Add proxmox windows

[plouton24]

Change description

This PR adds Windows Server 2022 image support for the Proxmox provider in image-builder. For use with CAPMOX CAPI project.

The main changes are:

• add a Proxmox Windows Server 2022 make/build configuration
• add the Proxmox Windows Packer flow for proxmox-iso
• add/update the Windows unattended installation flow for Proxmox
• configure Cloudbase-Init for Proxmox NoCloud metadata via ansible overrides:
  - META_DATA
  - USER_DATA
  - NETWORK_CONFIG
• add a Proxmox-specific Cloudbase-Init helper in the Windows provider role to handle NETWORK_CONFIG
  • Cloudbase-init has PR Add proxmox cidata support cloudbase/cloudbase-init-test-resources#19 but has not been merged in. So helper script allows cloubase-init to read config data
• add ansible windows provider settings, and goss checks
• update Proxmox Windows documentation and the provider / OS support matrix

A few implementation notes:

• CAPMOX currently exposes cidata/init data using uppercase filenames, which differs from the default NoCloud naming expected by Cloudbase-Init
  • META_DATA and USER_DATA are handled through Cloudbase-Init config overrides
  • NETWORK_CONFIG is currently handled by a small Proxmox-specific python script staged through the Windows provider role
    • Unsure where best place to stage this file and or place it with in repo.

This PR adds support for a new provider / OS combination.

• Is this change including a new Provider or a new OS? (y/n) y
• If yes, has the Provider/OS matrix been updated in the readme? (y/n) y
• If adding a new provider, are you a representative of that provider? (y/n) n/a

Related issues

• Fixes #

Testing

Testing performed during development:

• built the image locally with make build-proxmox-windows-2022
• tested the image on a local Proxmox environment
• tested the image with CAPMOX via:
  • https://github.com/plouton24/capmox-cc-windows/tree/main
• validated that a CAPMOX-created Windows node booted and completed the expected bootstrap flow

Additional context

• Assumes user is running capmox for windows image.
  • due to cloubase init plugins
  • can override vars via empty string: ""
• Codex AI was used to troubleshoot and create portions of this provider.
• Goss file checks were added but not implemented into packer.json due to lack of knowledge/experience with program

[k8s-ci-robot]

Welcome @plouton24!

It looks like this is your first PR to kubernetes-sigs/image-builder 🎉. Please refer to our pull request process documentation to help your PR have a smooth ride to approval.

You will be prompted by a bot to use commands during the review process. Do not be afraid to follow the prompts! It is okay to experiment. Here is the bot commands documentation.

You can also check if kubernetes-sigs/image-builder has its own contribution guidelines.

You may want to refer to our testing guide if you run into trouble with your tests not passing.

If you are having difficulty getting your pull request seen, please follow the recommended escalation practices. Also, for tips and tricks in the contribution process you may want to read the Kubernetes contributor cheat sheet. We want to make sure your contribution gets all the attention it needs!

Thank you, and welcome to Kubernetes. 😃

[k8s-ci-robot]

Hi @plouton24. Thanks for your PR.

I'm waiting for a kubernetes-sigs member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work.

Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

[k8s-ci-robot]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
Once this PR has been reviewed and has the lgtm label, please assign averagemarcus for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[linux-foundation-easycla]

The committers listed above are authorized under a signed CLA.

• ✅ login: plouton24 / name: plouton24 (9246632, aa2a54f)

[mboersma]

Hey @plouton24, thanks for doing this work!

Could you rebase it from image-builder's main branch and squash your commits? Currently it shows 59 commits, including merge commits (which are considered invalid). That should also take care of the CLA problem, since it appears you already signed it.

[plouton24]

Hey @plouton24, thanks for doing this work!

Could you rebase it from image-builder's main branch and squash your commits? Currently it shows 59 commits, including merge commits (which are considered invalid). That should also take care of the CLA problem, since it appears you already signed it.

This has been completed.

[mboersma]

/ok-to-test

[drew-viles]

So I'm no Windows, Proxmox or Python expert - I want to prefix that. But a few things popped up in my looks through this that I wanted to ask about. See comments below :-)

[drew-viles]

Would it not be better to fail a little louder rather than return 0 if something fails? As I'm reading this, it looks like failures will happen silently meaning an image could successfully build even if something like applying the proxmox network fails.

Would we be ok with this?

[plouton24]

So this is kind of my hack to read the cloudinit network data that CAPMOX injects via a ISO-9660 cd drive for kubeadm boostrap. So this wont fail the build of the VM, as its a node first boot helper script for cloudbase-init(windows version of cloud-init). Though I should try to write to a file to troubleshoot networking incase CAPMOX changes its kubeadmbootstrap process, and be more verbose on failures.

[drew-viles]

Do we mind this being here? Is this a demo key?

[plouton24]

This to my understanding is a demo key. Copied from proxmox/ova/windows/2022/autounattend.xml

[drew-viles]

Look like duplicate lines of 862 - 865

[drew-viles]

This section looks copy-pasted: the same -var-file is passed twice, and the comment references vSphere in the Proxmox path. Is the duplicate var-file intentional?

[drew-viles]

Is this secure? Is it standard for Windows?

[plouton24]

I copied the existing winrm config from nutanix, oci and azure. Also the ansible windows workflow also has similar settings. I do agree work is needed on most windows enabled providers to disable winrm after image build if not required, as it is a security risk. Just was unsure if there were capmox/capi specific need for winrm to be enabled after build. I can test disabling this on sysprep/final build step.

[drew-viles]

Is this a WIP file and is is needed?

[plouton24]

So I'm no Windows, Proxmox or Python expert - I want to prefix that. But a few things popped up in my looks through this that I wanted to ask about. See comments below :-)

Comments on the most of the for the ones i didnt comment on I will fix via a commit. As need to fix typos and other small issues you mentioned.

[k8s-ci-robot]

PR needs rebase.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.