Conversation
Remove the teleportd systemd service unit file, the TeleportConfig proto definition and its generated Go code. In config.proto, remove the teleport_config import and field 10, replacing it with a reserved declaration to prevent future field number reuse. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Remove downloadTeleportdPlugin() and installTeleportdPlugin() functions and their constants from cse_install.sh. Remove ERR_TELEPORTD_DOWNLOAD_ERR (150) and ERR_TELEPORTD_INSTALL_ERR (151) error codes from cse_helpers.sh. Remove ensureTeleportd() function and its conditional call from cse_config.sh. Remove installTeleportdPlugin conditional call from cse_main.sh. Remove TELEPORTD_PLUGIN_DOWNLOAD_URL and TELEPORT_ENABLED from cse_cmd.sh. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Remove teleportd from the binary list in nodecustomdata.yml. Remove EnableACRTeleportPlugin and TeleportdPluginURL struct fields from types.go. Remove teleportdPluginURL parameter passing from params.go. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Remove the TeleportEnabled template function and all teleportd snapshotter blocks from the containerd config templates in baker.go. This includes removing snapshotter = "teleportd" settings and [proxy_plugins.teleportd] sections from all four containerd config template variants (v1, v2, v1-no-gpu, v2-no-gpu). All other snapshotter configurations (overlaybd, stargz, kata) are preserved. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Remove the AKSUbuntu2404+Teleport test entry from baker_test.go and its associated testdata directory. Delete the AKSUbuntu1804+Containerd+ Teleport testdata directory. Remove teleportd constants from the removeComments test data in utils_test.go. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Remove TELEPORTD_PLUGIN_DOWNLOAD_URL and TELEPORT_ENABLED environment variable mappings from the aks-node-controller parser. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Remove teleportd_plugin_download_url variable, teleportd.service file provisioner, and TELEPORTD_PLUGIN_DOWNLOAD_URL environment variable from all 9 Packer JSON build configs. Remove TELED_SRC/TELED_DEST lines and cpAndMode call from packer_source.sh. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Run make generate and make proto-generate to regenerate all snapshot test data and protobuf generated Go code after teleport removal. Also fix discovered teleport references in: - aks-node-controller/parser/templates/containerd.toml.gtpl - aks-node-controller/parser/templates/containerd_no_GPU.toml.gtpl - aks-node-controller/proto/README.md - aks-node-controller/proto/aksnodeconfig/v1/config.proto (add reserved name "teleport_config" for buf compatibility) All tests pass, build is green. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
calvin197
requested review from
AbelHu,
Devinwong,
YaoC,
awesomenix,
cameronmeissner,
djsly,
ganeshkumarashok,
juan-lee,
junjiezhang1997,
lilypan26,
mxj220,
pdamianov-dev,
phealy,
r2k1,
sulixu,
surajssd,
timmy-wright,
yewmsft and
zachary-bailey
as code owners
|
The latest Buf updates on your PR. Results from workflow Buf CI / buf (pull_request).
|
There was a problem hiding this comment.
Pull request overview
This PR removes the ACR Teleport/teleportd plumbing from the VHD build pipeline, Linux CSE scripts, AgentBaker config surface, and aks-node-controller protos/templates.
Changes:
- Removes
teleportdsystemd unit/binary handling from Packer templates and VHD file copy steps. - Removes Teleport-related flags/params from AgentBaker (datamodel, params mapping, containerd config templates) and aks-node-controller (proto + parser/templates).
- Updates snapshot/unit tests and generated testdata to reflect the removed env vars/behavior.
Reviewed changes
Copilot reviewed 35 out of 167 changed files in this pull request and generated 9 comments.
