From 9fef78c4f0a20d241aac67e6e94cfb6851f19eca Mon Sep 17 00:00:00 2001
From: lixiaoyuner <35456895+lixiaoyuner@users.noreply.github.com>
Date: Tue, 27 Feb 2024 18:09:12 -0800
Subject: [PATCH] Install and upgrade packages for k8s master image (#18159)

### Why I did it
- Currently inside k8s master image we are going to use AAD to do authentication related stuff with python language, we need to pre-install several azure key-vault related python packages.
- Need to upgrade cri-dockerd to 0.3.10 to support bookworm
- Need to change netcat package name to netcat-openbsd for bookworm
- Remove the unnecessary apt-get update
##### Work item tracking
- Microsoft ADO **(number only)**: 26435886

#### How I did it
- pip3 install azure-keyvault-secrets
- apt-get -y install netcat-openbsd
- upgrade the cri-dockerd version for bookworm
#### How to verify it
- pip3 list to check if azure-keyvault-secrets is installed inside image
- dpkg -l to check if netcat-openbsd is installed inside image
- systemctl status cri-dockerd.service to check if it's running well
---
 build_debian.sh                                 | 4 +---
 files/build_templates/sonic_debian_extension.j2 | 2 +-
 rules/config                                    | 2 +-
 3 files changed, 3 insertions(+), 5 deletions(-)

diff --git a/build_debian.sh b/build_debian.sh
index 65966f4a9..f2e7fd153 100755
--- a/build_debian.sh
+++ b/build_debian.sh
@@ -298,9 +298,7 @@ then
     echo '[INFO] Install kubernetes master'
     install_kubernetes ${MASTER_KUBERNETES_VERSION}
 
-    sudo LANG=C chroot $FILESYSTEM_ROOT apt-get update
-    sudo LANG=C chroot $FILESYSTEM_ROOT apt-get -y install hyperv-daemons gnupg xmlstarlet parted netcat
-    sudo LANG=C chroot $FILESYSTEM_ROOT apt-get -y remove gnupg
+    sudo LANG=C chroot $FILESYSTEM_ROOT apt-get -y install hyperv-daemons xmlstarlet parted netcat-openbsd
     sudo https_proxy=$https_proxy LANG=C chroot $FILESYSTEM_ROOT curl -o /tmp/cri-dockerd.deb -fsSL \
         https://github.com/Mirantis/cri-dockerd/releases/download/v${MASTER_CRI_DOCKERD}/cri-dockerd_${MASTER_CRI_DOCKERD}.3-0.debian-${IMAGE_DISTRO}_amd64.deb
     sudo LANG=C chroot $FILESYSTEM_ROOT apt-get -y install -f /tmp/cri-dockerd.deb
diff --git a/files/build_templates/sonic_debian_extension.j2 b/files/build_templates/sonic_debian_extension.j2
index e0bd1242d..97bf714e2 100644
--- a/files/build_templates/sonic_debian_extension.j2
+++ b/files/build_templates/sonic_debian_extension.j2
@@ -837,7 +837,7 @@ sudo https_proxy=$https_proxy LANG=C chroot $FILESYSTEM_ROOT pip3 install statsd
 sudo https_proxy=$https_proxy LANG=C chroot $FILESYSTEM_ROOT pip3 install kubernetes
 sudo https_proxy=$https_proxy LANG=C chroot $FILESYSTEM_ROOT pip3 install pyOpenSSL
 # Install python packages to upload and download etcd backup files for backup and restore service usage
-sudo https_proxy=$https_proxy LANG=C chroot $FILESYSTEM_ROOT pip3 install azure-storage-blob azure-identity
+sudo https_proxy=$https_proxy LANG=C chroot $FILESYSTEM_ROOT pip3 install azure-storage-blob azure-identity azure-keyvault-secrets
 sudo LANG=C chroot $FILESYSTEM_ROOT systemctl enable kubelet.service
 # Add kubernetes master entrance
 sudo cp files/image_config/kubernetes/kubernetes_master_entrance.service ${FILESYSTEM_ROOT_USR_LIB_SYSTEMD_SYSTEM}/
diff --git a/rules/config b/rules/config
index d0a4b8cb5..026cf34fb 100644
--- a/rules/config
+++ b/rules/config
@@ -217,7 +217,7 @@ MASTER_KUBERNETES_CONTAINER_IMAGE_VERSION = v1.22.2
 MASTER_PAUSE_VERSION = 3.5
 MASTER_COREDNS_VERSION = v1.8.4
 MASTER_ETCD_VERSION = 3.5.0-0
-MASTER_CRI_DOCKERD = 0.3.1
+MASTER_CRI_DOCKERD = 0.3.10
 MASTER_UI_METRIC_VERSION = v1.0.8
 MASTER_UI_DASH_VERSION = v2.7.0
 MASTER_MDM_VERSION = 2.2023.505.1124-45da18-20230505t1700