IABTechLab · cYKatherine · Feb 26, 2026 · Feb 26, 2026 · Mar 2, 2026 · Mar 3, 2026
diff --git a/.github/workflows/shared-run-e2e-tests.yaml b/.github/workflows/shared-run-e2e-tests.yaml
@@ -151,7 +151,7 @@ jobs:
       - name: Checkout uid2-shared-actions repo
         uses: actions/checkout@v4
         with:
-          ref: v3
+          ref: kcc-UID2-6321-reenable-aks-e2e
           repository: IABTechLab/uid2-shared-actions
           path: uid2-shared-actions
 
@@ -207,7 +207,7 @@ jobs:
       - name: Start AKS cluster
         id: start_aks_cluster
         if: ${{ inputs.operator_type == 'aks' }}
-        uses: IABTechLab/uid2-shared-actions/actions/start_aks_cluster@v3
+        uses: IABTechLab/uid2-shared-actions/actions/start_aks_cluster@kcc-UID2-6321-reenable-aks-e2e
         with:
           azure_credentials: ${{ secrets.AZURE_CREDENTIALS }}
           run_id: ${{ github.run_id }}
@@ -226,7 +226,7 @@ jobs:
       - name: Prepare AKS metadata
         id: prepare_aks_metadata
         if: ${{ inputs.operator_type == 'aks' }}
-        uses: IABTechLab/uid2-shared-actions/actions/prepare_aks_metadata@v3
+        uses: IABTechLab/uid2-shared-actions/actions/prepare_aks_metadata@kcc-UID2-6321-reenable-aks-e2e
         with:
           operator_image_version: ${{ inputs.operator_image_version }}
           target_environment: ${{ inputs.target_environment }}
@@ -292,7 +292,7 @@ jobs:
       - name: Start AKS private operator
         id: start_aks_private_operator
         if: ${{ inputs.operator_type == 'aks' }}
-        uses: IABTechLab/uid2-shared-actions/actions/start_aks_private_operator@v3
+        uses: IABTechLab/uid2-shared-actions/actions/start_aks_private_operator@kcc-UID2-6321-reenable-aks-e2e
         with:
           template_file: ${{ steps.prepare_aks_metadata.outputs.template_file }}
           azure_credentials: ${{ secrets.AZURE_CREDENTIALS }}
@@ -316,7 +316,7 @@ jobs:
 
       - name: Run E2E tests
         id: e2e
-        uses: IABTechLab/uid2-shared-actions/actions/run_e2e_tests@v3
+        uses: IABTechLab/uid2-shared-actions/actions/run_e2e_tests@kcc-UID2-6321-reenable-aks-e2e
         with:
           e2e_network: ${{ steps.decide_env_var.outputs.e2e_network }}
           e2e_image_version: ${{ inputs.e2e_image_version }}
@@ -363,50 +363,50 @@ jobs:
         run: |
             bash uid2-shared-actions/scripts/aks/stop_aks_enclave.sh
 
-  e2e-test-cleanup:
-    name: E2E Test Cleanup (Delayed Operator Shutdown)
-    if: ${{ always() && inputs.delay_operator_shutdown && inputs.operator_type != 'public' }}
-    needs: [e2e-test]
-    runs-on: ubuntu-latest
-    environment: 'e2e-test-cleanup'
-    permissions:
-      contents: write
-      packages: read
-      id-token: write
-    steps:
-      - name: Checkout uid2-shared-actions repo
-        uses: actions/checkout@v4
-        with:
-          ref: v3
-          repository: IABTechLab/uid2-shared-actions
-          path: uid2-shared-actions
-
-      - name: Stop GCP private operator
-        if: ${{ inputs.operator_type == 'gcp' }}
-        uses: IABTechLab/uid2-shared-actions/actions/stop_gcp_private_operator@v3
-        with:
-          gcp_project: ${{ inputs.gcp_project }}
-          gcp_service_account: ${{ inputs.gcp_service_account }}
-          gcp_workload_identity_provider_id: ${{ inputs.gcp_workload_identity_provider_id }}
-          gcp_instance_name: ${{ needs.e2e-test.outputs.gcp_instance_name }}
-
-      - name: Stop Azure private operator
-        if: ${{ inputs.operator_type == 'azure' }}
-        uses: IABTechLab/uid2-shared-actions/actions/stop_azure_private_operator@v3
-        with:
-          azure_credentials: ${{ secrets.AZURE_CREDENTIALS }}
-          azure_container_group_name: ${{ needs.e2e-test.outputs.azure_container_group_name }}
-
-      - name: Stop AWS private operator
-        if: ${{ inputs.operator_type == 'aws' }}
-        uses: IABTechLab/uid2-shared-actions/actions/stop_aws_private_operator@v3
-        with:
-          aws_stack_name: ${{ needs.e2e-test.outputs.aws_stack_name }}
-          aws_region: ${{ inputs.aws_region }}
-
-      - name: Stop AKS private operator
-        if: ${{ inputs.operator_type == 'aks' }}
-        uses: IABTechLab/uid2-shared-actions/actions/stop_aks_private_operator@v3
-        with:
-          azure_credentials: ${{ secrets.AZURE_CREDENTIALS }}
-          run_id: ${{ github.run_id }}
+  # e2e-test-cleanup:
+  #   name: E2E Test Cleanup (Delayed Operator Shutdown)
+  #   if: ${{ always() && inputs.delay_operator_shutdown && inputs.operator_type != 'public' }}
+  #   needs: [e2e-test]
+  #   runs-on: ubuntu-latest
+  #   environment: 'e2e-test-cleanup'
+  #   permissions:
+  #     contents: write
+  #     packages: read
+  #     id-token: write
+  #   steps:
+  #     - name: Checkout uid2-shared-actions repo
+  #       uses: actions/checkout@v4
+  #       with:
+  #         ref: kcc-UID2-6321-reenable-aks-e2e
+  #         repository: IABTechLab/uid2-shared-actions
+  #         path: uid2-shared-actions
+
+  #     - name: Stop GCP private operator
+  #       if: ${{ inputs.operator_type == 'gcp' }}
+  #       uses: IABTechLab/uid2-shared-actions/actions/stop_gcp_private_operator@v3
+  #       with:
+  #         gcp_project: ${{ inputs.gcp_project }}
+  #         gcp_service_account: ${{ inputs.gcp_service_account }}
+  #         gcp_workload_identity_provider_id: ${{ inputs.gcp_workload_identity_provider_id }}
+  #         gcp_instance_name: ${{ needs.e2e-test.outputs.gcp_instance_name }}
+
+  #     - name: Stop Azure private operator
+  #       if: ${{ inputs.operator_type == 'azure' }}
+  #       uses: IABTechLab/uid2-shared-actions/actions/stop_azure_private_operator@v3
+  #       with:
+  #         azure_credentials: ${{ secrets.AZURE_CREDENTIALS }}
+  #         azure_container_group_name: ${{ needs.e2e-test.outputs.azure_container_group_name }}
+
+  #     - name: Stop AWS private operator
+  #       if: ${{ inputs.operator_type == 'aws' }}
+  #       uses: IABTechLab/uid2-shared-actions/actions/stop_aws_private_operator@v3
+  #       with:
+  #         aws_stack_name: ${{ needs.e2e-test.outputs.aws_stack_name }}
+  #         aws_region: ${{ inputs.aws_region }}
+
+  #     - name: Stop AKS private operator
+  #       if: ${{ inputs.operator_type == 'aks' }}
+  #       uses: IABTechLab/uid2-shared-actions/actions/stop_aks_private_operator@kcc-UID2-6321-reenable-aks-e2e
+  #       with:
+  #         azure_credentials: ${{ secrets.AZURE_CREDENTIALS }}
+  #         run_id: ${{ github.run_id }}
diff --git a/scripts/aks/aks_env.sh b/scripts/aks/aks_env.sh
@@ -15,7 +15,7 @@ else
 fi
 
 export RESOURCE_GROUP="opr-e2e-aks${RUN_SUFFIX}"
-export LOCATION="westus"
+export LOCATION="eastus"
 export VNET_NAME="opr-e2e-vnet${RUN_SUFFIX}"
 export PUBLIC_IP_ADDRESS_NAME="opr-e2e-ip${RUN_SUFFIX}"
 export NAT_GATEWAY_NAME="opr-e2e-nat${RUN_SUFFIX}"

diff --git a/scripts/aks/prepare_aks_artifacts.sh b/scripts/aks/prepare_aks_artifacts.sh
@@ -136,6 +136,11 @@ else
   fi
   # The previous pipe will be stored in ${OUTPUT_POLICY_DIGEST_FILE} as well. The below command is to remove the prompt and only extract the enclave id.
   sed -i 's/.*(y\/n) //g' "${OUTPUT_POLICY_DIGEST_FILE}"
+
+  # Print the generated template file with CCE policy
+  echo "=== Generated operator.yaml with CCE policy ==="
+  cat ${OUTPUT_TEMPLATE_FILE}
+  echo "=== End of operator.yaml ==="
 fi
 
 if [ -z "${GITHUB_OUTPUT}" ]; then

diff --git a/scripts/aks/start_aks_cluster.sh b/scripts/aks/start_aks_cluster.sh
@@ -106,13 +106,32 @@ az role assignment create \
 # Setup AKS Cluster
 az aks get-credentials --name ${AKS_CLUSTER_NAME} --resource-group ${RESOURCE_GROUP}
 az provider register -n Microsoft.ContainerInstance
-git clone https://github.com/microsoft/virtualnodesOnAzureContainerInstances.git
-helm install virtualnode virtualnodesOnAzureContainerInstances/Helm/virtualnode
-# Wait for virtualnode-0 to appear
-echo "Waiting for virtualnode-0 to be ready..."
-while ! kubectl get nodes | grep -q "virtualnode-0"; do
-  echo "virtualnode-0 not found yet, waiting 10 seconds..."
+
+# --- Option 1: OSS/Helm Virtual Node Installation (COMMENTED OUT for testing) ---
+# git clone https://github.com/microsoft/virtualnodesOnAzureContainerInstances.git
+# helm install virtualnode virtualnodesOnAzureContainerInstances/Helm/virtualnode
+# # Wait for virtualnode-0 to appear
+# echo "Waiting for virtualnode-0 to be ready..."
+# while ! kubectl get nodes | grep -q "virtualnode-0"; do
+#   echo "virtualnode-0 not found yet, waiting 10 seconds..."
+#   sleep 10
+# done
+# echo "virtualnode-0 is ready!"
+# kubectl get nodes
+
+# --- Option 2: Built-in AKS Virtual Nodes Addon (MS Support recommended for testing) ---
+# Reference: https://learn.microsoft.com/azure/aks/virtual-nodes-cli
+az aks enable-addons \
+  --resource-group ${RESOURCE_GROUP} \
+  --name ${AKS_CLUSTER_NAME} \
+  --addons virtual-node \
+  --subnet-name cg
+
+# Wait for virtual-node-aci-linux to appear (built-in addon uses this name)
+echo "Waiting for virtual-node-aci-linux to be ready..."
+while ! kubectl get nodes | grep -q "virtual-node-aci-linux"; do
+  echo "virtual-node-aci-linux not found yet, waiting 10 seconds..."
   sleep 10
 done
-echo "virtualnode-0 is ready!"
+echo "virtual-node-aci-linux is ready!"
 kubectl get nodes