Test dependencies

packer/azure/scripts/delete-unused-storage.sh

@@ -0,0 +1,156 @@
+#!/bin/bash
+# Copyright 2021 The Kubernetes Authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# This script deletes unused Azure storage accounts created in the process of
+# building CAPZ reference images. It also archives existing accounts into one
+# main storage account to reduce the limited number of accounts in use.
+# Usage:
+#  <DRYRUN=true|false> delete-unused-storage.sh
+#
+# The `pub` tool (https://github.com/devigned/pub) and the `az` CLI tool
+# (https://docs.microsoft.com/en-us/cli/azure/install-azure-cli) must be found
+# in the PATH.
+#
+# In order to run this script, log in to the publishing account with the
+# `az account set -s <SUBSCRIPTION_ID>` command. Then export these environment
+# variables to enable access to the storage accounts:
+#   AZURE_CLIENT_ID
+#   AZURE_CLIENT_SECRET
+#   AZURE_SUBSCRIPTION_ID
+#   AZURE_TENANT_ID
+#
+# By default, the script will not modify any resources. Pass the environment variable
+# DRYRUN=false to enable the script to archive and to delete the storage accounts.
+
+set -o errexit
+set -o nounset
+set -o pipefail
+
+[[ -n ${DEBUG:-} ]] && set -o xtrace
+
+RESOURCE_GROUP=${RESOURCE_GROUP:-cluster-api-images}
+PUBLISHER=${PUBLISHER:-cncf-upstream}
+OFFERS=${OFFERS:-capi capi-windows}
+PREFIX=${PREFIX:-capi}
+LONG_PREFIX=${LONG_PREFIX:-${PREFIX}[0-9]{10\}}
+ARCHIVE_STORAGE_ACCOUNT=${ARCHIVE_STORAGE_ACCOUNT:-${PREFIX}archive}
+DRYRUN=${DRYRUN:-true}
+RED='\033[0;31m'
+NC='\033[0m' 
+
+if ${DRYRUN}; then
+  echo "DRYRUN: This script will not copy or delete any resources."
+  ECHO=echo
+else
+  ECHO=
+fi
+
+which pub &> /dev/null || (echo "Please install pub from https://github.com/devigned/pub/releases" && exit 1)
+
+# Get URLs in use by the marketplace offers
+URLS=""
+for name in ${OFFERS}; do
+  echo "Getting URLs for ${name}..."
+  offer=$(pub offers show -p "$PUBLISHER" -o "$name")
+  # Capture "label" as well as "osVhdUrl" so we can archive storage accounts with something readable.
+  urls=$(echo "${offer}" | jq -r '.definition["plans"][]."microsoft-azure-corevm.vmImagesPublicAzure"[] | [.label, .osVhdUrl] | @csv')
+  if [[ -z $URLS ]]; then
+    URLS=${urls}
+  else
+    URLS=${URLS}$'\n'${urls}
+  fi
+done
+NOW=$(date +%s)
+
+# ensure the existence of the archive storage account
+if ! az storage account show -g "${RESOURCE_GROUP}" -n "${ARCHIVE_STORAGE_ACCOUNT}" &> /dev/null; then
+  echo "Creating archive storage account ${ARCHIVE_STORAGE_ACCOUNT}..."
+  $ECHO az storage account create -g "${RESOURCE_GROUP}" -n "${ARCHIVE_STORAGE_ACCOUNT}" --access-tier Cool --allow-blob-public-access false
+fi
+
+IFS=$'\n'
+archived=0
+deleted=0
+# For each storage account in the subscription,
+for account in $(az storage account list -g "${RESOURCE_GROUP}" -o tsv --query "[?starts_with(name, '${PREFIX}')].[name,creationTime]"); do
+  IFS=$'\t' read -r storage_account creation_time <<< "$account"
+  created=$(date -d "${creation_time}" +%s 2>/dev/null || date -j -f "%F" "${creation_time}" +%s 2>/dev/null)
+  age=$(( (NOW - created) / 86400 ))
+  # if it's older than a month
+  if [[ $age -gt 30 ]]; then
+    # and it has the right naming pattern
+    if [[ ${storage_account} =~ ^${LONG_PREFIX} ]]; then
+      # but isn't referenced in the offer osVhdUrls
+      if [[ ! ${URLS} =~ ${storage_account} ]]; then
+        # delete it.
+        echo "Deleting unreferenced storage account ${storage_account} that is ${age} days old"
+        ${ECHO} az storage account delete -g "${RESOURCE_GROUP}" -n "${storage_account}" -y
+        deleted=$((deleted+1))
+      else
+        # archive it.
+        for URL in ${URLS}; do
+          IFS=$',' read -r label url <<< "${URL}"
+          # container names are somewhat strict, so transform the label into a valid container name
+          # See https://github.com/MicrosoftDocs/azure-docs/blob/master/includes/storage-container-naming-rules-include.md
+          dest_label=${label//[ .]/-}
+          dest_label=${dest_label//[^a-zA-Z0-9-]/}
+          dest_label=$(echo "${dest_label}" | tr '[:upper:]' '[:lower:]')
+          if [[ ${url} =~ ${storage_account} ]]; then
+            echo "Archiving storage account ${storage_account} (${label}) that is ${age} days old"
+            # create a destination container
+            if [[ $(az storage container exists --account-name "${ARCHIVE_STORAGE_ACCOUNT}" -n "${dest_label}" -o tsv 2>/dev/null) != "True" ]]; then
+              ${ECHO} az storage container create --only-show-errors --public-access=container \
+                -n ${dest_label} -g "${RESOURCE_GROUP}" --account-name "${ARCHIVE_STORAGE_ACCOUNT}" 2>/dev/null
+            fi
+            # for each source container
+            for container in $(az storage container list --only-show-errors --account-name ${storage_account} --query "[].name" -o tsv 2>/dev/null); do
+              # copy it to the destination container
+              ${ECHO} az storage blob copy start-batch \
+                --account-name ${ARCHIVE_STORAGE_ACCOUNT} \
+                --destination-container ${dest_label} \
+                --destination-path ${container} \
+                --source-container ${container} \
+                --source-account-name ${storage_account} \
+                --pattern '*capi-*' \
+                2>/dev/null
+            done
+            # poll the target container until all blobs have "succeeded" copy status
+            for target in $(az storage blob list --account-name ${ARCHIVE_STORAGE_ACCOUNT} -c ${dest_label} --query '[].name' -o tsv 2>/dev/null); do
+              while true; do
+                status=$(az storage blob show --account-name ${ARCHIVE_STORAGE_ACCOUNT} --container-name ${dest_label} --name $target -o tsv --query 'properties.copy.status' 2>/dev/null)
+                if [[ ${status} == "success" ]]; then
+                  echo "Copied ${dest_label}/${target}"
+                  break
+                else
+                  echo "Copying ${dest_label}/${target} ..."
+                  sleep 20
+                fi
+              done
+            done
+            echo "Deleting source storage account ${storage_account}..."
+            ${ECHO} az storage account delete -g "${RESOURCE_GROUP}" -n "${storage_account}" -y
+            archived=$((archived+1))
+          fi
+        done
+        echo -e "Pausing for 10 seconds. ${RED}Hit Ctrl-C to stop.${NC}"
+        sleep 10
+        echo
+      fi
+    fi
+  fi
+done
+
+echo "Deleted ${deleted} storage accounts."
+echo "Archived ${archived} storage accounts."

