From 20497c9ddcc88db5fb9d2f071f9c40825e44586f Mon Sep 17 00:00:00 2001 From: Katherine Chen Date: Thu, 26 Feb 2026 16:35:45 +1100 Subject: [PATCH 01/11] Test eastus --- scripts/aks/aks_env.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/aks/aks_env.sh b/scripts/aks/aks_env.sh index eb1f7a5f..acb10b83 100644 --- a/scripts/aks/aks_env.sh +++ b/scripts/aks/aks_env.sh @@ -15,7 +15,7 @@ else fi export RESOURCE_GROUP="opr-e2e-aks${RUN_SUFFIX}" -export LOCATION="westus" +export LOCATION="eastus" export VNET_NAME="opr-e2e-vnet${RUN_SUFFIX}" export PUBLIC_IP_ADDRESS_NAME="opr-e2e-ip${RUN_SUFFIX}" export NAT_GATEWAY_NAME="opr-e2e-nat${RUN_SUFFIX}" From a6a34ce8d3b194227bd6895744a7e928abe71cb9 Mon Sep 17 00:00:00 2001 From: Katherine Chen Date: Thu, 26 Feb 2026 16:43:32 +1100 Subject: [PATCH 02/11] Use kcc-UID2-6321-reenable-aks-e2e --- .github/workflows/shared-run-e2e-tests.yaml | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/.github/workflows/shared-run-e2e-tests.yaml b/.github/workflows/shared-run-e2e-tests.yaml index 459647dc..31559864 100644 --- a/.github/workflows/shared-run-e2e-tests.yaml +++ b/.github/workflows/shared-run-e2e-tests.yaml @@ -151,7 +151,7 @@ jobs: - name: Checkout uid2-shared-actions repo uses: actions/checkout@v4 with: - ref: v3 + ref: kcc-UID2-6321-reenable-aks-e2e repository: IABTechLab/uid2-shared-actions path: uid2-shared-actions @@ -207,7 +207,7 @@ jobs: - name: Start AKS cluster id: start_aks_cluster if: ${{ inputs.operator_type == 'aks' }} - uses: IABTechLab/uid2-shared-actions/actions/start_aks_cluster@v3 + uses: IABTechLab/uid2-shared-actions/actions/start_aks_cluster@kcc-UID2-6321-reenable-aks-e2e with: azure_credentials: ${{ secrets.AZURE_CREDENTIALS }} run_id: ${{ github.run_id }} @@ -226,7 +226,7 @@ jobs: - name: Prepare AKS metadata id: prepare_aks_metadata if: ${{ inputs.operator_type == 'aks' }} - uses: IABTechLab/uid2-shared-actions/actions/prepare_aks_metadata@v3 + uses: IABTechLab/uid2-shared-actions/actions/prepare_aks_metadata@kcc-UID2-6321-reenable-aks-e2e with: operator_image_version: ${{ inputs.operator_image_version }} target_environment: ${{ inputs.target_environment }} @@ -292,7 +292,7 @@ jobs: - name: Start AKS private operator id: start_aks_private_operator if: ${{ inputs.operator_type == 'aks' }} - uses: IABTechLab/uid2-shared-actions/actions/start_aks_private_operator@v3 + uses: IABTechLab/uid2-shared-actions/actions/start_aks_private_operator@kcc-UID2-6321-reenable-aks-e2e with: template_file: ${{ steps.prepare_aks_metadata.outputs.template_file }} azure_credentials: ${{ secrets.AZURE_CREDENTIALS }} @@ -316,7 +316,7 @@ jobs: - name: Run E2E tests id: e2e - uses: IABTechLab/uid2-shared-actions/actions/run_e2e_tests@v3 + uses: IABTechLab/uid2-shared-actions/actions/run_e2e_tests@kcc-UID2-6321-reenable-aks-e2e with: e2e_network: ${{ steps.decide_env_var.outputs.e2e_network }} e2e_image_version: ${{ inputs.e2e_image_version }} @@ -377,7 +377,7 @@ jobs: - name: Checkout uid2-shared-actions repo uses: actions/checkout@v4 with: - ref: v3 + ref: kcc-UID2-6321-reenable-aks-e2e repository: IABTechLab/uid2-shared-actions path: uid2-shared-actions @@ -406,7 +406,7 @@ jobs: - name: Stop AKS private operator if: ${{ inputs.operator_type == 'aks' }} - uses: IABTechLab/uid2-shared-actions/actions/stop_aks_private_operator@v3 + uses: IABTechLab/uid2-shared-actions/actions/stop_aks_private_operator@kcc-UID2-6321-reenable-aks-e2e with: azure_credentials: ${{ secrets.AZURE_CREDENTIALS }} run_id: ${{ github.run_id }} From adf7516301e3f994241add179f91c253c75e169c Mon Sep 17 00:00:00 2001 From: Katherine Chen Date: Tue, 3 Mar 2026 09:26:59 +1100 Subject: [PATCH 03/11] Disable e2e test cleanup --- .github/workflows/shared-run-e2e-tests.yaml | 94 ++++++++++----------- 1 file changed, 47 insertions(+), 47 deletions(-) diff --git a/.github/workflows/shared-run-e2e-tests.yaml b/.github/workflows/shared-run-e2e-tests.yaml index 31559864..db0fb896 100644 --- a/.github/workflows/shared-run-e2e-tests.yaml +++ b/.github/workflows/shared-run-e2e-tests.yaml @@ -363,50 +363,50 @@ jobs: run: | bash uid2-shared-actions/scripts/aks/stop_aks_enclave.sh - e2e-test-cleanup: - name: E2E Test Cleanup (Delayed Operator Shutdown) - if: ${{ always() && inputs.delay_operator_shutdown && inputs.operator_type != 'public' }} - needs: [e2e-test] - runs-on: ubuntu-latest - environment: 'e2e-test-cleanup' - permissions: - contents: write - packages: read - id-token: write - steps: - - name: Checkout uid2-shared-actions repo - uses: actions/checkout@v4 - with: - ref: kcc-UID2-6321-reenable-aks-e2e - repository: IABTechLab/uid2-shared-actions - path: uid2-shared-actions - - - name: Stop GCP private operator - if: ${{ inputs.operator_type == 'gcp' }} - uses: IABTechLab/uid2-shared-actions/actions/stop_gcp_private_operator@v3 - with: - gcp_project: ${{ inputs.gcp_project }} - gcp_service_account: ${{ inputs.gcp_service_account }} - gcp_workload_identity_provider_id: ${{ inputs.gcp_workload_identity_provider_id }} - gcp_instance_name: ${{ needs.e2e-test.outputs.gcp_instance_name }} - - - name: Stop Azure private operator - if: ${{ inputs.operator_type == 'azure' }} - uses: IABTechLab/uid2-shared-actions/actions/stop_azure_private_operator@v3 - with: - azure_credentials: ${{ secrets.AZURE_CREDENTIALS }} - azure_container_group_name: ${{ needs.e2e-test.outputs.azure_container_group_name }} - - - name: Stop AWS private operator - if: ${{ inputs.operator_type == 'aws' }} - uses: IABTechLab/uid2-shared-actions/actions/stop_aws_private_operator@v3 - with: - aws_stack_name: ${{ needs.e2e-test.outputs.aws_stack_name }} - aws_region: ${{ inputs.aws_region }} - - - name: Stop AKS private operator - if: ${{ inputs.operator_type == 'aks' }} - uses: IABTechLab/uid2-shared-actions/actions/stop_aks_private_operator@kcc-UID2-6321-reenable-aks-e2e - with: - azure_credentials: ${{ secrets.AZURE_CREDENTIALS }} - run_id: ${{ github.run_id }} + # e2e-test-cleanup: + # name: E2E Test Cleanup (Delayed Operator Shutdown) + # if: ${{ always() && inputs.delay_operator_shutdown && inputs.operator_type != 'public' }} + # needs: [e2e-test] + # runs-on: ubuntu-latest + # environment: 'e2e-test-cleanup' + # permissions: + # contents: write + # packages: read + # id-token: write + # steps: + # - name: Checkout uid2-shared-actions repo + # uses: actions/checkout@v4 + # with: + # ref: kcc-UID2-6321-reenable-aks-e2e + # repository: IABTechLab/uid2-shared-actions + # path: uid2-shared-actions + + # - name: Stop GCP private operator + # if: ${{ inputs.operator_type == 'gcp' }} + # uses: IABTechLab/uid2-shared-actions/actions/stop_gcp_private_operator@v3 + # with: + # gcp_project: ${{ inputs.gcp_project }} + # gcp_service_account: ${{ inputs.gcp_service_account }} + # gcp_workload_identity_provider_id: ${{ inputs.gcp_workload_identity_provider_id }} + # gcp_instance_name: ${{ needs.e2e-test.outputs.gcp_instance_name }} + + # - name: Stop Azure private operator + # if: ${{ inputs.operator_type == 'azure' }} + # uses: IABTechLab/uid2-shared-actions/actions/stop_azure_private_operator@v3 + # with: + # azure_credentials: ${{ secrets.AZURE_CREDENTIALS }} + # azure_container_group_name: ${{ needs.e2e-test.outputs.azure_container_group_name }} + + # - name: Stop AWS private operator + # if: ${{ inputs.operator_type == 'aws' }} + # uses: IABTechLab/uid2-shared-actions/actions/stop_aws_private_operator@v3 + # with: + # aws_stack_name: ${{ needs.e2e-test.outputs.aws_stack_name }} + # aws_region: ${{ inputs.aws_region }} + + # - name: Stop AKS private operator + # if: ${{ inputs.operator_type == 'aks' }} + # uses: IABTechLab/uid2-shared-actions/actions/stop_aks_private_operator@kcc-UID2-6321-reenable-aks-e2e + # with: + # azure_credentials: ${{ secrets.AZURE_CREDENTIALS }} + # run_id: ${{ github.run_id }} From 4ade2cf8791f51fac19015edf2d2eb5844e2c0cb Mon Sep 17 00:00:00 2001 From: Katherine Chen Date: Tue, 3 Mar 2026 16:46:32 +1100 Subject: [PATCH 04/11] Change back to westus --- scripts/aks/aks_env.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/aks/aks_env.sh b/scripts/aks/aks_env.sh index acb10b83..eb1f7a5f 100644 --- a/scripts/aks/aks_env.sh +++ b/scripts/aks/aks_env.sh @@ -15,7 +15,7 @@ else fi export RESOURCE_GROUP="opr-e2e-aks${RUN_SUFFIX}" -export LOCATION="eastus" +export LOCATION="westus" export VNET_NAME="opr-e2e-vnet${RUN_SUFFIX}" export PUBLIC_IP_ADDRESS_NAME="opr-e2e-ip${RUN_SUFFIX}" export NAT_GATEWAY_NAME="opr-e2e-nat${RUN_SUFFIX}" From 0cb9070a82dc880976e6a7213175ac7089b3c439 Mon Sep 17 00:00:00 2001 From: Katherine Chen Date: Wed, 4 Mar 2026 08:31:49 +1100 Subject: [PATCH 05/11] Remove identity --- scripts/aks/prepare_aks_artifacts.sh | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/scripts/aks/prepare_aks_artifacts.sh b/scripts/aks/prepare_aks_artifacts.sh index 8635c9b3..be1cbbe3 100644 --- a/scripts/aks/prepare_aks_artifacts.sh +++ b/scripts/aks/prepare_aks_artifacts.sh @@ -110,7 +110,10 @@ else # Generate deployment template cp ${INPUT_TEMPLATE_FILE} ${OUTPUT_TEMPLATE_FILE} sed -i "s#IMAGE_PLACEHOLDER#${IMAGE}#g" ${OUTPUT_TEMPLATE_FILE} - sed -i "s#IDENTITY_PLACEHOLDER#${MANAGED_IDENTITY_ID}#g" "${OUTPUT_TEMPLATE_FILE}" + # TODO: Commented out for testing identity-related 409 conflict issue with MS support + # sed -i "s#IDENTITY_PLACEHOLDER#${MANAGED_IDENTITY_ID}#g" "${OUTPUT_TEMPLATE_FILE}" + # Remove the identity annotation entirely for testing + sed -i '/microsoft.containerinstance.virtualnode.identity/d' "${OUTPUT_TEMPLATE_FILE}" sed -i "s#VAULT_NAME_PLACEHOLDER#${KEYVAULT_NAME}#g" "${OUTPUT_TEMPLATE_FILE}" sed -i "s#OPERATOR_KEY_SECRET_NAME_PLACEHOLDER#${KEYVAULT_SECRET_NAME}#g" "${OUTPUT_TEMPLATE_FILE}" sed -i "s#DEPLOYMENT_ENVIRONMENT_PLACEHOLDER#integ#g" "${OUTPUT_TEMPLATE_FILE}" From 66cf6d93e08998e3dc7e062943cfa67b9f7bb1c4 Mon Sep 17 00:00:00 2001 From: Katherine Chen Date: Wed, 4 Mar 2026 08:40:19 +1100 Subject: [PATCH 06/11] Add debug message --- scripts/aks/prepare_aks_artifacts.sh | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/scripts/aks/prepare_aks_artifacts.sh b/scripts/aks/prepare_aks_artifacts.sh index be1cbbe3..3fb5c564 100644 --- a/scripts/aks/prepare_aks_artifacts.sh +++ b/scripts/aks/prepare_aks_artifacts.sh @@ -139,6 +139,11 @@ else fi # The previous pipe will be stored in ${OUTPUT_POLICY_DIGEST_FILE} as well. The below command is to remove the prompt and only extract the enclave id. sed -i 's/.*(y\/n) //g' "${OUTPUT_POLICY_DIGEST_FILE}" + + # Print the generated template file with CCE policy + echo "=== Generated operator.yaml with CCE policy ===" + cat ${OUTPUT_TEMPLATE_FILE} + echo "=== End of operator.yaml ===" fi if [ -z "${GITHUB_OUTPUT}" ]; then From dcf3ff5535453ee8c299ae08cacc39aff0c20dde Mon Sep 17 00:00:00 2001 From: Katherine Chen Date: Wed, 4 Mar 2026 15:21:50 +1100 Subject: [PATCH 07/11] Update virtual node install method --- scripts/aks/prepare_aks_artifacts.sh | 5 +---- scripts/aks/start_aks_cluster.sh | 33 ++++++++++++++++++++++------ 2 files changed, 27 insertions(+), 11 deletions(-) diff --git a/scripts/aks/prepare_aks_artifacts.sh b/scripts/aks/prepare_aks_artifacts.sh index 3fb5c564..68d7d83b 100644 --- a/scripts/aks/prepare_aks_artifacts.sh +++ b/scripts/aks/prepare_aks_artifacts.sh @@ -110,10 +110,7 @@ else # Generate deployment template cp ${INPUT_TEMPLATE_FILE} ${OUTPUT_TEMPLATE_FILE} sed -i "s#IMAGE_PLACEHOLDER#${IMAGE}#g" ${OUTPUT_TEMPLATE_FILE} - # TODO: Commented out for testing identity-related 409 conflict issue with MS support - # sed -i "s#IDENTITY_PLACEHOLDER#${MANAGED_IDENTITY_ID}#g" "${OUTPUT_TEMPLATE_FILE}" - # Remove the identity annotation entirely for testing - sed -i '/microsoft.containerinstance.virtualnode.identity/d' "${OUTPUT_TEMPLATE_FILE}" + sed -i "s#IDENTITY_PLACEHOLDER#${MANAGED_IDENTITY_ID}#g" "${OUTPUT_TEMPLATE_FILE}" sed -i "s#VAULT_NAME_PLACEHOLDER#${KEYVAULT_NAME}#g" "${OUTPUT_TEMPLATE_FILE}" sed -i "s#OPERATOR_KEY_SECRET_NAME_PLACEHOLDER#${KEYVAULT_SECRET_NAME}#g" "${OUTPUT_TEMPLATE_FILE}" sed -i "s#DEPLOYMENT_ENVIRONMENT_PLACEHOLDER#integ#g" "${OUTPUT_TEMPLATE_FILE}" diff --git a/scripts/aks/start_aks_cluster.sh b/scripts/aks/start_aks_cluster.sh index d8c39a63..3034edb7 100644 --- a/scripts/aks/start_aks_cluster.sh +++ b/scripts/aks/start_aks_cluster.sh @@ -106,13 +106,32 @@ az role assignment create \ # Setup AKS Cluster az aks get-credentials --name ${AKS_CLUSTER_NAME} --resource-group ${RESOURCE_GROUP} az provider register -n Microsoft.ContainerInstance -git clone https://github.com/microsoft/virtualnodesOnAzureContainerInstances.git -helm install virtualnode virtualnodesOnAzureContainerInstances/Helm/virtualnode -# Wait for virtualnode-0 to appear -echo "Waiting for virtualnode-0 to be ready..." -while ! kubectl get nodes | grep -q "virtualnode-0"; do - echo "virtualnode-0 not found yet, waiting 10 seconds..." + +# --- Option 1: OSS/Helm Virtual Node Installation (COMMENTED