" installSpinKube "$downloadURSpinKube" "$downloadLocationSpinKube" "$versionsSpinKube"
+fi
 
 if [ "${ENABLE_SECURE_TLS_BOOTSTRAPPING}" == "true" ]; then
     logs_to_events "AKS.CSE.downloadSecureTLSBootstrapKubeletExecPlugin" downloadSecureTLSBootstrapKubeletExecPlugin