packer/azure/scripts/disable-windows-prepull.json

@@ -0,0 +1,3 @@
+{
+  "prepull": "false"
+}

packer/azure/scripts/ensure-kustomize.sh

@@ -0,0 +1,42 @@
+#!/usr/bin/env bash
+
+# Copyright 2022 The Kubernetes Authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+set -o errexit
+set -o nounset
+set -o pipefail
+
+[[ -n ${DEBUG:-} ]] && set -o xtrace
+
+# Change directories to the parent directory of the one in which this
+# script is located.
+CAPI_ROOT=$(dirname "${BASH_SOURCE[0]}")/../../..
+cd "${CAPI_ROOT}" || exit 1
+
+source hack/utils.sh
+
+if command -v kustomize >/dev/null 2>&1; then exit 0; fi
+
+mkdir -p .local/bin && cd .local/bin
+
+KUSTOMIZE_VERSION=4.5.2
+_binfile="kustomize-v${KUSTOMIZE_VERSION}.tar.gz"
+
+echo "installing kustomize"
+curl -sLo "${_binfile}" "https://github.com/kubernetes-sigs/kustomize/releases/download/kustomize%2Fv${KUSTOMIZE_VERSION}/kustomize_v${KUSTOMIZE_VERSION}_${HOSTOS}_${HOSTARCH}.tar.gz"
+tar -zvxf "${_binfile}" -C "./"
+chmod +x "./kustomize"
+rm "${_binfile}"
+echo "'kustomize' has been installed to $(pwd), make sure this directory is in your \$PATH"

packer/azure/scripts/init-sig.sh

@@ -0,0 +1,100 @@
+#!/bin/bash
+
+[[ -n ${DEBUG:-} ]] && set -o xtrace
+
+tracestate="$(shopt -po xtrace)"
+set +o xtrace
+az login --service-principal -u ${AZURE_CLIENT_ID} -p ${AZURE_CLIENT_SECRET} --tenant ${AZURE_TENANT_ID} >/dev/null 2>&1
+az account set -s ${AZURE_SUBSCRIPTION_ID} >/dev/null 2>&1
+eval "$tracestate"
+
+export RESOURCE_GROUP_NAME="${RESOURCE_GROUP_NAME:-cluster-api-images}"
+export AZURE_LOCATION="${AZURE_LOCATION:-southcentralus}"
+if ! az group show -n ${RESOURCE_GROUP_NAME} -o none 2>/dev/null; then
+  az group create -n ${RESOURCE_GROUP_NAME} -l ${AZURE_LOCATION} --tags ${TAGS:-}
+fi
+CREATE_TIME="$(date +%s)"
+RANDOM_SUFFIX="$(head /dev/urandom | LC_ALL=C tr -dc a-z | head -c 4 ; echo '')"
+export GALLERY_NAME="${GALLERY_NAME:-ClusterAPI${CREATE_TIME}${RANDOM_SUFFIX}}"
+
+# Hack to set only build_resource_group_name or location, a better solution is welcome
+# https://developer.hashicorp.com/packer/plugins/builders/azure/arm#build_resource_group_name
+PACKER_FILE_PATH=packer/azure/
+TMP_PACKER_FILE=$PACKER_FILE_PATH"packer.json.tmp"
+PACKER_FILE=$PACKER_FILE_PATH"packer.json"
+if [ ${BUILD_RESOURCE_GROUP_NAME} ]; then
+    if ! az group show -n ${BUILD_RESOURCE_GROUP_NAME} -o none 2>/dev/null; then
+        az group create -n ${BUILD_RESOURCE_GROUP_NAME} -l ${AZURE_LOCATION} --tags ${TAGS:-}
+    fi
+    jq '(.builders | map(if .name | contains("sig") then del(.location) + {"build_resource_group_name": "{{user `build_resource_group_name`}}"} else . end)) as $updated | .builders = $updated' $PACKER_FILE  > $TMP_PACKER_FILE
+    mv $TMP_PACKER_FILE $PACKER_FILE
+fi
+
+packer validate -syntax-only $PACKER_FILE || exit 1
+
+az sig create --resource-group ${RESOURCE_GROUP_NAME} --gallery-name ${GALLERY_NAME}
+
+create_image_definition() {
+  az sig image-definition create \
+    --resource-group ${RESOURCE_GROUP_NAME} \
+    --gallery-name ${GALLERY_NAME} \
+    --gallery-image-definition capi-${1} \
+    --publisher capz \
+    --offer capz-demo \
+    --sku ${2} \
+    --hyper-v-generation ${3} \
+    --os-type ${4}
+}
+
+SIG_TARGET=$1
+
+case ${SIG_TARGET} in
+  ubuntu-1804)
+    create_image_definition ${SIG_TARGET} "18.04-LTS" "V1" "Linux"
+  ;;
+  ubuntu-2004)
+    create_image_definition ${SIG_TARGET} "20_04-lts" "V1" "Linux"
+  ;;
+  ubuntu-2204)
+    create_image_definition ${SIG_TARGET} "22_04-lts" "V1" "Linux"
+  ;;
+  centos-7)
+    create_image_definition "centos-7" "centos-7" "V1" "Linux"
+  ;;
+  rhel-8)
+    create_image_definition "rhel-8" "rhel-8" "V1" "Linux"
+  ;;
+  windows-2019)
+    create_image_definition "windows-2019-docker-ee" "win-2019-docker-ee" "V1" "Windows"
+  ;;
+  windows-2019-containerd)
+    create_image_definition ${SIG_TARGET} "win-2019-containerd" "V1" "Windows"
+  ;;
+  windows-2022-containerd)
+    create_image_definition ${SIG_TARGET} "win-2022-containerd" "V1" "Windows"
+  ;;
+  flatcar)
+    SKU="flatcar-${FLATCAR_CHANNEL}-${FLATCAR_VERSION}"
+    create_image_definition ${SKU} ${SKU} "V1" "Linux"
+  ;;
+  ubuntu-1804-gen2)
+    create_image_definition ${SIG_TARGET} "18.04-lts-gen2" "V2" "Linux"
+  ;;
+  ubuntu-2004-gen2)
+    create_image_definition ${SIG_TARGET} "20_04-lts-gen2" "V2" "Linux"
+  ;;
+  ubuntu-2204-gen2)
+    create_image_definition ${SIG_TARGET} "22_04-lts-gen2" "V2" "Linux"
+  ;;
+  centos-7-gen2)
+    create_image_definition "centos-7-gen2" "centos-7-gen2" "V2" "Linux"
+  ;;
+  flatcar-gen2)
+    SKU="flatcar-${FLATCAR_CHANNEL}-${FLATCAR_VERSION}-gen2"
+    create_image_definition "${SKU}" "${SKU}" "V2" "Linux"
+  ;;
+  *)
+    >&2 echo "Unsupported SIG target: '${SIG_TARGET}'"
+    exit 1
+  ;;
+esac

packer/azure/scripts/init-vhd.sh

@@ -0,0 +1,32 @@
+#!/bin/bash
+
+[[ -n ${DEBUG:-} ]] && set -o xtrace
+
+echo "Sign into Azure"
+tracestate="$(shopt -po xtrace)"
+set +o xtrace
+az login --service-principal -u ${AZURE_CLIENT_ID} -p ${AZURE_CLIENT_SECRET} --tenant ${AZURE_TENANT_ID} >/dev/null 2>&1
+az account set -s ${AZURE_SUBSCRIPTION_ID} >/dev/null 2>&1
+eval "$tracestate"
+
+echo "Create storage account"
+export RESOURCE_GROUP_NAME="${RESOURCE_GROUP_NAME:-cluster-api-images}"
+export AZURE_LOCATION="${AZURE_LOCATION:-southcentralus}"
+if ! az group show -n ${RESOURCE_GROUP_NAME} -o none 2>/dev/null; then
+  az group create -n ${RESOURCE_GROUP_NAME} -l ${AZURE_LOCATION} --tags ${TAGS:-}
+fi
+CREATE_TIME="$(date +%s)"
+RANDOM_SUFFIX="$(head /dev/urandom | LC_ALL=C tr -dc a-z | head -c 4 ; echo '')"
+get_random_region() {
+  local REGIONS=("canadacentral" "eastus" "eastus2" "northeurope" "uksouth" "westeurope" "westus2" "westus3")
+  echo "${REGIONS[${RANDOM} % ${#REGIONS[@]}]}"
+}
+RANDOMIZE_STORAGE_ACCOUNT="${RANDOMIZE_STORAGE_ACCOUNT:-"false"}"
+if [ "$RANDOMIZE_STORAGE_ACCOUNT" == "true" ]; then
+  export AZURE_LOCATION="$(get_random_region)"
+fi
+export STORAGE_ACCOUNT_NAME="${STORAGE_ACCOUNT_NAME:-capi${CREATE_TIME}${RANDOM_SUFFIX}}"
+az storage account check-name --name ${STORAGE_ACCOUNT_NAME}
+az storage account create -n ${STORAGE_ACCOUNT_NAME} -g ${RESOURCE_GROUP_NAME} -l ${AZURE_LOCATION} --allow-blob-public-access false
+
+echo "done"