Show a summary per file
| File | Description |
|---|---|
| vhdbuilder/packer/vhd-image-builder-mariner.json | Drops teleport-related packer var + file provisioner; updates shell env list. |
| vhdbuilder/packer/vhd-image-builder-mariner-cvm.json | Same removal for Mariner CVM build template. |
| vhdbuilder/packer/vhd-image-builder-mariner-arm64.json | Same removal for Mariner ARM64 build template. |
| vhdbuilder/packer/vhd-image-builder-flatcar.json | Same removal for Flatcar build template. |
| vhdbuilder/packer/vhd-image-builder-flatcar-arm64.json | Same removal for Flatcar ARM64 build template. |
| vhdbuilder/packer/vhd-image-builder-cvm.json | Same removal for CVM build template. |
| vhdbuilder/packer/vhd-image-builder-base.json | Same removal for base build template. |
| vhdbuilder/packer/vhd-image-builder-arm64-gen2.json | Same removal for ARM64 gen2 build template. |
| vhdbuilder/packer/vhd-image-builder-acl.json | Same removal for ACL build template. |
| vhdbuilder/packer/packer_source.sh | Stops copying teleportd.service into the image. |
| pkg/agent/utils_test.go | Updates removeComments test input to no longer include teleport vars. |
| pkg/agent/testdata/Flatcar/CSECommand | Updates golden CSECommand output to remove teleport env vars. |
| pkg/agent/testdata/AKSUbuntu2404+Teleport/CSECommand | Removes Teleport-specific golden output. |
| pkg/agent/testdata/AKSUbuntu2404+CustomLinuxOSConfigUlimit/CSECommand | Updates golden CSECommand output to remove teleport env vars. |
| pkg/agent/testdata/AKSUbuntu2204+Containerd+CDI/CSECommand | Updates golden CSECommand output to remove teleport env vars. |
| pkg/agent/testdata/ACL/CSECommand | Updates golden CSECommand output to remove teleport env vars. |
| pkg/agent/testdata/ACL+CustomCloud/CSECommand | Updates golden CSECommand output to remove teleport env vars. |
| pkg/agent/params.go | Removes mapping of teleport plugin URL into parameters map. |
| pkg/agent/datamodel/types.go | Removes Teleport-related fields from NodeBootstrappingConfiguration. |
| pkg/agent/baker_test.go | Removes Teleport-specific containerd config test case. |
| pkg/agent/baker.go | Removes Teleport template functions and Teleport-specific containerd config blocks. |
| parts/linux/cloud-init/nodecustomdata.yml | Stops symlinking teleportd into /opt/bin. |
| parts/linux/cloud-init/artifacts/teleportd.service | Deletes teleportd systemd unit artifact. |
| parts/linux/cloud-init/artifacts/cse_main.sh | Removes Teleport plugin install step from base prep. |
| parts/linux/cloud-init/artifacts/cse_install.sh | Removes Teleport plugin download/install functions and related dirs. |
| parts/linux/cloud-init/artifacts/cse_helpers.sh | Removes Teleport-specific error codes. |
| parts/linux/cloud-init/artifacts/cse_config.sh | Removes ensureTeleportd and the containerd pre-check for it. |
| parts/linux/cloud-init/artifacts/cse_cmd.sh | Removes TELEPORT_ENABLED and TELEPORTD_PLUGIN_DOWNLOAD_URL exports. |
| aks-node-controller/proto/aksnodeconfig/v1/teleport_config.proto | Removes TeleportConfig proto definition. |
| aks-node-controller/proto/aksnodeconfig/v1/config.proto | Removes teleport_config field (reserves field number/name). |
| aks-node-controller/proto/README.md | Removes TeleportConfig row from documentation table. |
| aks-node-controller/pkg/gen/aksnodeconfig/v1/teleport_config.pb.go | Removes generated TeleportConfig Go type. |
| aks-node-controller/parser/templates/containerd_no_GPU.toml.gtpl | Removes Teleport snapshotter/proxy_plugins blocks. |
| aks-node-controller/parser/templates/containerd.toml.gtpl | Removes Teleport snapshotter/proxy_plugins blocks. |
| aks-node-controller/parser/parser.go | Stops emitting Teleport env vars into CSE env map. |
You can also share your feedback on Copilot code review. Take the survey.
| "captured_sig_version": "{{env `${CAPTURED_SIG_VERSION`}}", | ||
| "enable_fips": "{{env `ENABLE_FIPS`}}", | ||
| "img_publisher": "{{env `IMG_PUBLISHER`}}", |
There was a problem hiding this comment.
captured_sig_version is templated as {{env ${CAPTURED_SIG_VERSION}}, which appears to reference a non-existent env var name (includes ${ and is missing the closing }). This will likely evaluate to empty and break SIG image versioning/naming. Use the standard packer syntax {{env CAPTURED_SIG_VERSION}} instead.
| "captured_sig_version": "{{env `${CAPTURED_SIG_VERSION`}}", | ||
| "enable_fips": "{{env `ENABLE_FIPS`}}", | ||
| "img_publisher": "{{env `IMG_PUBLISHER`}}", |
There was a problem hiding this comment.
captured_sig_version is templated as {{env ${CAPTURED_SIG_VERSION}}, which appears to reference a non-existent env var name (includes ${ and is missing the closing }). This will likely evaluate to empty and break SIG image versioning/naming. Use the standard packer syntax {{env CAPTURED_SIG_VERSION}} instead.
| "captured_sig_version": "{{env `${CAPTURED_SIG_VERSION`}}", | ||
| "enable_fips": "{{env `ENABLE_FIPS`}}", | ||
| "img_publisher": "{{env `IMG_PUBLISHER`}}", |
There was a problem hiding this comment.