OUT for testing) --- +# git clone https://github.com/microsoft/virtualnodesOnAzureContainerInstances.git +# helm install virtualnode virtualnodesOnAzureContainerInstances/Helm/virtualnode +# # Wait for virtualnode-0 to appear +# echo "Waiting for virtualnode-0 to be ready..." +# while ! kubectl get nodes | grep -q "virtualnode-0"; do +# echo "virtualnode-0 not found yet, waiting 10 seconds..." +# sleep 10 +# done +# echo "virtualnode-0 is ready!" +# kubectl get nodes + +# --- Option 2: Built-in AKS Virtual Nodes Addon (MS Support recommended for testing) --- +# Reference: https://learn.microsoft.com/azure/aks/virtual-nodes-cli +az aks enable-addons \ + --resource-group ${RESOURCE_GROUP} \ + --name ${AKS_CLUSTER_NAME} \ + --addons virtual-node \ + --subnet-name cg + +# Wait for virtual-node-aci-linux to appear (built-in addon uses this name) +echo "Waiting for virtual-node-aci-linux to be ready..." +while ! kubectl get nodes | grep -q "virtual-node-aci-linux"; do + echo "virtual-node-aci-linux not found yet, waiting 10 seconds..." sleep 10 done -echo "virtualnode-0 is ready!" +echo "virtual-node-aci-linux is ready!" kubectl get nodes \ No newline at end of file From db5ee3a07ea0ce0150df73c41db2d55587f77e8e Mon Sep 17 00:00:00 2001 From: Katherine Chen Date: Wed, 4 Mar 2026 15:22:05 +1100 Subject: [PATCH 08/11] Update to eastus --- scripts/aks/aks_env.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/aks/aks_env.sh b/scripts/aks/aks_env.sh index eb1f7a5f..acb10b83 100644 --- a/scripts/aks/aks_env.sh +++ b/scripts/aks/aks_env.sh @@ -15,7 +15,7 @@ else fi export RESOURCE_GROUP="opr-e2e-aks${RUN_SUFFIX}" -export LOCATION="westus" +export LOCATION="eastus" export VNET_NAME="opr-e2e-vnet${RUN_SUFFIX}" export PUBLIC_IP_ADDRESS_NAME="opr-e2e-ip${RUN_SUFFIX}" export NAT_GATEWAY_NAME="opr-e2e-nat${RUN_SUFFIX}" From 4e47167d4d9e69ac9bac8613cbe46e38a577efb0 Mon Sep 17 00:00:00 2001 From: Katherine Chen Date: Wed, 11 Mar 2026 20:36:35 +1100 Subject: [PATCH 09/11] Implement max's comment --- scripts/aks/aks_env.sh | 2 +- scripts/aks/start_aks_cluster.sh | 55 ++++++++++++++++++++++++-------- 2 files changed, 43 insertions(+), 14 deletions(-) diff --git a/scripts/aks/aks_env.sh b/scripts/aks/aks_env.sh index acb10b83..5a0b5399 100644 --- a/scripts/aks/aks_env.sh +++ b/scripts/aks/aks_env.sh @@ -15,7 +15,7 @@ else fi export RESOURCE_GROUP="opr-e2e-aks${RUN_SUFFIX}" -export LOCATION="eastus" +export LOCATION="westus3" export VNET_NAME="opr-e2e-vnet${RUN_SUFFIX}" export PUBLIC_IP_ADDRESS_NAME="opr-e2e-ip${RUN_SUFFIX}" export NAT_GATEWAY_NAME="opr-e2e-nat${RUN_SUFFIX}" diff --git a/scripts/aks/start_aks_cluster.sh b/scripts/aks/start_aks_cluster.sh index 3034edb7..3933ff6a 100644 --- a/scripts/aks/start_aks_cluster.sh +++ b/scripts/aks/start_aks_cluster.sh @@ -121,17 +121,46 @@ az provider register -n Microsoft.ContainerInstance # --- Option 2: Built-in AKS Virtual Nodes Addon (MS Support recommended for testing) --- # Reference: https://learn.microsoft.com/azure/aks/virtual-nodes-cli -az aks enable-addons \ - --resource-group ${RESOURCE_GROUP} \ - --name ${AKS_CLUSTER_NAME} \ - --addons virtual-node \ - --subnet-name cg - -# Wait for virtual-node-aci-linux to appear (built-in