packer/azure/scripts/new-disk-version.sh

@@ -0,0 +1,107 @@
+#!/bin/bash -e
+
+[[ -n ${DEBUG:-} ]] && set -o xtrace
+
+echo "PWD: $PWD"
+
+OS=${OS:-"Ubuntu"}
+OS_VERSION=${OS_VERSION:-"18.04"}
+PUB_VERSION=${PUB_VERSION:-"v0.3.3"}
+
+required_env_vars=(
+    "AZURE_CLIENT_ID"
+    "AZURE_CLIENT_SECRET"
+    "AZURE_TENANT_ID"
+    "OS"
+    "OS_VERSION"
+    "PUB_VERSION"
+)
+
+for v in "${required_env_vars[@]}"
+do
+    if [ -z "${!v}" ]; then
+        echo "$v was not set!"
+        exit 1
+    fi
+done
+
+SKU_INFO="sku/sku-publishing-info.json"
+VHD_INFO="vhd/vhd-publishing-info.json"
+
+required_files=(
+    "SKU_INFO"
+    "VHD_INFO"
+)
+
+for f in "${required_files[@]}"
+do
+    if [ ! -f "${!f}" ]; then
+        echo "could not find file: ${!f}"
+        exit 1
+    fi
+done
+
+echo "Getting pub..."
+(set -x ; curl -fsSL https://github.com/devigned/pub/releases/download/${PUB_VERSION}/pub_${PUB_VERSION}_linux_amd64.tar.gz -o pub; tar -xzf pub)
+
+echo "SKU publishing info:"
+cat $SKU_INFO
+echo
+
+echo "VHD publishing info:"
+cat $VHD_INFO
+echo
+
+
+# get Kubernetes version and split into major, minor, and patch
+k8s_version=$(< $SKU_INFO jq -r ".k8s_version")
+IFS='.' # set period (.) as delimiter
+read -ra ADDR <<< "${k8s_version}" # str is read into an array as tokens separated by IFS
+IFS=' ' # reset to default value after usage
+major=${ADDR[0]}
+minor=${ADDR[1]}
+patch=${ADDR[2]}
+
+# generate image version
+image_version=${major}${minor}.${patch}.$(date +"%Y%m%d")
+
+# generate media name
+sku_id=$(< $SKU_INFO jq -r ".sku_id")
+media_name="${sku_id}-${image_version}"
+
+# generate published date
+published_date=$(date +"%m/%d/%Y")
+
+# get vhd url
+vhd_url=$(< $VHD_INFO jq -r ".vhd_url")
+
+label="Kubernetes $k8s_version $OS $OS_VERSION"
+description="Kubernetes $k8s_version $OS $OS_VERSION"
+
+# create version.json
+cat <<EOF > version.json
+{
+    "$image_version" : {
+        "mediaName": "$media_name",
+        "showInGui": false,
+        "publishedDate": "$published_date",
+        "label": "$label",
+        "description": "$description",
+        "osVHdUrl": "$vhd_url"
+    }
+}
+EOF
+
+echo "Version info:"
+cat version.json
+
+publisher=$(< $SKU_INFO jq -r ".publisher")
+offer=$(< $SKU_INFO jq -r ".offer")
+sku=$(< $SKU_INFO jq -r ".sku_id")
+
+# TODO: Update pub versions put to take in version.json as a file
+echo "Create new disk version"
+set -x
+./pub_linux_amd64 versions put corevm -p $publisher -o $offer -s $sku --version $image_version --vhd-uri $vhd_url --media-name $media_name --label "$label" --desc "$description" --published-date "$published_date"
+set +x
+echo -e "\nCreated disk version"

