Skip to content

ci-automation/azure: enable back Azure#3898

Merged
tormath1 merged 2 commits intomainfrom
tormath1/gc
Apr 9, 2026
Merged

ci-automation/azure: enable back Azure#3898
tormath1 merged 2 commits intomainfrom
tormath1/gc

Conversation

@tormath1
Copy link
Copy Markdown
Contributor

@tormath1 tormath1 commented Apr 9, 2026

In this PR:

  • we enable back garbage collection even if this one is quite useless in the new subscription as there is an automatic garbage collection on nightlies
  • we drop the use of private IPs for kola spawned instances to use assigned public IP as the subscription is not locked-down

This has been partially tested here: https://jenkins.flatcar.org/job/container/job/test/48/console

17:01:44  --- PASS: cl.internet (104.59s)
17:01:44      --- PASS: cl.internet/NTPDate (7.12s)
17:01:44      --- PASS: cl.internet/UpdateEngine (0.25s)
17:01:44      --- PASS: cl.internet/DockerPing (9.89s)
17:01:44      --- PASS: cl.internet/DockerEcho (0.52s)
17:01:44  PASS, output in _kola_temp/azure-2026-04-08-1456-108

NOTE:

  • test/azure: use public IP needs to be backported on maintainance channel but let's try on main a full run first

@tormath1 tormath1 self-assigned this Apr 9, 2026
@tormath1 tormath1 mentioned this pull request Apr 9, 2026
Merged
tormath1 added 2 commits April 9, 2026 10:22
@tormath1
Revert "ci-automation/gc: skip azure for now"
e109384 
This reverts commit 314e21a.

Signed-off-by: Mathieu Tortuyaux <mtortuyaux@microsoft.com>
@tormath1
test/azure: use public IP
47fb0c8 
The subscription is not locked down, we can access VM with public IP

Signed-off-by: Mathieu Tortuyaux <mtortuyaux@microsoft.com>
@tormath1 tormath1 marked this pull request as ready for review April 9, 2026 08:38
@tormath1 tormath1 requested a review from a team as a code owner April 9, 2026 08:38
@chewi
Copy link
Copy Markdown
Contributor

chewi commented Apr 9, 2026

Wouldn't using a private IP be preferable security-wise?

@tormath1
Copy link
Copy Markdown
Contributor Author

tormath1 commented Apr 9, 2026

Wouldn't using a private IP be preferable security-wise?

With this flag, it means that we use a private IP to access the VM but the VM will still have a public IP. See: https://github.com/flatcar/mantle/blob/1147d638804f6c25e10c60bbbea8e25525849182/platform/api/azure/instance.go#L251-L319

We needed to use private IP on the previous subscription because firewall was blocking requests on external IPs.

chewi
chewi approved these changes Apr 9, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@chewi chewi left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Okay, but would it be better to have an option to not allocate a public IP in the first place? Feel free to say "maybe, but later."

@tormath1
Copy link
Copy Markdown
Contributor Author

tormath1 commented Apr 9, 2026

Okay, but would it be better to have an option to not allocate a public IP in the first place? Feel free to say "maybe, but later."

Sure, that seems to be a good idea but let's not forget that those created instances have a short time to live and don't have any associated credentials (e.g managed identities) - so to me the security risk is low but happy to get your input here (and even more happy to update the codebase!)

@tormath1 tormath1 merged commit b45da27 into main Apr 9, 2026
4 of 5 checks passed
@tormath1 tormath1 deleted the tormath1/gc branch April 9, 2026 09:37
@tormath1
Copy link
Copy Markdown
Contributor Author

tormath1 commented Apr 9, 2026

Cherry-picked test/azure: use public IP to:

  • flatcar-4628
  • flatcar-4593
  • flatcar-4459
  • flatcar-4081

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@chewi chewi chewi approved these changes

Assignees

@tormath1 tormath1

Labels

alpha beta lts main stable

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@tormath1 @chewi