Skip to content

Stop adding kubernetes.azure.com/cluster label to unbounded-managed nodes#17

Open
Copilot wants to merge 7 commits intomainfrom
copilot/remove-kubernetes-label-unbounded-node
Open

Stop adding kubernetes.azure.com/cluster label to unbounded-managed nodes#17
Copilot wants to merge 7 commits intomainfrom
copilot/remove-kubernetes-label-unbounded-node

Conversation

Copy link
Copy Markdown
Contributor

Copilot AI commented Apr 9, 2026
edited
Loading

AKS unbounded-managed nodes were being stamped with kubernetes.azure.com/cluster, which is an AKS-internal label that should only appear on natively provisioned nodes. Removing it is a prerequisite for deploying our own kube-proxy and konnectivity agent on unbounded nodes.

Changes

  • internal/cloudprovider/provider.go — Drop kubernetes.azure.com/cluster from AKSProvider.DefaultLabels() and remove the ClusterName field. Simplify DetectProvider() to only probe for the aks-cluster-metadata ConfigMap; system-node lookup (previously needed only to read the cluster name) is eliminated.

  • internal/cloudprovider/provider_test.go — Update tests to assert the cluster label is absent, and correct previously-expected failures (NoSystemNodes, MissingClusterLabel) that should now succeed.

  • cmd/machina/machina/controller/ssh_integration_test.go — Remove ClusterName from test fixture and assert that kubernetes.azure.com/cluster is absent from the agent config labels.

  • hack/agent/skills/unbounded-agent-qemu-vm-e2e/scripts/aks-config.sh — Remove the node-label scrape that read kubernetes.azure.com/cluster and appended it to the kubelet labels JSON.

  • .github/workflows/agent-e2e-kind.yaml — Add internal/cloudprovider/** to the path triggers so changes to the cloud provider package also run the kind e2e tests.

Before:

func (p *AKSProvider) DefaultLabels() map[string]string {
    return map[string]string{
        "kubernetes.azure.com/managed": "false",
        "kubernetes.azure.com/cluster": p.ClusterName,
    }
}

After:

func (p *AKSProvider) DefaultLabels() map[string]string {
    return map[string]string{
        "kubernetes.azure.com/managed": "false",
    }
}

Copilot AI assigned Copilot and bcho Apr 9, 2026
Copilot AI linked an issue Apr 9, 2026 that may be closed by this pull request
[agent] Stop adding kubernetes.azure.com/cluster label to unbounded managed node #16
Open
Copilot AI changed the title [WIP] Remove kubernetes.azure.com/cluster label from unbounded managed node Stop adding kubernetes.azure.com/cluster label to unbounded-managed nodes Apr 9, 2026
Copilot finished work on behalf of bcho April 9, 2026 23:55
Copilot AI requested a review from bcho April 9, 2026 23:55
bcho
bcho requested changes Apr 9, 2026
View reviewed changes
Copy link
Copy Markdown
Member

@bcho bcho left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@copilot

Comment thread internal/cloudprovider/provider_test.go Outdated
Copilot finished work on behalf of bcho April 10, 2026 00:04
Copilot AI requested a review from bcho April 10, 2026 00:04
@bcho
Copy link
Copy Markdown
Member

bcho commented Apr 13, 2026
edited
Loading

Partial kubelet logs:

52d7ff8bc80-cni-conf\") pod \"unbounded-net-node-n52gj\" (UID: \"bb3a49e0-a945-4c23-b5e1-252d7ff8bc80\") " pod="unbounded-net/unbounded-net-node-n52gj"
Apr 13 21:27:50 test-vm kubelet[160]: I0413 21:27:50.756260     160 reconciler_common.go:251] "operationExecutor.VerifyControllerAttachedVolume started for volume \"wireguard\" (UniqueName: \"kubernetes.io/host-path/bb3a49e0-a945-4c23-b5e1-252d7ff8bc80-wireguard\") pod \"unbounded-net-node-n52gj\" (UID: \"bb3a49e0-a945-4c23-b5e1-252d7ff8bc80\") " pod="unbounded-net/unbounded-net-node-n52gj"
Apr 13 21:27:50 test-vm kubelet[160]: I0413 21:27:50.756272     160 reconciler_common.go:251] "operationExecutor.VerifyControllerAttachedVolume started for volume \"tmp\" (UniqueName: \"kubernetes.io/empty-dir/bb3a49e0-a945-4c23-b5e1-252d7ff8bc80-tmp\") pod \"unbounded-net-node-n52gj\" (UID: \"bb3a49e0-a945-4c23-b5e1-252d7ff8bc80\") " pod="unbounded-net/unbounded-net-node-n52gj"
Apr 13 21:27:50 test-vm kubelet[160]: I0413 21:27:50.756283     160 reconciler_common.go:251] "operationExecutor.VerifyControllerAttachedVolume started for volume \"vartmp\" (UniqueName: \"kubernetes.io/empty-dir/bb3a49e0-a945-4c23-b5e1-252d7ff8bc80-vartmp\") pod \"unbounded-net-node-n52gj\" (UID: \"bb3a49e0-a945-4c23-b5e1-252d7ff8bc80\") " pod="unbounded-net/unbounded-net-node-n52gj"
Apr 13 21:27:50 test-vm kubelet[160]: I0413 21:27:50.756294     160 reconciler_common.go:251] "operationExecutor.VerifyControllerAttachedVolume started for volume \"iproute2\" (UniqueName: \"kubernetes.io/host-path/bb3a49e0-a945-4c23-b5e1-252d7ff8bc80-iproute2\") pod \"unbounded-net-node-n52gj\" (UID: \"bb3a49e0-a945-4c23-b5e1-252d7ff8bc80\") " pod="unbounded-net/unbounded-net-node-n52gj"
Apr 13 21:27:50 test-vm kubelet[160]: I0413 21:27:50.756304     160 reconciler_common.go:251] "operationExecutor.VerifyControllerAttachedVolume started for volume \"runtime-config\" (UniqueName: \"kubernetes.io/configmap/bb3a49e0-a945-4c23-b5e1-252d7ff8bc80-runtime-config\") pod \"unbounded-net-node-n52gj\" (UID: \"bb3a49e0-a945-4c23-b5e1-252d7ff8bc80\") " pod="unbounded-net/unbounded-net-node-n52gj"
Apr 13 21:27:50 test-vm kubelet[160]: I0413 21:27:50.756314     160 reconciler_common.go:251] "operationExecutor.VerifyControllerAttachedVolume started for volume \"controller-ca\" (UniqueName: \"kubernetes.io/configmap/bb3a49e0-a945-4c23-b5e1-252d7ff8bc80-controller-ca\") pod \"unbounded-net-node-n52gj\" (UID: \"bb3a49e0-a945-4c23-b5e1-252d7ff8bc80\") " pod="unbounded-net/unbounded-net-node-n52gj"
Apr 13 21:27:50 test-vm kubelet[160]: I0413 21:27:50.756325     160 reconciler_common.go:251] "operationExecutor.VerifyControllerAttachedVolume started for volume \"kube-api-access-fvv86\" (UniqueName: \"kubernetes.io/projected/bb3a49e0-a945-4c23-b5e1-252d7ff8bc80-kube-api-access-fvv86\") pod \"unbounded-net-node-n52gj\" (UID: \"bb3a49e0-a945-4c23-b5e1-252d7ff8bc80\") " pod="unbounded-net/unbounded-net-node-n52gj"
Apr 13 21:27:50 test-vm kubelet[160]: I0413 21:27:50.756335     160 reconciler_common.go:251] "operationExecutor.VerifyControllerAttachedVolume started for volume \"cni-bin\" (UniqueName: \"kubernetes.io/host-path/bb3a49e0-a945-4c23-b5e1-252d7ff8bc80-cni-bin\") pod \"unbounded-net-node-n52gj\" (UID: \"bb3a49e0-a945-4c23-b5e1-252d7ff8bc80\") " pod="unbounded-net/unbounded-net-node-n52gj"
Apr 13 21:28:12 test-vm kubelet[160]: I0413 21:28:12.746571     160 kubelet_node_status.go:439] "Fast updating node status as it just became ready"
Apr 13 21:28:14 test-vm kubelet[160]: I0413 21:28:14.714188     160 pod_startup_latency_tracker.go:104] "Observed pod startup duration" pod="unbounded-net/unbounded-net-node-n52gj" podStartSLOduration=9.421655684 podStartE2EDuration="24.71417647s" podCreationTimestamp="2026-04-13 21:27:50 +0000 UTC" firstStartedPulling="2026-04-13 21:27:52.696865787 +0000 UTC m=+4.538787414" lastFinishedPulling="2026-04-13 21:28:07.989386583 +0000 UTC m=+19.831308200" observedRunningTime="2026-04-13 21:28:08.70728391 +0000 UTC m=+20.549205537" watchObservedRunningTime="2026-04-13 21:28:14.71417647 +0000 UTC m=+26.556098097"

