Skip to content

feat: oras pull pause image if not cached for windows network isolated cluster#8038

Merged
fseldow merged 13 commits intomainfrom
xinhl/niwind4
Mar 16, 2026
Merged

feat: oras pull pause image if not cached for windows network isolated cluster#8038
fseldow merged 13 commits intomainfrom
xinhl/niwind4

Conversation

@fseldow
Copy link
Contributor

@fseldow fseldow commented Mar 8, 2026

What this PR does / why we need it:
containerd cannot implement credential provider to pull the pause image if not exists. Thus for network isolated cluster, whose pause image neeeds to pull from private acr, it needs to ensure the pause image always cached.

Which issue(s) this PR fixes:

Fixes #

Copilot AI review requested due to automatic review settings March 8, 2026 22:11
Copilot AI reviewed Mar 8, 2026
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR adds functionality to pull and cache the Kubernetes pause (pod infra) container image via ORAS for Windows nodes in network-isolated clusters. The problem being solved is that containerd cannot use credential providers to pull the pause image from a private ACR in isolated environments, so the image must be pre-pulled and pinned in containerd's local store.

Changes:

  • Added Set-PodInfraContainerImage function to networkisolatedclusterfunc.ps1 that pulls the pause image from the private registry using oras, imports it into containerd's k8s.io namespace, and pins it to prevent garbage collection.
  • Integrated the new function into Install-Containerd in containerdfunc.ps1, calling it when BootstrapProfileContainerRegistryServer is configured.
  • Updated the Windows e2e test to use the correct non-anonymous ACR (requiring authentication) for the network isolated test scenario.

Reviewed changes

Copilot reviewed 4 out of 4 changed files in this pull request and generated 5 comments.

File Description
staging/cse/windows/networkisolatedclusterfunc.ps1 New Set-PodInfraContainerImage function: reads pause image from cluster config, checks if already cached, pulls via oras, imports via ctr, and pins with label
staging/cse/windows/networkisolatedclusterfunc.tests.ps1 Unit tests for Set-PodInfraContainerImage covering empty image, early return when cached, successful pull/import, and retry exhaustion
staging/cse/windows/containerdfunc.ps1 Calls Set-PodInfraContainerImage from within Install-Containerd when BootstrapProfileContainerRegistryServer is set
e2e/scenario_win_test.go Fixes the e2e test to use PrivateACRName (auth required) instead of PrivateACRNameNotAnon (anonymous pull enabled) for the NonAnonymousACR-tagged Windows network isolated test

Copilot AI review requested due to automatic review settings March 9, 2026 15:40
fseldow and others added 3 commits March 10, 2026 02:42
@fseldow
feat: oras pull pause image if not cached for windows network isolate…
ab48a56 
…d cluster
@fseldow
Update staging/cse/windows/containerdfunc.ps1
70b0ae2 
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
@fseldow
Update staging/cse/windows/networkisolatedclusterfunc.ps1
83a3619 
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Copilot AI review requested due to automatic review settings March 9, 2026 16:27
Copilot AI reviewed Mar 9, 2026
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 4 out of 4 changed files in this pull request and generated no new comments.

timmy-wright
timmy-wright reviewed Mar 9, 2026
View reviewed changes
Copilot AI review requested due to automatic review settings March 11, 2026 08:45
Copilot AI reviewed Mar 11, 2026
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 4 out of 4 changed files in this pull request and generated no new comments.

@fseldow fseldow enabled auto-merge (squash) March 16, 2026 02:29
jiashun0011
jiashun0011 reviewed Mar 16, 2026
View reviewed changes
@jiashun0011
Copy link
Contributor

jiashun0011 commented Mar 16, 2026

lgtm, thanks for the pr

auto-merge was automatically disabled March 16, 2026 04:20

Pull request was closed

@fseldow fseldow reopened this Mar 16, 2026
jiashun0011
jiashun0011 approved these changes Mar 16, 2026
View reviewed changes
Copy link
Contributor

@jiashun0011 jiashun0011 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm, thanks for the pr

@fseldow fseldow enabled auto-merge (squash) March 16, 2026 04:32
@fseldow fseldow merged commit 7b57ab2 into main Mar 16, 2026
45 checks passed
@fseldow fseldow deleted the xinhl/niwind4 branch March 16, 2026 05:54
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@timmy-wright timmy-wright timmy-wright approved these changes

@jiashun0011 jiashun0011 jiashun0011 approved these changes

@juan-lee juan-lee Awaiting requested review from juan-lee

@cameronmeissner cameronmeissner Awaiting requested review from cameronmeissner cameronmeissner is a code owner

@ganeshkumarashok ganeshkumarashok Awaiting requested review from ganeshkumarashok ganeshkumarashok is a code owner

@Devinwong Devinwong Awaiting requested review from Devinwong Devinwong is a code owner

@lilypan26 lilypan26 Awaiting requested review from lilypan26 lilypan26 is a code owner

@AbelHu AbelHu Awaiting requested review from AbelHu AbelHu is a code owner

@junjiezhang1997 junjiezhang1997 Awaiting requested review from junjiezhang1997 junjiezhang1997 is a code owner

@djsly djsly Awaiting requested review from djsly djsly is a code owner

@phealy phealy Awaiting requested review from phealy phealy is a code owner

@r2k1 r2k1 Awaiting requested review from r2k1 r2k1 is a code owner

@zachary-bailey zachary-bailey Awaiting requested review from zachary-bailey zachary-bailey is a code owner

@awesomenix awesomenix Awaiting requested review from awesomenix awesomenix is a code owner

@mxj220 mxj220 Awaiting requested review from mxj220 mxj220 is a code owner

@pdamianov-dev pdamianov-dev Awaiting requested review from pdamianov-dev pdamianov-dev is a code owner

@calvin197 calvin197 Awaiting requested review from calvin197 calvin197 is a code owner

@sulixu sulixu Awaiting requested review from sulixu sulixu is a code owner

@surajssd surajssd Awaiting requested review from surajssd surajssd is a code owner

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@fseldow @jiashun0011 @timmy-wright