addon uses this name) -echo "Waiting for virtual-node-aci-linux to be ready..." -while ! kubectl get nodes | grep -q "virtual-node-aci-linux"; do - echo "virtual-node-aci-linux not found yet, waiting 10 seconds..." - sleep 10 -done -echo "virtual-node-aci-linux is ready!" +# COMMENTED OUT for MS support call - they will help install Virtual Node manually +# az aks enable-addons \ +# --resource-group ${RESOURCE_GROUP} \ +# --name ${AKS_CLUSTER_NAME} \ +# --addons virtual-node \ +# --subnet-name cg + +# # Grant the ACI connector identity permission to access the VNet +# # The built-in addon creates its own managed identity that needs Network Contributor role +# echo "Granting ACI connector identity access to VNet..." +# ACI_CONNECTOR_IDENTITY_OBJECT_ID=$(az aks show \ +# --resource-group ${RESOURCE_GROUP} \ +# --name ${AKS_CLUSTER_NAME} \ +# --query "addonProfiles.aciConnectorLinux.identity.objectId" \ +# --output tsv) + +# VNET_ID=$(az network vnet show \ +# --resource-group ${RESOURCE_GROUP} \ +# --name ${VNET_NAME} \ +# --query id \ +# --output tsv) + +# az role assignment create \ +# --assignee-object-id ${ACI_CONNECTOR_IDENTITY_OBJECT_ID} \ +# --assignee-principal-type ServicePrincipal \ +# --scope ${VNET_ID} \ +# --role "Network Contributor" + +# echo "Role assignment created. Restarting ACI connector pod..." +# kubectl delete pod -n kube-system -l app=aci-connector-linux + +# # Wait for virtual-node-aci-linux to appear (built-in addon uses this name) +# echo "Waiting for virtual-node-aci-linux to be ready..." +# while ! kubectl get nodes | grep -q "virtual-node-aci-linux"; do +# echo "virtual-node-aci-linux not found yet, waiting 10 seconds..." +# sleep 10 +# done +# echo "virtual-node-aci-linux is ready!" +# kubectl get nodes + +echo "=== AKS cluster setup complete ===" +echo "Virtual Node installation skipped - ready for MS support call" kubectl get nodes \ No newline at end of file From 14cf9c930c3e67e90a19b0fd45e6ab5e3f49286c Mon Sep 17 00:00:00 2001 From: Katherine Chen Date: Thu, 12 Mar 2026 14:02:39 +1100 Subject: [PATCH 10/11] Use East US --- scripts/aks/aks_env.sh | 2 +- scripts/aks/start_aks_cluster.sh | 63 +++++--------------------------- 2 files changed, 11 insertions(+), 54 deletions(-) diff --git a/scripts/aks/aks_env.sh b/scripts/aks/aks_env.sh index 5a0b5399..acb10b83 100644 --- a/scripts/aks/aks_env.sh +++ b/scripts/aks/aks_env.sh @@ -15,7 +15,7 @@ else fi export RESOURCE_GROUP="opr-e2e-aks${RUN_SUFFIX}" -export LOCATION="westus3" +export LOCATION="eastus" export VNET_NAME="opr-e2e-vnet${RUN_SUFFIX}" export PUBLIC_IP_ADDRESS_NAME="opr-e2e-ip${RUN_SUFFIX}" export NAT_GATEWAY_NAME="opr-e2e-nat${RUN_SUFFIX}" diff --git a/scripts/aks/start_aks_cluster.sh b/scripts/aks/start_aks_cluster.sh index 3933ff6a..86a6e890 100644 --- a/scripts/aks/start_aks_cluster.sh +++ b/scripts/aks/start_aks_cluster.sh @@ -107,59 +107,16 @@ az role assignment create \ az aks get-credentials --name ${AKS_CLUSTER_NAME} --resource-group ${RESOURCE_GROUP} az provider register -n Microsoft.ContainerInstance -# --- Option 1: OSS/Helm Virtual Node Installation (COMMENTED OUT for testing) --- -# git clone https://github.com/microsoft/virtualnodesOnAzureContainerInstances.git -# helm