mirror of https://github.com/k3s-io/k3s
Merge pull request #74444 from pjh/gce-windows-no-defender
Disable Windows Defender on Windows nodes.pull/564/head
Kubernetes Prow Robot
GitHub
commit
2aacb77374
|
|
@ -146,5 +146,20 @@ function MustDownload-File {
|
|||
}
|
||||
}
|
||||
|
||||
# Returns true if this node is part of a test cluster (see
|
||||
# cluster/gce/config-test.sh). $KubeEnv is a hash table containing the kube-env
|
||||
# metadata keys+values.
|
||||
function Test-IsTestCluster {
|
||||
param (
|
||||
[parameter(Mandatory=$true)] [hashtable]$KubeEnv
|
||||
)
|
||||
|
||||
if ($KubeEnv.Contains('TEST_CLUSTER') -and `
|
||||
($KubeEnv['TEST_CLUSTER'] -eq 'true')) {
|
||||
return $true
|
||||
}
|
||||
return $false
|
||||
}
|
||||
|
||||
# Export all public functions:
|
||||
Export-ModuleMember -Function *-*
|
||||
|
|
|
|||
|
|
@ -77,18 +77,6 @@ function FetchAndImport-ModuleFromMetadata {
|
|||
Import-Module -Force C:\$Filename
|
||||
}
|
||||
|
||||
# Returns true if this node is part of a test cluster (see
|
||||
# cluster/gce/config-test.sh).
|
||||
#
|
||||
# $kube_env must be set before calling this function.
|
||||
function Test-IsTestCluster {
|
||||
if ($kube_env.Contains('TEST_CLUSTER') -and `
|
||||
($kube_env['TEST_CLUSTER'] -eq 'true')) {
|
||||
return $true
|
||||
}
|
||||
return $false
|
||||
}
|
||||
|
||||
try {
|
||||
# Don't use FetchAndImport-ModuleFromMetadata for common.psm1 - the common
|
||||
# module includes variables and functions that any other function may depend
|
||||
|
|
@ -104,8 +92,9 @@ try {
|
|||
|
||||
Set-PrerequisiteOptions
|
||||
$kube_env = Fetch-KubeEnv
|
||||
Disable-WindowsDefender
|
||||
|
||||
if (Test-IsTestCluster) {
|
||||
if (Test-IsTestCluster $kube_env) {
|
||||
Log-Output 'Test cluster detected, installing OpenSSH.'
|
||||
FetchAndImport-ModuleFromMetadata 'install-ssh-psm1' 'install-ssh.psm1'
|
||||
InstallAndStart-OpenSsh
|
||||
|
|
|
|||
|
|
@ -221,13 +221,6 @@ function Set-PrerequisiteOptions {
|
|||
sc.exe config wuauserv start=disabled
|
||||
sc.exe stop wuauserv
|
||||
|
||||
# Windows Defender periodically consumes 100% of the CPU.
|
||||
# TODO(pjh): this (all of a sudden, ugh) started failing with "The term
|
||||
# 'Set-MpPreference' is not recognized...". Investigate and fix or remove.
|
||||
#Log-Output "Disabling Windows Defender service"
|
||||
#Set-MpPreference -DisableRealtimeMonitoring $true
|
||||
#Uninstall-WindowsFeature -Name 'Windows-Defender'
|
||||
|
||||
# Use TLS 1.2: needed for Invoke-WebRequest downloads from github.com.
|
||||
[Net.ServicePointManager]::SecurityProtocol = `
|
||||
[Net.SecurityProtocolType]::Tls12
|
||||
|
|
@ -237,6 +230,24 @@ function Set-PrerequisiteOptions {
|
|||
Install-Module -Name powershell-yaml -Force
|
||||
}
|
||||
|
||||
# Disables Windows Defender realtime scanning if this Windows node is part of a
|
||||
# test cluster.
|
||||
#
|
||||
# ${kube_env} must have already been set.
|
||||
function Disable-WindowsDefender {
|
||||
# Windows Defender periodically consumes 100% of the CPU, so disable realtime
|
||||
# scanning. Uninstalling the Windows Feature will prevent the service from
|
||||
# starting after a reboot.
|
||||
# TODO(pjh): move this step to image preparation, since we don't want to do a
|
||||
# full reboot here.
|
||||
if ((Test-IsTestCluster ${kube_env}) -and
|
||||
((Get-WindowsFeature -Name 'Windows-Defender').Installed)) {
|
||||
Log-Output "Disabling Windows Defender service"
|
||||
Set-MpPreference -DisableRealtimeMonitoring $true
|
||||
Uninstall-WindowsFeature -Name 'Windows-Defender'
|
||||
}
|
||||
}
|
||||
|
||||
# Creates directories where other functions in this module will read and write
|
||||
# data.
|
||||
function Create-Directories {
|
||||
|
|
|
|||
Loading…
Reference in New Issue