bcho
bcho requested changes Apr 13, 2026
View reviewed changes
Comment thread cmd/machina/machina/controller/ssh_integration_test.go Outdated
Copilot finished work on behalf of bcho April 13, 2026 21:59
Copilot AI requested a review from bcho April 13, 2026 21:59
@bcho bcho marked this pull request as ready for review April 13, 2026 22:05
@bcho bcho requested a review from a team April 13, 2026 22:05
bcho
bcho requested changes Apr 13, 2026
View reviewed changes
Copy link
Copy Markdown
Member

@bcho bcho left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@copilot please include path internal/cloudprovider to kind e2e test target

Copy link
Copy Markdown
Contributor Author

Copilot AI commented Apr 13, 2026

@copilot please include path internal/cloudprovider to kind e2e test target

Done in bf56973 — added internal/cloudprovider/** to both the pull_request and push path triggers in .github/workflows/agent-e2e-kind.yaml.

Copilot finished work on behalf of bcho April 13, 2026 22:13
Copilot AI requested a review from bcho April 13, 2026 22:13
bcho
bcho requested changes Apr 13, 2026
View reviewed changes
Copy link
Copy Markdown
Member

@bcho bcho left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@copilot resolve conflict plz

@bcho
Merge branch 'main' into copilot/remove-kubernetes-label-unbounded-node
ba67e7e 
Co-authored-by: bcho <1975118+bcho@users.noreply.github.com>
Copy link
Copy Markdown
Contributor Author

Copilot AI commented Apr 13, 2026
edited
Loading

@copilot resolve conflict plz

Resolved in ba67e7e. Kept both internal/cloudprovider/** and cmd/kubectl-unbounded/** in the workflow path triggers, and dropped the now-stale ExcludeFromCloudProviderLabel assertion from the integration test (that constant was removed in main).

Warning

Firewall rules blocked me from connecting to one or more addresses (expand for details)

I tried to connect to the following addresses, but was blocked by firewall rules:

  • 192.0.2.1
    • Triggering command: /tmp/go-build179871057/b908/controller.test /tmp/go-build179871057/b908/controller.test -test.testlogfile=/tmp/go-build179871057/b908/testlog.txt -test.paniconexit0 -test.timeout=10m0s /tmp/go-build179871057/b664/vet.cfg untime@v0.23.3/p-errorsas untime@v0.23.3/p-ifaceassert ux-amd64/pkg/tool/linux_amd64/vet . ontrol/v1 mpile ux-amd64/pkg/too-buildtags 0733�� /kubernetes/type-errorsas /kubernetes/type-ifaceassert ux-amd64/pkg/tool/linux_amd64/vet --gdwarf-5 kg/client/config-unsafeptr=false mpile ux-amd64/pkg/too/tmp/go-build179871057/b826/vet.cfg (packet block)
  • invalid-ip
    • Triggering command: /tmp/go-build179871057/b908/controller.test /tmp/go-build179871057/b908/controller.test -test.testlogfile=/tmp/go-build179871057/b908/testlog.txt -test.paniconexit0 -test.timeout=10m0s /tmp/go-build179871057/b664/vet.cfg untime@v0.23.3/p-errorsas untime@v0.23.3/p-ifaceassert ux-amd64/pkg/tool/linux_amd64/vet . ontrol/v1 mpile ux-amd64/pkg/too-buildtags 0733�� /kubernetes/type-errorsas /kubernetes/type-ifaceassert ux-amd64/pkg/tool/linux_amd64/vet --gdwarf-5 kg/client/config-unsafeptr=false mpile ux-amd64/pkg/too/tmp/go-build179871057/b826/vet.cfg (dns block)

If you need me to access, download, or install something from one of these locations, you can either:

Copilot finished work on behalf of bcho April 13, 2026 22:40
Copilot AI requested a review from bcho April 13, 2026 22:40
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jwilder jwilder jwilder approved these changes

@bcho bcho Awaiting requested review from bcho

Requested changes must be addressed to merge this pull request.

Assignees

@bcho bcho

Copilot code review Copilot

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[agent] Stop adding kubernetes.azure.com/cluster label to unbounded managed node

3 participants

@bcho @jwilder