captured_sig_version is templated as {{env ${CAPTURED_SIG_VERSION}}, which appears to reference a non-existent env var name (includes ${ and is missing the closing }). This will likely evaluate to empty and break SIG image versioning/naming. Use the standard packer syntax {{env CAPTURED_SIG_VERSION}} instead.
| "captured_sig_version": "{{env `CAPTURED_SIG_VERSION`}}", | ||
| "enable_fips": "{{env `ENABLE_FIPS`}}", | ||
| "img_sku": "", |
There was a problem hiding this comment.
captured_sig_version is templated as {{env ${CAPTURED_SIG_VERSION}}, which appears to reference a non-existent env var name (includes ${ and is missing the closing }). This will likely evaluate to empty and break SIG image versioning/naming. Use the standard packer syntax {{env CAPTURED_SIG_VERSION}} instead.
| "captured_sig_version": "{{env `${CAPTURED_SIG_VERSION`}}", | ||
| "enable_fips": "{{env `ENABLE_FIPS`}}", | ||
| "img_publisher": "{{env `IMG_PUBLISHER`}}", |
There was a problem hiding this comment.
captured_sig_version is templated as {{env ${CAPTURED_SIG_VERSION}}, which appears to reference a non-existent env var name (includes ${ and is missing the closing }). This will likely evaluate to empty and break SIG image versioning/naming. Use the standard packer syntax {{env CAPTURED_SIG_VERSION}} instead.
| "captured_sig_version": "{{env `${CAPTURED_SIG_VERSION`}}", | ||
| "enable_fips": "{{env `ENABLE_FIPS`}}", | ||
| "img_publisher": "{{env `IMG_PUBLISHER`}}", |
There was a problem hiding this comment.
captured_sig_version is templated as {{env ${CAPTURED_SIG_VERSION}}, which appears to reference a non-existent env var name (includes ${ and is missing the closing }). This will likely evaluate to empty and break SIG image versioning/naming. Use the standard packer syntax {{env CAPTURED_SIG_VERSION}} instead.
| "captured_sig_version": "{{env `${CAPTURED_SIG_VERSION`}}", | ||
| "enable_fips": "{{env `ENABLE_FIPS`}}", | ||
| "img_publisher": "{{env `IMG_PUBLISHER`}}", |
There was a problem hiding this comment.
captured_sig_version is templated as {{env ${CAPTURED_SIG_VERSION}}, which appears to reference a non-existent env var name (includes ${ and is missing the closing }). This will likely evaluate to empty and break SIG image versioning/naming. Use the standard packer syntax {{env CAPTURED_SIG_VERSION}} instead.
| "captured_sig_version": "{{env `${CAPTURED_SIG_VERSION`}}", | ||
| "enable_fips": "{{env `ENABLE_FIPS`}}", | ||
| "img_publisher": "{{env `IMG_PUBLISHER`}}", |
There was a problem hiding this comment.
captured_sig_version is templated as {{env ${CAPTURED_SIG_VERSION}}, which appears to reference a non-existent env var name (includes ${ and is missing the closing }). This will likely evaluate to empty and break SIG image versioning/naming. Use the standard packer syntax {{env CAPTURED_SIG_VERSION}} instead.
| "captured_sig_version": "{{env `${CAPTURED_SIG_VERSION`}}", | ||
| "enable_fips": "{{env `ENABLE_FIPS`}}", | ||
| "img_publisher": "{{env `IMG_PUBLISHER`}}", |
There was a problem hiding this comment.
captured_sig_version is templated as {{env ${CAPTURED_SIG_VERSION}}, which appears to reference a non-existent env var name (includes ${ and is missing the closing }). This will likely evaluate to empty and break SIG image versioning/naming. Use the standard packer syntax {{env CAPTURED_SIG_VERSION}} instead.
pkg/agent/baker.go
Outdated
| snapshotter = "teleportd" | ||
| disable_snapshot_annotations = false | ||
| {{- else}} | ||
| {{- if IsKata }} |
pkg/agent/baker.go
Outdated
| snapshotter = "teleportd" | ||
| disable_snapshot_annotations = false | ||
| {{- else}} | ||
| {{- if IsKata }} |
What this PR does / why we need it:
Project Teleport was a private preview feature (Feb 2021) that accelerated container image pulls by SMB-mounting pre-expanded layers from ACR via a client daemon (teleportd). It never reached GA and the ACR team has already removedthe server-side /mount API, making the feature fully non-functional. This PR removes all dead Teleport code from AgentBaker:
Which issue(s) this PR fixes:
Fixes #
What this PR does / why we need it: