* remove l2bridge checker and l2tunnel mode
* fix l2bridge type
* fix the comment to add an UT to ensure hcn network type is always l2bridge
* go format to fix the linter issue
* add dualnic windows multitenancy test
* add linux multitenancy test
* add linux swiftv2 multi nic ep info test
* add windows swiftv2 infra with delegated ep info test
* add check to ensure epInfo.ifName is overwritten in add endpoint for linux swiftv2
* test options set in invoker propagate to all endpoint infos
* test dns in nwCfg propagates to all endpoint infos
* test options and data are created for each endpoint info
* address linter issues
* modify accelnet path in cni
* remove all occurences of accelnetnic type since not sent by cns middleware
* remove all accelnet specific UTs
* remove additional UTs referring to accelnet in invoker_cns & network_test
* fix: additional UTs in endpoint_windows
invoker_mock - removed accelnet flags
* add UTs for adding interface NICs to cni Result
* add UTs to add interface nics to cniResult
* add an unhappy path ut
* fix linter issues
* fix linter issues
* add a new UT
* fix comments
* remove configurhcnEndpoint UT
* fix linter issue
* fix comments
* fix UT
---------
Signed-off-by: Paul Yu <129891899+paulyufan2@users.noreply.github.com>
* fix: dualnic options
* fix comments
* add log
* add ut for ShallowCopyIpamAddConfigOptions
* add log to setNetworkOptions in Linux
* add interfaceInfo print back
* fix zap log
* comment fix
* fix UT variables
* print options in endpoint creation
* fix UTs
* add one more UT
* minor: change the newSNATIPKeyValue name
* enhance log line
* add accelnet support for CNI
* add uts for AccelnetNIC on CNI
* add more uts
* fix an ut
* fix uts
* add ut to endpoint_test
* add endpoint impl test cases for accelnet
* gofummpt windows test
* fix logic of accelnet
* fix logic of accelnet
* modify uts
* remove an ut
* fix one ut issue
* accelnet interface should set default route
* fix some uts
* remove an ib ut
* fix comments
* fix comments and add uts
* add more uts
* fix an linter issue
* fix comments
* add comment for iov flag
* fix comments
* add endpoint deletion
* add HNSV2 check
* add UT to make sure endpoint and networ deletion called
* add a new test to make infraNIC network is not deleted
* add errMsg
* fix error msg
* add windows test cases for endpoint state deletion
* fix linter issue
* fix a linter issue
* remove hardcode hcniov flag
* comments fix
* add uts for transparent network deletion
* fix comment when hns id is empty
* fix the UT when hns id is empty
* skip linter issue
* change the delegatedVMNIC to NodeNetworkInterfaceFrontendNIC
* fix an ut
* fix add accelnet policy setting ut
* validate endpoint struct after endpoint creation
* add uts to validate endpoint info and endpoint structs have hns network and endpoint id fields populated
endpoint struct should have the hns endpoint id after new endpoint
endpoint info struct should have the hns endpoint id after new endpoint as well
network struct should have the hns network id after new network
endpoint info struct should have the hns network id after new network as well
endpoint struct should have the hns network id after new endpoint if endpoint info had it
* address linter issue
* address feedback by validating info sent to cns
* modify hnsv2 wrapper behavior to only set hns id if not already set for npm uts
* add L1VH IB support on CNI
* fix IB issues
* fix UT errors
* fix linter issues
* add win 2025 support for cni image build
* add and comments
* fix a logic bug
* disable endpoint creation and deletion if it's IB NIC
* fix a linter issue
* add UTs
* add UTs for powershell
* enhance Test_getInterfaceInfoKey test case
* remove windows 2025 build from pipeline
* fix some issues
* add an UT to test pnpID
* fix an issue
* fix an ut
* add double quotes
* unblock a brunch of issues
* remove unnecessary codes
* upgradelatest upstream cnii build
* fix a log
* add windows build on pipeline temporarily
* remove backendNIC check for findMasterInterface
* add ut to confirm IB does not create endpoint
* fix linter issue that use %q
* format network.go
* add more uts to cover powershell commands
* remove windows2025 pipeline build
* enhance logs
* fix cniResult format
* add getPnpidstate func
* fix the issue for infraNIC routes
* fix the issue for infraNIC routes
* fix gateway ip address
* add get-pnpdevice UT
* add accelnetNIC support for L1VH
* enhance logic for accelnet nic netowrk flag
* enhance network windows uts
* fix bitmask operator
* use another PR for accelnet PR
* gofumpt files
* fix comments for functional codes
* add uts
* add more uts
* fix uts
* fix functional codes comments
* Update cni/network/network.go
Co-authored-by: tamilmani1989 <tamanoha@microsoft.com>
Signed-off-by: Paul Yu <129891899+paulyufan2@users.noreply.github.com>
* fix latest comments
* fix an UT
* fix invoker_cns_test.go
* fix ut bugs
* fix ut with SkipDefaultRoutes
* add combination ut
* add combination ut
* add ncGateway address to ut
* fix an ut bug
* fix ut bug
* add unhappy test cases
* add endpoint add and deletion cases
* push mock network creation hns api test cases
* remove network creation hns call
* add uts to mock hns network and endpoint calls
* fix ut linter issues
* add infraNIC only invoker test case
* add unhappy path test case
* remove infraNIC only case
* remove unhappy test case
* re-archetect cni ib codes and test
* remove unnecessary logs
* save endpoint state
* save endpoint object for IB
* fix linter issue
* fix a brunch of linter issues
* fix linter issues
* fix linter issue
* fix ut for returned error msg
* temporary add manifest build for CNS/CNI to pipeline
* feedback fix
* fix linter issue
* add ut to get networkName and networkID
* remove Ankit's PR to build cns image
* revert Ankit's changes back
* remove win2025 build from pipeline
* log error for invalid mac address
* revert convertInterfaceInfoToCniResult impl
* fix feedback
* add crd changes to test
* add win2025 yaml to build image
* pass containerID to cns
* revert changes back for review
* revert changes back for review
* gofumpt endpoint.go
* remove comment
* add latest comments
* Update network/endpoint_windows.go
Co-authored-by: tamilmani1989 <tamanoha@microsoft.com>
Signed-off-by: Paul Yu <129891899+paulyufan2@users.noreply.github.com>
* fix a linter issue
* add error check
* add error check
* gofumpt endpoint windows test file
---------
Signed-off-by: Paul Yu <129891899+paulyufan2@users.noreply.github.com>
Co-authored-by: tamilmani1989 <tamanoha@microsoft.com>
* ci: changes up to endpointInternal
* ci: remove defaultInterface from invoker
* ci: change up to CreateEndpoint
* ci: changes up to CreateEndpoint()
* ci: invoker cns and UT fixes
* ci: add fixes to UT(s), capture non populated defaultInterface failures
* ci: multitenancy changes
* ci: invoker azure changes & remove all defaultInterfaceInfo possible
* ci add NICType to baremetal flow
* chore: address comments
* merge nw info fields to ep info and draft new createEndpoint function
* restruct ipamAddResult struct
* reorder code to create epinfo first, and then create network and ep based on epinfo
* add getNwInfo and generate ipamAddResult
* fix network windows.go
* create nw info first and create nw and ep dns info
* fix testIpamAddFail ut referencing wrong redeclared err variable, fix error message
* UT fix part one
* fix the getNetworkID and getNetworkInfo
* move create endpoint to network package, remove ifIndex as needed
* use function to get network id
* unify creation of nw and endpoint info by removing switch
* change functions to consume ep info instead of nw info
* remove unused variable accidentally added earlier
* update old azure ipam invoker to use ep info and change ids to network ids when appropriate
previously we renamed the NetworkInfo symbol to EndpointInfo in lots of places, but the Id in Network Info is NOT the same as Endpoint Info, so while the code compiles, code that previously used the id field of the network info struct would now be using the id field of the endpoint info struct. It should use the NetworkId field of the endpoint info struct instead.
* rename endpoint info id field to EndpointID to remove ambiguity
* change nw info to ep info in windows
* adjust comments
* move all methods in create ep info dependent on nw info to use ep info instead (windows and linux)
addSubnetToNetworkInfo, setNetworkOptions, and getEndpointPolicies. getEndpointPolicies will now take just the subnets needed as a parameter rather than the whole nw or ep info.