packer/azure/scripts/new-sku.sh

@@ -0,0 +1,80 @@
+#!/bin/bash -e
+
+OS=${OS:-"Ubuntu"}
+OS_VERSION=${OS_VERSION:-"18.04"}
+PUB_VERSION=${PUB_VERSION:-"v0.3.3"}
+VM_GENERATION=${VM_GENERATION:-"gen1"}
+[[ -n ${DEBUG:-} ]] && set -o xtrace
+
+required_env_vars=(
+    "AZURE_CLIENT_ID"
+    "AZURE_CLIENT_SECRET"
+    "AZURE_TENANT_ID"
+    "KUBERNETES_VERSION"
+    "OFFER"
+    "OS"
+    "OS_VERSION"
+    "PUB_VERSION"
+    "PUBLISHER"
+    "SKU_TEMPLATE_FILE"
+    "VM_GENERATION"
+)
+
+for v in "${required_env_vars[@]}"
+do
+    if [ -z "${!v}" ]; then
+        echo "$v was not set!"
+        exit 1
+    fi
+done
+
+if [ ! -f "$SKU_TEMPLATE_FILE" ]; then
+    echo "Could not find sku template file: ${SKU_TEMPLATE_FILE}!"
+    exit 1
+fi
+
+os=$(echo "$OS" | tr '[:upper:]' '[:lower:]')
+version=$(echo "$OS_VERSION" | tr '[:upper:]' '[:lower:]' | tr -d .)
+sku_id="${os}-${version}-${VM_GENERATION}"
+
+if [ "$OS" == "Ubuntu" ]; then
+    os_type="Ubuntu"
+    os_family="Linux"
+elif [ "$OS" == "Windows" ]; then
+    os_type="Other"
+    os_family="Windows"
+else
+    echo "Cannot configure unknown OS: ${OS}!"
+    exit 1
+fi
+
+< $SKU_TEMPLATE_FILE sed s/{{ID}}/"$sku_id"/ \
+    | sed s/{{KUBERNETES_VERSION}}/"$KUBERNETES_VERSION/" \
+    | sed s/{{OS}}/"$OS/" \
+    | sed s/{{OS_VERSION}}/"$OS_VERSION/" \
+    | sed s/{{OS_TYPE}}/"$os_type/" \
+    | sed s/{{OS_FAMILY}}/"$os_family/" \
+    > sku.json
+cat sku.json
+
+echo
+echo "Getting pub..."
+(set -x ; curl -fsSL https://github.com/devigned/pub/releases/download/${PUB_VERSION}/pub_${PUB_VERSION}_linux_amd64.tar.gz -o pub; tar -xzf pub)
+
+echo "Creating new SKU"
+set -x
+./pub_linux_amd64 skus put -p $PUBLISHER -o "$OFFER" -f sku.json
+set +x
+echo -e "\nCreated sku"
+
+echo "Writing publishing info"
+cat <<EOF > sku-publishing-info.json
+{
+    "publisher" : "$PUBLISHER",
+    "offer" : "$OFFER",
+    "sku_id" : "$sku_id",
+    "k8s_version" : "$KUBERNETES_VERSION"
+}
+EOF
+
+cat sku-publishing-info.json

packer/azure/scripts/parse-prow-creds.sh

@@ -0,0 +1,33 @@
+#!/bin/bash
+# Copyright 2020 The Kubernetes Authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+set -o errexit
+set -o nounset
+set -o pipefail
+set +o xtrace
+
+parse_cred() {
+    grep -E -o "\b$1[[:blank:]]*=[[:blank:]]*\"[^[:space:]\"]+\"" | cut -d '"' -f 2
+}
+
+
+# for Prow we use the provided AZURE_CREDENTIALS file.
+# the file is expected to be in toml format.
+if [[ -n "${AZURE_CREDENTIALS:-}" ]]; then
+    export AZURE_SUBSCRIPTION_ID="$(cat ${AZURE_CREDENTIALS} | parse_cred SubscriptionID)"
+    export AZURE_TENANT_ID="$(cat ${AZURE_CREDENTIALS} | parse_cred TenantID)"
+    export AZURE_CLIENT_ID="$(cat ${AZURE_CREDENTIALS} | parse_cred ClientID)"
+    export AZURE_CLIENT_SECRET="$(cat ${AZURE_CREDENTIALS} | parse_cred ClientSecret)"
+fi

packer/azure/scripts/sysprep.ps1

@@ -0,0 +1,46 @@
+# Copyright 2020 The Kubernetes Authors.
+
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+
+# http://www.apache.org/licenses/LICENSE-2.0
+
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# Modified from https://docs.microsoft.com/en-us/azure/virtual-machines/linux/image-builder-troubleshoot#sysprep-command-windows
+# The Windows Azure Guest Agent is required for sysprep: https://www.packer.io/docs/builders/azure/arm#windows
+Write-Output '>>> Waiting for GA Service (RdAgent) to start ...'
+while ((Get-Service RdAgent).Status -ne 'Running') { Start-Sleep -s 5 }
+Write-Output '>>> Waiting for GA Service (WindowsAzureTelemetryService) to start ...'
+while ((Get-Service WindowsAzureTelemetryService) -and ((Get-Service WindowsAzureTelemetryService).Status -ne 'Running')) { Start-Sleep -s 5 }
+Write-Output '>>> Waiting for GA Service (WindowsAzureGuestAgent) to start ...'
+while ((Get-Service WindowsAzureGuestAgent).Status -ne 'Running') { Start-Sleep -s 5 }
+Write-Output '>>> Sysprepping VM ...'
+if( Test-Path $Env:SystemRoot\system32\Sysprep\unattend.xml ) {
+  Remove-Item $Env:SystemRoot\system32\Sysprep\unattend.xml -Force
+}
+
+$unattendedXml = "$ENV:ProgramFiles\Cloudbase Solutions\Cloudbase-Init\conf\Unattend.xml"
+$FileExists = Test-Path $unattendedXml
+If ($FileExists -eq $True) {
+  # Use the Cloudbase-init provided unattend file during install
+  Write-Output "Using cloudbase-init unattend file for sysprep: $unattendedXml"
+  & $Env:SystemRoot\System32\Sysprep\Sysprep.exe /oobe /generalize /mode:vm /quit /quiet /unattend:$unattendedXml
+}else {
+  & $Env:SystemRoot\System32\Sysprep\Sysprep.exe /oobe /generalize /mode:vm /quit /quiet
+}
+
+# Wait for the image to be reset
+while($true) {
+  $imageState = (Get-ItemProperty HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\State).ImageState
+  Write-Output $imageState
+  if ($imageState -eq 'IMAGE_STATE_GENERALIZE_RESEAL_TO_OOBE') { break }
+  Start-Sleep -s 5
+}
+
+Write-Output '>>> Sysprep complete ...'

packer/azure/scripts/test-templates/linux/kustomization.yaml

@@ -0,0 +1,7 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - https://github.com/kubernetes-sigs/cluster-api-provider-azure/releases/download/v1.6.0/cluster-template.yaml
+patchesStrategicMerge:
+- ../patches/azuremachinetemplate-controlplane.yaml
+- ../patches/azuremachinetemplate-workload.yaml

packer/azure/scripts/test-templates/patches/azuremachinetemplate-controlplane.yaml

@@ -0,0 +1,11 @@
+apiVersion: infrastructure.cluster.x-k8s.io/v1beta1
+kind: AzureMachineTemplate
+metadata:
+  name: ${CLUSTER_NAME}-control-plane
+  namespace: default
+spec:
+  template:
+    spec:
+      image:
+        id: ${MANAGED_IMAGE_ID}
+---

packer/azure/scripts/test-templates/patches/azuremachinetemplate-windows.yaml

@@ -0,0 +1,11 @@
+apiVersion: infrastructure.cluster.x-k8s.io/v1beta1
+kind: AzureMachineTemplate
+metadata:
+  name: ${CLUSTER_NAME}-md-win
+  namespace: default
+spec:
+  template:
+    spec:
+      image:
+        id: ${MANAGED_IMAGE_ID}
+---

packer/azure/scripts/test-templates/patches/azuremachinetemplate-workload.yaml

@@ -0,0 +1,11 @@
+apiVersion: infrastructure.cluster.x-k8s.io/v1beta1
+kind: AzureMachineTemplate
+metadata:
+  name: ${CLUSTER_NAME}-md-0
+  namespace: default
+spec:
+  template:
+    spec:
+      image:
+        id: ${MANAGED_IMAGE_ID}
+---

packer/azure/scripts/test-templates/patches/kubeadmcontrolplane-windows.yaml

@@ -0,0 +1,8 @@
+apiVersion: controlplane.cluster.x-k8s.io/v1beta1
+kind: KubeadmControlPlane
+metadata:
+  name: ${CLUSTER_NAME}-control-plane
+  namespace: default
+spec:
+  version: ${KUBERNETES_BOOTSTRAP_VERSION}
+---

packer/azure/scripts/test-templates/patches/machinedeployment-windows.yaml

@@ -0,0 +1,8 @@
+apiVersion: cluster.x-k8s.io/v1beta1
+kind: MachineDeployment
+metadata:
+  name: ${CLUSTER_NAME}-md-0
+  namespace: default
+spec:
+  replicas: 0
+---

packer/azure/scripts/test-templates/windows/kustomization.yaml

@@ -0,0 +1,8 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - https://github.com/kubernetes-sigs/cluster-api-provider-azure/releases/download/v1.6.0/cluster-template-windows.yaml
+patchesStrategicMerge:
+- ../patches/azuremachinetemplate-windows.yaml
+- ../patches/kubeadmcontrolplane-windows.yaml
+- ../patches/machinedeployment-windows.yaml