install virtualnode virtualnodesOnAzureContainerInstances/Helm/virtualnode -# # Wait for virtualnode-0 to appear -# echo "Waiting for virtualnode-0 to be ready..." -# while ! kubectl get nodes | grep -q "virtualnode-0"; do -# echo "virtualnode-0 not found yet, waiting 10 seconds..." -# sleep 10 -# done -# echo "virtualnode-0 is ready!" -# kubectl get nodes - -# --- Option 2: Built-in AKS Virtual Nodes Addon (MS Support recommended for testing) --- -# Reference: https://learn.microsoft.com/azure/aks/virtual-nodes-cli -# COMMENTED OUT for MS support call - they will help install Virtual Node manually -# az aks enable-addons \ -# --resource-group ${RESOURCE_GROUP} \ -# --name ${AKS_CLUSTER_NAME} \ -# --addons virtual-node \ -# --subnet-name cg - -# # Grant the ACI connector identity permission to access the VNet -# # The built-in addon creates its own managed identity that needs Network Contributor role -# echo "Granting ACI connector identity access to VNet..." -# ACI_CONNECTOR_IDENTITY_OBJECT_ID=$(az aks show \ -# --resource-group ${RESOURCE_GROUP} \ -# --name ${AKS_CLUSTER_NAME} \ -# --query "addonProfiles.aciConnectorLinux.identity.objectId" \ -# --output tsv) - -# VNET_ID=$(az network vnet show \ -# --resource-group ${RESOURCE_GROUP} \ -# --name ${VNET_NAME} \ -# --query id \ -# --output tsv) - -# az role assignment create \ -# --assignee-object-id ${ACI_CONNECTOR_IDENTITY_OBJECT_ID} \ -# --assignee-principal-type ServicePrincipal \ -# --scope ${VNET_ID} \ -# --role "Network Contributor" - -# echo "Role assignment created. Restarting ACI connector pod..." -# kubectl delete pod -n kube-system -l app=aci-connector-linux - -# # Wait for virtual-node-aci-linux to appear (built-in addon uses this name) -# echo "Waiting for virtual-node-aci-linux to be ready..." -# while ! kubectl get nodes | grep -q "virtual-node-aci-linux"; do -# echo "virtual-node-aci-linux not found yet, waiting 10 seconds..." -# sleep 10 -# done -# echo "virtual-node-aci-linux is ready!" -# kubectl get nodes +git clone https://github.com/microsoft/virtualnodesOnAzureContainerInstances.git +helm install virtualnode virtualnodesOnAzureContainerInstances/Helm/virtualnode +# Wait for virtualnode-0 to appear +echo "Waiting for virtualnode-0 to be ready..." +while ! kubectl get nodes | grep -q "virtualnode-0"; do + echo "virtualnode-0 not found yet, waiting 10 seconds..." + sleep 10 +done +echo "virtualnode-0 is ready!" +kubectl get nodes echo "=== AKS cluster setup complete ===" echo "Virtual Node installation skipped - ready for MS support call" From 919adfa5b0e230196f520625475ff1797fe78ef9 Mon Sep 17 00:00:00 2001 From: Katherine Chen Date: Wed, 18 Mar 2026 09:46:32 +1100 Subject: [PATCH 11/11] Change location to westus3 --- scripts/aks/aks_env.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/aks/aks_env.sh b/scripts/aks/aks_env.sh index acb10b83..5a0b5399 100644 --- a/scripts/aks/aks_env.sh +++ b/scripts/aks/aks_env.sh @@ -15,7 +15,7 @@ else fi export RESOURCE_GROUP="opr-e2e-aks${RUN_SUFFIX}" -export LOCATION="eastus" +export LOCATION="westus3" export VNET_NAME="opr-e2e-vnet${RUN_SUFFIX}" export PUBLIC_IP_ADDRESS_NAME="opr-e2e-ip${RUN_SUFFIX}" export NAT_GATEWAY_NAME="opr-e2e-nat${RUN_SUFFIX}"