Conversation
Remove the teleportd systemd service unit file, the TeleportConfig proto definition and its generated Go code. In config.proto, remove the teleport_config import and field 10, replacing it with a reserved declaration to prevent future field number reuse. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Remove downloadTeleportdPlugin() and installTeleportdPlugin() functions and their constants from cse_install.sh. Remove ERR_TELEPORTD_DOWNLOAD_ERR (150) and ERR_TELEPORTD_INSTALL_ERR (151) error codes from cse_helpers.sh. Remove ensureTeleportd() function and its conditional call from cse_config.sh. Remove installTeleportdPlugin conditional call from cse_main.sh. Remove TELEPORTD_PLUGIN_DOWNLOAD_URL and TELEPORT_ENABLED from cse_cmd.sh. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Remove teleportd from the binary list in nodecustomdata.yml. Remove EnableACRTeleportPlugin and TeleportdPluginURL struct fields from types.go. Remove teleportdPluginURL parameter passing from params.go. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Remove the TeleportEnabled template function and all teleportd snapshotter blocks from the containerd config templates in baker.go. This includes removing snapshotter = "teleportd" settings and [proxy_plugins.teleportd] sections from all four containerd config template variants (v1, v2, v1-no-gpu, v2-no-gpu). All other snapshotter configurations (overlaybd, stargz, kata) are preserved. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Remove the AKSUbuntu2404+Teleport test entry from baker_test.go and its associated testdata directory. Delete the AKSUbuntu1804+Containerd+ Teleport testdata directory. Remove teleportd constants from the removeComments test data in utils_test.go. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Remove TELEPORTD_PLUGIN_DOWNLOAD_URL and TELEPORT_ENABLED environment variable mappings from the aks-node-controller parser. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Remove teleportd_plugin_download_url variable, teleportd.service file provisioner, and TELEPORTD_PLUGIN_DOWNLOAD_URL environment variable from all 9 Packer JSON build configs. Remove TELED_SRC/TELED_DEST lines and cpAndMode call from packer_source.sh. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Run make generate and make proto-generate to regenerate all snapshot test data and protobuf generated Go code after teleport removal. Also fix discovered teleport references in: - aks-node-controller/parser/templates/containerd.toml.gtpl - aks-node-controller/parser/templates/containerd_no_GPU.toml.gtpl - aks-node-controller/proto/README.md - aks-node-controller/proto/aksnodeconfig/v1/config.proto (add reserved name "teleport_config" for buf compatibility) All tests pass, build is green. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
calvin197
requested review from
AbelHu,
Devinwong,
YaoC,
awesomenix,
cameronmeissner,
djsly,
ganeshkumarashok,
juan-lee,
junjiezhang1997,
lilypan26,
mxj220,
pdamianov-dev,
phealy,
r2k1,
sulixu,
surajssd,
timmy-wright,
yewmsft and
zachary-bailey
as code owners
|
The latest Buf updates on your PR. Results from workflow Buf CI / buf (pull_request).
|
There was a problem hiding this comment.
Pull request overview
This PR removes the ACR Teleport/teleportd plumbing from the VHD build pipeline, Linux CSE scripts, AgentBaker config surface, and aks-node-controller protos/templates.
Changes:
- Removes
teleportdsystemd unit/binary handling from Packer templates and VHD file copy steps. - Removes Teleport-related flags/params from AgentBaker (datamodel, params mapping, containerd config templates) and aks-node-controller (proto + parser/templates).
- Updates snapshot/unit tests and generated testdata to reflect the removed env vars/behavior.
Reviewed changes
Copilot reviewed 35 out of 167 changed files in this pull request and generated 9 comments.
Show a summary per file
| File | Description |
|---|---|
| vhdbuilder/packer/vhd-image-builder-mariner.json | Drops teleport-related packer var + file provisioner; updates shell env list. |
| vhdbuilder/packer/vhd-image-builder-mariner-cvm.json | Same removal for Mariner CVM build template. |
| vhdbuilder/packer/vhd-image-builder-mariner-arm64.json | Same removal for Mariner ARM64 build template. |
| vhdbuilder/packer/vhd-image-builder-flatcar.json | Same removal for Flatcar build template. |
| vhdbuilder/packer/vhd-image-builder-flatcar-arm64.json | Same removal for Flatcar ARM64 build template. |
| vhdbuilder/packer/vhd-image-builder-cvm.json | Same removal for CVM build template. |
| vhdbuilder/packer/vhd-image-builder-base.json | Same removal for base build template. |
| vhdbuilder/packer/vhd-image-builder-arm64-gen2.json | Same removal for ARM64 gen2 build template. |
| vhdbuilder/packer/vhd-image-builder-acl.json | Same removal for ACL build template. |
| vhdbuilder/packer/packer_source.sh | Stops copying teleportd.service into the image. |
| pkg/agent/utils_test.go | Updates removeComments test input to no longer include teleport vars. |
| pkg/agent/testdata/Flatcar/CSECommand | Updates golden CSECommand output to remove teleport env vars. |
| pkg/agent/testdata/AKSUbuntu2404+Teleport/CSECommand | Removes Teleport-specific golden output. |
| pkg/agent/testdata/AKSUbuntu2404+CustomLinuxOSConfigUlimit/CSECommand | Updates golden CSECommand output to remove teleport env vars. |
| pkg/agent/testdata/AKSUbuntu2204+Containerd+CDI/CSECommand | Updates golden CSECommand output to remove teleport env vars. |
| pkg/agent/testdata/ACL/CSECommand | Updates golden CSECommand output to remove teleport env vars. |
| pkg/agent/testdata/ACL+CustomCloud/CSECommand | Updates golden CSECommand output to remove teleport env vars. |
| pkg/agent/params.go | Removes mapping of teleport plugin URL into parameters map. |
| pkg/agent/datamodel/types.go | Removes Teleport-related fields from NodeBootstrappingConfiguration. |
| pkg/agent/baker_test.go | Removes Teleport-specific containerd config test case. |
| pkg/agent/baker.go | Removes Teleport template functions and Teleport-specific containerd config blocks. |
| parts/linux/cloud-init/nodecustomdata.yml | Stops symlinking teleportd into /opt/bin. |
| parts/linux/cloud-init/artifacts/teleportd.service | Deletes teleportd systemd unit artifact. |
| parts/linux/cloud-init/artifacts/cse_main.sh | Removes Teleport plugin install step from base prep. |
| parts/linux/cloud-init/artifacts/cse_install.sh | Removes Teleport plugin download/install functions and related dirs. |
| parts/linux/cloud-init/artifacts/cse_helpers.sh | Removes Teleport-specific error codes. |
| parts/linux/cloud-init/artifacts/cse_config.sh | Removes ensureTeleportd and the containerd pre-check for it. |
| parts/linux/cloud-init/artifacts/cse_cmd.sh | Removes TELEPORT_ENABLED and TELEPORTD_PLUGIN_DOWNLOAD_URL exports. |
| aks-node-controller/proto/aksnodeconfig/v1/teleport_config.proto | Removes TeleportConfig proto definition. |
| aks-node-controller/proto/aksnodeconfig/v1/config.proto | Removes teleport_config field (reserves field number/name). |
| aks-node-controller/proto/README.md | Removes TeleportConfig row from documentation table. |
| aks-node-controller/pkg/gen/aksnodeconfig/v1/teleport_config.pb.go | Removes generated TeleportConfig Go type. |
| aks-node-controller/parser/templates/containerd_no_GPU.toml.gtpl | Removes Teleport snapshotter/proxy_plugins blocks. |
| aks-node-controller/parser/templates/containerd.toml.gtpl | Removes Teleport snapshotter/proxy_plugins blocks. |
| aks-node-controller/parser/parser.go | Stops emitting Teleport env vars into CSE env map. |
You can also share your feedback on Copilot code review. Take the survey.
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 35 out of 167 changed files in this pull request and generated no new comments.
You can also share your feedback on Copilot code review. Take the survey.
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 35 out of 167 changed files in this pull request and generated 8 comments.
You can also share your feedback on Copilot code review. Take the survey.
| "captured_sig_version": "{{env `${CAPTURED_SIG_VERSION`}}", | ||
| "enable_fips": "{{env `ENABLE_FIPS`}}", |
There was a problem hiding this comment.
captured_sig_version is being read from an environment variable named ${CAPTURED_SIG_VERSION (note the ${), which is almost certainly not set. Since this value is used for the SIG image version / managed image name later in this template, this will likely produce empty/incorrect image versions or fail the build. Use the same {{env CAPTURED_SIG_VERSION}} pattern used in other packer templates (e.g., vhd-image-builder-acl.json).
| "captured_sig_version": "{{env `${CAPTURED_SIG_VERSION`}}", | ||
| "enable_fips": "{{env `ENABLE_FIPS`}}", |
There was a problem hiding this comment.
captured_sig_version is being read from an environment variable named ${CAPTURED_SIG_VERSION (note the ${), which is almost certainly not set. Since this value is used for the SIG image version / managed image name later in this template, this will likely produce empty/incorrect image versions or fail the build. Use the same {{env CAPTURED_SIG_VERSION}} pattern used in other packer templates (e.g., vhd-image-builder-acl.json).
| "captured_sig_version": "{{env `${CAPTURED_SIG_VERSION`}}", | ||
| "enable_fips": "{{env `ENABLE_FIPS`}}", |
There was a problem hiding this comment.
captured_sig_version is being read from an environment variable named ${CAPTURED_SIG_VERSION (note the ${), which is almost certainly not set. Since this value is used for the SIG image version / managed image name later in this template, this will likely produce empty/incorrect image versions or fail the build. Use the same {{env CAPTURED_SIG_VERSION}} pattern used in other packer templates (e.g., vhd-image-builder-acl.json).
| "captured_sig_version": "{{env `${CAPTURED_SIG_VERSION`}}", | ||
| "enable_fips": "{{env `ENABLE_FIPS`}}", |
There was a problem hiding this comment.
captured_sig_version is being read from an environment variable named ${CAPTURED_SIG_VERSION (note the ${), which is almost certainly not set. Since this value is used for the SIG image version / managed image name later in this template, this will likely produce empty/incorrect image versions or fail the build. Use the same {{env CAPTURED_SIG_VERSION}} pattern used in other packer templates (e.g., vhd-image-builder-acl.json).
| "captured_sig_version": "{{env `${CAPTURED_SIG_VERSION`}}", | ||
| "enable_fips": "{{env `ENABLE_FIPS`}}", |
There was a problem hiding this comment.
captured_sig_version is being read from an environment variable named ${CAPTURED_SIG_VERSION (note the ${), which is almost certainly not set. Since this value is used for the SIG image version / managed image name later in this template, this will likely produce empty/incorrect image versions or fail the build. Use the same {{env CAPTURED_SIG_VERSION}} pattern used in other packer templates (e.g., vhd-image-builder-acl.json).
| "captured_sig_version": "{{env `${CAPTURED_SIG_VERSION`}}", | ||
| "enable_fips": "{{env `ENABLE_FIPS`}}", |
There was a problem hiding this comment.
captured_sig_version is being read from an environment variable named ${CAPTURED_SIG_VERSION (note the ${), which is almost certainly not set. Since this value is used for the SIG image version / managed image name later in this template, this will likely produce empty/incorrect image versions or fail the build. Use the same {{env CAPTURED_SIG_VERSION}} pattern used in other packer templates (e.g., vhd-image-builder-acl.json).
| "captured_sig_version": "{{env `${CAPTURED_SIG_VERSION`}}", | ||
| "enable_fips": "{{env `ENABLE_FIPS`}}", |
There was a problem hiding this comment.
captured_sig_version is being read from an environment variable named ${CAPTURED_SIG_VERSION (note the ${), which is almost certainly not set. Since this value is used for the SIG image version / managed image name later in this template, this will likely produce empty/incorrect image versions or fail the build. Use the same {{env CAPTURED_SIG_VERSION}} pattern used in other packer templates (e.g., vhd-image-builder-acl.json).
| "captured_sig_version": "{{env `${CAPTURED_SIG_VERSION`}}", | ||
| "enable_fips": "{{env `ENABLE_FIPS`}}", |
There was a problem hiding this comment.
captured_sig_version is being read from an environment variable named ${CAPTURED_SIG_VERSION (note the ${), which is almost certainly not set. Since this value is used for the SIG image version / managed image name later in this template, this will likely produce empty/incorrect image versions or fail the build. Use the same {{env CAPTURED_SIG_VERSION}} pattern used in other packer templates (e.g., vhd-image-builder-acl.json).
What this PR does / why we need it:
Project Teleport was a private preview feature (Feb 2021) that accelerated container image pulls by SMB-mounting pre-expanded layers from ACR via a client daemon (teleportd). It never reached GA and the ACR team has already removedthe server-side /mount API, making the feature fully non-functional. This PR removes all dead Teleport code from AgentBaker:
Which issue(s) this PR fixes:
Fixes #
What this PR does / why we need it: