From 20497c9ddcc88db5fb9d2f071f9c40825e44586f Mon Sep 17 00:00:00 2001 From: Katherine Chen Date: Thu, 26 Feb 2026 16:35:45 +1100 Subject: [PATCH 1/8] Test eastus --- scripts/aks/aks_env.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/aks/aks_env.sh b/scripts/aks/aks_env.sh index eb1f7a5f..acb10b83 100644 --- a/scripts/aks/aks_env.sh +++ b/scripts/aks/aks_env.sh @@ -15,7 +15,7 @@ else fi export RESOURCE_GROUP="opr-e2e-aks${RUN_SUFFIX}" -export LOCATION="westus" +export LOCATION="eastus" export VNET_NAME="opr-e2e-vnet${RUN_SUFFIX}" export PUBLIC_IP_ADDRESS_NAME="opr-e2e-ip${RUN_SUFFIX}" export NAT_GATEWAY_NAME="opr-e2e-nat${RUN_SUFFIX}" From a6a34ce8d3b194227bd6895744a7e928abe71cb9 Mon Sep 17 00:00:00 2001 From: Katherine Chen Date: Thu, 26 Feb 2026 16:43:32 +1100 Subject: [PATCH 2/8] Use kcc-UID2-6321-reenable-aks-e2e --- .github/workflows/shared-run-e2e-tests.yaml | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/.github/workflows/shared-run-e2e-tests.yaml b/.github/workflows/shared-run-e2e-tests.yaml index 459647dc..31559864 100644 --- a/.github/workflows/shared-run-e2e-tests.yaml +++ b/.github/workflows/shared-run-e2e-tests.yaml @@ -151,7 +151,7 @@ jobs: - name: Checkout uid2-shared-actions repo uses: actions/checkout@v4 with: - ref: v3 + ref: kcc-UID2-6321-reenable-aks-e2e repository: IABTechLab/uid2-shared-actions path: uid2-shared-actions @@ -207,7 +207,7 @@ jobs: - name: Start AKS cluster id: start_aks_cluster if: ${{ inputs.operator_type == 'aks' }} - uses: IABTechLab/uid2-shared-actions/actions/start_aks_cluster@v3 + uses: IABTechLab/uid2-shared-actions/actions/start_aks_cluster@kcc-UID2-6321-reenable-aks-e2e with: azure_credentials: ${{ secrets.AZURE_CREDENTIALS }} run_id: ${{ github.run_id }} @@ -226,7 +226,7 @@ jobs: - name: Prepare AKS metadata id: prepare_aks_metadata if: ${{ inputs.operator_type == 'aks' }} - uses: IABTechLab/uid2-shared-actions/actions/prepare_aks_metadata@v3 + uses: IABTechLab/uid2-shared-actions/actions/prepare_aks_metadata@kcc-UID2-6321-reenable-aks-e2e with: operator_image_version: ${{ inputs.operator_image_version }} target_environment: ${{ inputs.target_environment }} @@ -292,7 +292,7 @@ jobs: - name: Start AKS private operator id: start_aks_private_operator if: ${{ inputs.operator_type == 'aks' }} - uses: IABTechLab/uid2-shared-actions/actions/start_aks_private_operator@v3 + uses: IABTechLab/uid2-shared-actions/actions/start_aks_private_operator@kcc-UID2-6321-reenable-aks-e2e with: template_file: ${{ steps.prepare_aks_metadata.outputs.template_file }} azure_credentials: ${{ secrets.AZURE_CREDENTIALS }} @@ -316,7 +316,7 @@ jobs: - name: Run E2E tests id: e2e - uses: IABTechLab/uid2-shared-actions/actions/run_e2e_tests@v3 + uses: IABTechLab/uid2-shared-actions/actions/run_e2e_tests@kcc-UID2-6321-reenable-aks-e2e with: e2e_network: ${{ steps.decide_env_var.outputs.e2e_network }} e2e_image_version: ${{ inputs.e2e_image_version }} @@ -377,7 +377,7 @@ jobs: - name: Checkout uid2-shared-actions repo uses: actions/checkout@v4 with: - ref: v3 + ref: kcc-UID2-6321-reenable-aks-e2e repository: IABTechLab/uid2-shared-actions path: uid2-shared-actions @@ -406,7 +406,7 @@ jobs: - name: Stop AKS private operator if: ${{ inputs.operator_type == 'aks' }} - uses: IABTechLab/uid2-shared-actions/actions/stop_aks_private_operator@v3 + uses: IABTechLab/uid2-shared-actions/actions/stop_aks_private_operator@kcc-UID2-6321-reenable-aks-e2e with: azure_credentials: ${{ secrets.AZURE_CREDENTIALS }} run_id: ${{ github.run_id }} From adf7516301e3f994241add179f91c253c75e169c Mon Sep 17 00:00:00 2001 From: Katherine Chen Date: Tue, 3 Mar 2026 09:26:59 +1100 Subject: [PATCH 3/8] Disable e2e test cleanup --- .github/workflows/shared-run-e2e-tests.yaml | 94 ++++++++++----------- 1 file changed, 47 insertions(+), 47 deletions(-) diff --git a/.github/workflows/shared-run-e2e-tests.yaml b/.github/workflows/shared-run-e2e-tests.yaml index 31559864..db0fb896 100644 --- a/.github/workflows/shared-run-e2e-tests.yaml +++ b/.github/workflows/shared-run-e2e-tests.yaml @@ -363,50 +363,50 @@ jobs: run: | bash uid2-shared-actions/scripts/aks/stop_aks_enclave.sh - e2e-test-cleanup: - name: E2E Test Cleanup (Delayed Operator Shutdown) - if: ${{ always() && inputs.delay_operator_shutdown && inputs.operator_type != 'public' }} - needs: [e2e-test] - runs-on: ubuntu-latest - environment: 'e2e-test-cleanup' - permissions: - contents: write - packages: read - id-token: write - steps: - - name: Checkout uid2-shared-actions repo - uses: actions/checkout@v4 - with: - ref: kcc-UID2-6321-reenable-aks-e2e - repository: IABTechLab/uid2-shared-actions - path: uid2-shared-actions - - - name: Stop GCP private operator - if: ${{ inputs.operator_type == 'gcp' }} - uses: IABTechLab/uid2-shared-actions/actions/stop_gcp_private_operator@v3 - with: - gcp_project: ${{ inputs.gcp_project }} - gcp_service_account: ${{ inputs.gcp_service_account }} - gcp_workload_identity_provider_id: ${{ inputs.gcp_workload_identity_provider_id }} - gcp_instance_name: ${{ needs.e2e-test.outputs.gcp_instance_name }} - - - name: Stop Azure private operator - if: ${{ inputs.operator_type == 'azure' }} - uses: IABTechLab/uid2-shared-actions/actions/stop_azure_private_operator@v3 - with: - azure_credentials: ${{ secrets.AZURE_CREDENTIALS }} - azure_container_group_name: ${{ needs.e2e-test.outputs.azure_container_group_name }} - - - name: Stop AWS private operator - if: ${{ inputs.operator_type == 'aws' }} - uses: IABTechLab/uid2-shared-actions/actions/stop_aws_private_operator@v3 - with: - aws_stack_name: ${{ needs.e2e-test.outputs.aws_stack_name }} - aws_region: ${{ inputs.aws_region }} - - - name: Stop AKS private operator - if: ${{ inputs.operator_type == 'aks' }} - uses: IABTechLab/uid2-shared-actions/actions/stop_aks_private_operator@kcc-UID2-6321-reenable-aks-e2e - with: - azure_credentials: ${{ secrets.AZURE_CREDENTIALS }} - run_id: ${{ github.run_id }} + # e2e-test-cleanup: + # name: E2E Test Cleanup (Delayed Operator Shutdown) + # if: ${{ always() && inputs.delay_operator_shutdown && inputs.operator_type != 'public' }} + # needs: [e2e-test] + # runs-on: ubuntu-latest + # environment: 'e2e-test-cleanup' + # permissions: + # contents: write + # packages: read + # id-token: write + # steps: + # - name: Checkout uid2-shared-actions repo + # uses: actions/checkout@v4 + # with: + # ref: kcc-UID2-6321-reenable-aks-e2e + # repository: IABTechLab/uid2-shared-actions + # path: uid2-shared-actions + + # - name: Stop GCP private operator + # if: ${{ inputs.operator_type == 'gcp' }} + # uses: IABTechLab/uid2-shared-actions/actions/stop_gcp_private_operator@v3 + # with: + # gcp_project: ${{ inputs.gcp_project }} + # gcp_service_account: ${{ inputs.gcp_service_account }} + # gcp_workload_identity_provider_id: ${{ inputs.gcp_workload_identity_provider_id }} + # gcp_instance_name: ${{ needs.e2e-test.outputs.gcp_instance_name }} + + # - name: Stop Azure private operator + # if: ${{ inputs.operator_type == 'azure' }} + # uses: IABTechLab/uid2-shared-actions/actions/stop_azure_private_operator@v3 + # with: + # azure_credentials: ${{ secrets.AZURE_CREDENTIALS }} + # azure_container_group_name: ${{ needs.e2e-test.outputs.azure_container_group_name }} + + # - name: Stop AWS private operator + # if: ${{ inputs.operator_type == 'aws' }} + # uses: IABTechLab/uid2-shared-actions/actions/stop_aws_private_operator@v3 + # with: + # aws_stack_name: ${{ needs.e2e-test.outputs.aws_stack_name }} + # aws_region: ${{ inputs.aws_region }} + + # - name: Stop AKS private operator + # if: ${{ inputs.operator_type == 'aks' }} + # uses: IABTechLab/uid2-shared-actions/actions/stop_aks_private_operator@kcc-UID2-6321-reenable-aks-e2e + # with: + # azure_credentials: ${{ secrets.AZURE_CREDENTIALS }} + # run_id: ${{ github.run_id }} From 4ade2cf8791f51fac19015edf2d2eb5844e2c0cb Mon Sep 17 00:00:00 2001 From: Katherine Chen Date: Tue, 3 Mar 2026 16:46:32 +1100 Subject: [PATCH 4/8] Change back to westus --- scripts/aks/aks_env.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/aks/aks_env.sh b/scripts/aks/aks_env.sh index acb10b83..eb1f7a5f 100644 --- a/scripts/aks/aks_env.sh +++ b/scripts/aks/aks_env.sh @@ -15,7 +15,7 @@ else fi export RESOURCE_GROUP="opr-e2e-aks${RUN_SUFFIX}" -export LOCATION="eastus" +export LOCATION="westus" export VNET_NAME="opr-e2e-vnet${RUN_SUFFIX}" export PUBLIC_IP_ADDRESS_NAME="opr-e2e-ip${RUN_SUFFIX}" export NAT_GATEWAY_NAME="opr-e2e-nat${RUN_SUFFIX}" From 0cb9070a82dc880976e6a7213175ac7089b3c439 Mon Sep 17 00:00:00 2001 From: Katherine Chen Date: Wed, 4 Mar 2026 08:31:49 +1100 Subject: [PATCH 5/8] Remove identity --- scripts/aks/prepare_aks_artifacts.sh | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/scripts/aks/prepare_aks_artifacts.sh b/scripts/aks/prepare_aks_artifacts.sh index 8635c9b3..be1cbbe3 100644 --- a/scripts/aks/prepare_aks_artifacts.sh +++ b/scripts/aks/prepare_aks_artifacts.sh @@ -110,7 +110,10 @@ else # Generate deployment template cp ${INPUT_TEMPLATE_FILE} ${OUTPUT_TEMPLATE_FILE} sed -i "s#IMAGE_PLACEHOLDER#${IMAGE}#g" ${OUTPUT_TEMPLATE_FILE} - sed -i "s#IDENTITY_PLACEHOLDER#${MANAGED_IDENTITY_ID}#g" "${OUTPUT_TEMPLATE_FILE}" + # TODO: Commented out for testing identity-related 409 conflict issue with MS support + # sed -i "s#IDENTITY_PLACEHOLDER#${MANAGED_IDENTITY_ID}#g" "${OUTPUT_TEMPLATE_FILE}" + # Remove the identity annotation entirely for testing + sed -i '/microsoft.containerinstance.virtualnode.identity/d' "${OUTPUT_TEMPLATE_FILE}" sed -i "s#VAULT_NAME_PLACEHOLDER#${KEYVAULT_NAME}#g" "${OUTPUT_TEMPLATE_FILE}" sed -i "s#OPERATOR_KEY_SECRET_NAME_PLACEHOLDER#${KEYVAULT_SECRET_NAME}#g" "${OUTPUT_TEMPLATE_FILE}" sed -i "s#DEPLOYMENT_ENVIRONMENT_PLACEHOLDER#integ#g" "${OUTPUT_TEMPLATE_FILE}" From 66cf6d93e08998e3dc7e062943cfa67b9f7bb1c4 Mon Sep 17 00:00:00 2001 From: Katherine Chen Date: Wed, 4 Mar 2026 08:40:19 +1100 Subject: [PATCH 6/8] Add debug message --- scripts/aks/prepare_aks_artifacts.sh | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/scripts/aks/prepare_aks_artifacts.sh b/scripts/aks/prepare_aks_artifacts.sh index be1cbbe3..3fb5c564 100644 --- a/scripts/aks/prepare_aks_artifacts.sh +++ b/scripts/aks/prepare_aks_artifacts.sh @@ -139,6 +139,11 @@ else fi # The previous pipe will be stored in ${OUTPUT_POLICY_DIGEST_FILE} as well. The below command is to remove the prompt and only extract the enclave id. sed -i 's/.*(y\/n) //g' "${OUTPUT_POLICY_DIGEST_FILE}" + + # Print the generated template file with CCE policy + echo "=== Generated operator.yaml with CCE policy ===" + cat ${OUTPUT_TEMPLATE_FILE} + echo "=== End of operator.yaml ===" fi if [ -z "${GITHUB_OUTPUT}" ]; then From dcf3ff5535453ee8c299ae08cacc39aff0c20dde Mon Sep 17 00:00:00 2001 From: Katherine Chen Date: Wed, 4 Mar 2026 15:21:50 +1100 Subject: [PATCH 7/8] Update virtual node install method --- scripts/aks/prepare_aks_artifacts.sh | 5 +---- scripts/aks/start_aks_cluster.sh | 33 ++++++++++++++++++++++------ 2 files changed, 27 insertions(+), 11 deletions(-) diff --git a/scripts/aks/prepare_aks_artifacts.sh b/scripts/aks/prepare_aks_artifacts.sh index 3fb5c564..68d7d83b 100644 --- a/scripts/aks/prepare_aks_artifacts.sh +++ b/scripts/aks/prepare_aks_artifacts.sh @@ -110,10 +110,7 @@ else # Generate deployment template cp ${INPUT_TEMPLATE_FILE} ${OUTPUT_TEMPLATE_FILE} sed -i "s#IMAGE_PLACEHOLDER#${IMAGE}#g" ${OUTPUT_TEMPLATE_FILE} - # TODO: Commented out for testing identity-related 409 conflict issue with MS support - # sed -i "s#IDENTITY_PLACEHOLDER#${MANAGED_IDENTITY_ID}#g" "${OUTPUT_TEMPLATE_FILE}" - # Remove the identity annotation entirely for testing - sed -i '/microsoft.containerinstance.virtualnode.identity/d' "${OUTPUT_TEMPLATE_FILE}" + sed -i "s#IDENTITY_PLACEHOLDER#${MANAGED_IDENTITY_ID}#g" "${OUTPUT_TEMPLATE_FILE}" sed -i "s#VAULT_NAME_PLACEHOLDER#${KEYVAULT_NAME}#g" "${OUTPUT_TEMPLATE_FILE}" sed -i "s#OPERATOR_KEY_SECRET_NAME_PLACEHOLDER#${KEYVAULT_SECRET_NAME}#g" "${OUTPUT_TEMPLATE_FILE}" sed -i "s#DEPLOYMENT_ENVIRONMENT_PLACEHOLDER#integ#g" "${OUTPUT_TEMPLATE_FILE}" diff --git a/scripts/aks/start_aks_cluster.sh b/scripts/aks/start_aks_cluster.sh index d8c39a63..3034edb7 100644 --- a/scripts/aks/start_aks_cluster.sh +++ b/scripts/aks/start_aks_cluster.sh @@ -106,13 +106,32 @@ az role assignment create \ # Setup AKS Cluster az aks get-credentials --name ${AKS_CLUSTER_NAME} --resource-group ${RESOURCE_GROUP} az provider register -n Microsoft.ContainerInstance -git clone https://github.com/microsoft/virtualnodesOnAzureContainerInstances.git -helm install virtualnode virtualnodesOnAzureContainerInstances/Helm/virtualnode -# Wait for virtualnode-0 to appear -echo "Waiting for virtualnode-0 to be ready..." -while ! kubectl get nodes | grep -q "virtualnode-0"; do - echo "virtualnode-0 not found yet, waiting 10 seconds..." + +# --- Option 1: OSS/Helm Virtual Node Installation (COMMENTED OUT for testing) --- +# git clone https://github.com/microsoft/virtualnodesOnAzureContainerInstances.git +# helm install virtualnode virtualnodesOnAzureContainerInstances/Helm/virtualnode +# # Wait for virtualnode-0 to appear +# echo "Waiting for virtualnode-0 to be ready..." +# while ! kubectl get nodes | grep -q "virtualnode-0"; do +# echo "virtualnode-0 not found yet, waiting 10 seconds..." +# sleep 10 +# done +# echo "virtualnode-0 is ready!" +# kubectl get nodes + +# --- Option 2: Built-in AKS Virtual Nodes Addon (MS Support recommended for testing) --- +# Reference: https://learn.microsoft.com/azure/aks/virtual-nodes-cli +az aks enable-addons \ + --resource-group ${RESOURCE_GROUP} \ + --name ${AKS_CLUSTER_NAME} \ + --addons virtual-node \ + --subnet-name cg + +# Wait for virtual-node-aci-linux to appear (built-in addon uses this name) +echo "Waiting for virtual-node-aci-linux to be ready..." +while ! kubectl get nodes | grep -q "virtual-node-aci-linux"; do + echo "virtual-node-aci-linux not found yet, waiting 10 seconds..." sleep 10 done -echo "virtualnode-0 is ready!" +echo "virtual-node-aci-linux is ready!" kubectl get nodes \ No newline at end of file From db5ee3a07ea0ce0150df73c41db2d55587f77e8e Mon Sep 17 00:00:00 2001 From: Katherine Chen Date: Wed, 4 Mar 2026 15:22:05 +1100 Subject: [PATCH 8/8] Update to eastus --- scripts/aks/aks_env.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/aks/aks_env.sh b/scripts/aks/aks_env.sh index eb1f7a5f..acb10b83 100644 --- a/scripts/aks/aks_env.sh +++ b/scripts/aks/aks_env.sh @@ -15,7 +15,7 @@ else fi export RESOURCE_GROUP="opr-e2e-aks${RUN_SUFFIX}" -export LOCATION="westus" +export LOCATION="eastus" export VNET_NAME="opr-e2e-vnet${RUN_SUFFIX}" export PUBLIC_IP_ADDRESS_NAME="opr-e2e-ip${RUN_SUFFIX}" export NAT_GATEWAY_NAME="opr-e2e-nat${RUN_SUFFIX}"