Run yum update in stress images. Remove account key from bicep (#9093)

* Run yum update in stress images * Change storage account key lookup in stress bicep template
Azure · Oct 3, 2024 · cb61127 · cb61127
1 parent c32711b
commit cb61127
Show file tree

Hide file tree

Showing 4 changed files with 14 additions and 3 deletions.
diff --git a/tools/stress-cluster/cluster/azure/cluster/storage.bicep b/tools/stress-cluster/cluster/azure/cluster/storage.bicep
@@ -17,5 +17,4 @@ resource fileshare 'Microsoft.Storage/storageAccounts/fileServices/shares@2021-0
 }
 
 output name string = storage.name
-output key string = storage.listKeys().keys[0].value
 output fileShareName string = fileShareName
diff --git a/tools/stress-cluster/cluster/azure/main.bicep b/tools/stress-cluster/cluster/azure/main.bicep
@@ -98,16 +98,24 @@ module containerRegistry 'cluster/acr.bicep' = {
     }
 }
 
+var storageName = 'stressdebug${resourceSuffix}'
+
 module storage 'cluster/storage.bicep' = {
   name: 'storage'
   scope: group
   params: {
-    storageName: 'stressdebug${resourceSuffix}'
+    storageName: storageName
     fileShareName: 'stressfiles${resourceSuffix}'
     location: clusterLocation
   }
 }
 
+// Get storage account reference for key lookup (avoid key as secret output from storage module)
+resource storageAccount 'Microsoft.Storage/storageAccounts@2019-06-01' existing = {
+  name: storageName
+  scope: group
+}
+
 var appInsightsInstrumentationKeySecretName = 'appInsightsInstrumentationKey-${resourceSuffix}'
 // Value is in dotenv format as it will be appended to stress test container dotenv files
 var appInsightsInstrumentationKeySecretValue = 'APPINSIGHTS_INSTRUMENTATIONKEY=${appInsights.outputs.instrumentationKey}\n'
@@ -120,9 +128,9 @@ var appInsightsConnectionStringSecretValue = 'APPLICATIONINSIGHTS_CONNECTION_STR
 // See https://docs.microsoft.com/azure/aks/azure-files-volume#create-a-kubernetes-secret
 // See https://docs.microsoft.com/azure/aks/azure-files-csi
 var debugStorageKeySecretName = 'debugStorageKey-${resourceSuffix}'
-var debugStorageKeySecretValue = storage.outputs.key
 var debugStorageAccountSecretName = 'debugStorageAccount-${resourceSuffix}'
 var debugStorageAccountSecretValue = storage.outputs.name
+var debugStorageKeySecretValue = '${storageAccount.listKeys().keys[0].value}'
 
 module keyvault 'cluster/keyvault.bicep' = {
     name: 'keyvault'

diff --git a/...ss-cluster/cluster/kubernetes/stress-test-addons/images/test-resource-deployer/Dockerfile b/...ss-cluster/cluster/kubernetes/stress-test-addons/images/test-resource-deployer/Dockerfile
@@ -1,5 +1,7 @@
 FROM mcr.microsoft.com/azure-powershell:mariner-2
 
+RUN yum update -y
+
 RUN curl -LO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl"
 RUN install -o root -g root -m 0755 kubectl /usr/local/bin/kubectl
 RUN kubectl version --client

diff --git a/tools/stress-cluster/services/Stress.Watcher/Dockerfile b/tools/stress-cluster/services/Stress.Watcher/Dockerfile
@@ -1,5 +1,7 @@
 FROM mcr.microsoft.com/dotnet/sdk:8.0-cbl-mariner2.0 AS build
 
+RUN yum update -y
+
 COPY ./src /src
 
 RUN cd /src && dotnet publish -c Release -o /stresswatcher -r linux-x64 -f net8.0 -p:PublishSingleFile=true --self-contained