* make cnm compile (not necessarily correct)
* make all tests compile except endpoint test secondary client (windows and linux) (not necessarily correct)
* comment out endpoint test secondary endpoint client case to make tests compile
* address todos and comments from meeting
* remove duplicated code for populating address in ep info generation
* update EndpointCreate to support multiple infra nic
* save all endpoints to state, regardless of type, use either stateless or cni statefile
undos some changes in "move create endpoint to network package, remove ifIndex as needed"
deletion flow needs to figure out how to tell if the nic type is delegated
1 interface info : 1 endpoint info : 1 endpoint struct mapping
* fix dual nic support conditional and finding master interface ip
the master interface ip must be in a particular form where the last few bits are zeroed out based on the mask or we won't find the ip
for example, while the host subnet perfix is 10.224.0.113/16, the ip that should be passed into find master interface (subnet) should be 10.224.0.0/16 which matches one of the interfaces' ipnet (10.224.0.0/16)
* fix empty network name
when we need to create a network, we collect the network information, but if we do not find the network, we return an empty nw info and an error
when we create the endpoint we need to use endpoint info's network id, not the (possibly) empty network info struct's network id
* make network_test.go compile (linux and windows compile)
unit tests are not necessarily correct at this point
* add NICType to endpoint struct and populate it
important: when getting the endpoint state, the NIC Type field is not populated, leading to deletes not having a NIC Type; this should be changed so that getting the state populates that field
including the nic type allows us to simplify the secondary endpoints delete flow (just check if the nic type is delegated instead of checking if the secondary interfaces map is populated)
smoke tested:
linux aks podsubnet (same vm, multi vm, internet, cni statefile consistent)
linux standalone transparent vlan multitenancy (same vm, multi vm, internet, multi vnet, no connection between coke pepsi, cni statefile consistent)
windows standalone bridge multitenancy single customer (same vm connections, internet, dns only, cni statefile consistent, 2 pods deleting and recreating)
* ci: InterfaceInfo Map
* fix multitenancy_test ut by changing key
* add endpoint id to secondary ep info test since we populate the id in the actual flow
* fix cni network_test linux and ensure secondary create ep info does not break
in network_test we pass in sample delegated (secondary) data to Add which we then create endpoint info from
even with most fields empty, in linux, the ep info is created without erroring
* make invoker_cns_test linux pass
running all linux package tests for network and cni package pass (or also fail on master, like createBridge)
windows unit tests mostly all fail for the same ones on master and this branch
summary:
- network_windows_test.go
○ TestFailToAddIPv6DefaultRoute already fails on master
- network_test.go
○ 9 tests fail on master, 9 tests fail on my branch
- manager_test.go
○ 9 tests fail on master, 9 tests fail on my branch
- endpoint_windows_test.go
○ TestNewAndDeleteEndpointImplHnsV2 already timeouts on master
- endpoint_test.go
○ 9 tests fail on master, 9 tests fail on my branch
- network_windows_test.go
○ FAIL: TestPluginSecondAddSamePodWindows/CNI_consecutive_add_already_hot_attached
○ FAIL: TestPluginSecondAddSamePodWindows/CNI_consecutive_add_not_hot_attached
○ We don't handle consecutive add anymore
- network_test.go
○ TestPluginMultitenancyAdd/Add_Happy_path fails on master and my branch (received multiple NC results [] from CNS while dualnic feature is not supported)-- we still get two items on our list/map though which is expected
- invoker_cns_test passes
- invoker_azure_test passes
- multitenancy_test passes
The consecutive add tests fail but that is expected since we no longer support it.
* modify delete flow to handle multiple epinfos to delete
delete ALL endpoints related to the endpoint infos list in the event cni fails half-way through an add (one failed endpoint create and we delete all would-be-create endpoints and the state)
replace looping over deletion code "n" number of times with getting a slice of endpoint infos to delete
modify stateless cni code to retrieve a slice of network endpoint infos from a single response based on the container id (container id can be used in stateless cni for retrieval)
incorporate stateless cni changes from other branch (cns client/ipam/restserver changes)
modify get endpoint state to return slice of endpoint infos, and getting an endpoint will return an endpoint from that slice with nic type infra
move edge case where endpoint is not created in the state but ips are already allocated to immediately after retrieving all ep infos
fix mock behavior for getting all endpoints by container id
move getting network id and network info out of the loop because their values do not seem to change between iterations
move deletion of endpoint logic into a dedicated loop, and then create a dedicate loop for calling ipam delete to prevent inconsistent state
all expected unit tests on linux pass
* address feedback
* Make change to UpdateEndpointState API to support SwiftV2 for Stateless CNI
* change save state to only call update endpoint state once with a slice of endpoints, uts pass
* fix using nonexistent key by passing in current interface info directly
* fix azure ipam invoker not getting a populated network info for legacy cni
* add L1VH windows support
* add nic type to windows endpoints
* move adding an external interface code to run only when creating a new network
this change reflects prior behavior, where we would only add an external interface to the statefile if the network (after searching through all external interfaces) was not found
currently, if there are multiple interfaces that could be selected as the master, we would add each external interface to the statefile, even if the *network* is associated with one of the existing interfaces
while we would still always find the same network (thanks to having a constant NetworkId, regardless of the external interface), you could get an extra empty external interface in your statefile
this commit should remove that possibility (the extra external interface shouldn't really matter in the first place though because we always select the external interface that has a matching network created on it)
this should be os agnostic
* update comments, first todo check pass
* address some linter issues
* rename networkId to networkID in endpoint info
ran package tests in windows and linux for cni and network packages
ran package tests in linux for cns restserver
all have expected outputs (either pass, or also fails on master branch)
* address linter issues
* preserve more logs and reduce timeout for restart for debugging
* clean comments and rename for clarity
if we use the endpoint info for the network info fields, we name it nwInfo as a hint
* address more linter issues
linux network, restserver, and cni package tests pass
* Revert "preserve more logs and reduce timeout for restart for debugging"
This reverts commit 0f004925cf.
* ignore error on delete flow network query
if we are in stateful cni and do not find the network, we will not error, but when we search for the endpoint it will not be found, leading to us calling ipam invoker delete which is assumed idempotent before returning
previously we would error in stateful cni and return before calling ipam invoker delete
* delete network on endpoint delete if stateless and delegated vmnic (win + linux)
* add nic name, set nicname in linux to master interface name
stateless will key into interface map with the nicname field
in windows, the nicname field is based on the args ifname (usually eth0)
in linux, the nicname field is based on the master interface found (usually eth0)
note:
hostifname/hostvethname = linux veth pair peer in the host ns
ifname/contifname = linux veth pair peer in the container ns, in windows it's just the args ifname
nicname is something else
ifname isn't used during deletion in linux, hns id is used for deletion in windows
* return secondary interface as cni result if no infra nic found, include mac address in cni result
* address linter issue
* fix critical error where failing to add in windows stateless would lead to hns components not being deleted and add netns for hnsv2
tested by triggering a failure to save the stateless state and seeing that the hns endpoint and network are cleaned up
we use the endpoint info to clean up on "add" error, but previously, we didn't populate it with the hns ids to do so
adds netns to stateless as the presence of a valid guid in netns determines if hnsv2 is used
* set nicname used in stateless cni according to feedback
* add dummy guid to stateless delete since we assume stateless is always hnsv2
we assume that the netns value isn't used in stateless deletion
* clean up createEpInfo, declare endpoint info once
* address feedback from vipul
* change comments only
* revert change to cns package
* fix stateless cni migration flow not having nictype on migrate
* keep nwInfo variables named the same as before pr (noop)
* separate endpoint and network policies in endpoint info
behavior should not change except in hnsv1, where network policies passed into network create call will NOT include endpoint policies
endpoint policies always include network policies
* address feedback from reviewers
* address feedback and account for case where cns provides info without nic type
if nic type is empty from cns in invoker cns, we assume it is infra nic type and populate it with infra nic type
* address feedback to declare endpoint info once and populate all fields at once
moved add subnets to after endpoint info created
moved retrieval of all endpoint policies (from getEndpointPolicies and getPoliciesFromRuntimeCfg)until after endpoint info created
network policies are just passed in from the args unaltered
* use ifname instead of nicname field in endpoint struct as key in stateless
* convert macaddress only nictype is delegatedvmnic
* address feedback by removing network dns settings
* address linter issues (noop)
* address feedback and linter (noop)
* remove unused consecutive add funcs (noop)
* fix release ips when create a container without nictype using older cni and then upgrade cni and delete
if we create a pod with an older cni version, it won't have a nictype
if we upgrade cni and then delete, we should treat an empty nictype as an infra nictype and
call the invoker delete
* prevent eps with delegated nic type present on ep from also calling transparent endpoint client on delete
tested on swift v2 linux single pod add, change cni to this version, delete (ok)
then add using this cni version and delete, no extraneous transparent endpoint client calls logged
* mock get interface method for ut
searched for "NetPlugin" in all files and determined all prod use of NetPlugin goes through NewNetPlugin where we set the get interface method to the real interface get method
adds ut where the master interface (by mac) is not found
* address feedback (noop)
* add ut for handling empty nictype on cns add (noop)
* add multitenancy delete net not found ut (noop)
* add uts for multi interface infos single add call, verify endpoint id, cns to cni data conversion and vice versa, get endpoint info from container id (noop)
verifies partial success will delete all endpoints, even successfully created ones in the same cni add call
* add ut for all pods associated with container id delete in one del call, new secondary delete flow (noop)
* add two UTs
* fix a linter issue
* add ut to check endpoint ifname on new endpoint creation based on nictype (noop)
* add ut for fail to find interface by subnet (noop)
* Adding support for Stateless CNI Delete Edge case when there in no HNS ID
* fix uts
* fix linter issues
* fix ut
---------
Co-authored-by: jpayne3506 <payne.3506@gmail.com>
Co-authored-by: paulyufan2 <paulyu01@outlook.com>
Co-authored-by: AzureAhai <behzadm@microsoft.com>
* Modyfying stateless CNI state to account for swift 2.0 changes
* Removing SecondaryNICInfor fro EPInfo.
* removing SecondaryNic from the epInfo.
* Make change to UpdateEndpointState API to support SwiftV2 for Stateless CNI
* updating Makefile to include azure CNI binary.
* add ipv6 default route to dualstack windows nodes
* fix comments
* add UT for adding ipv6 default route
* add UT for adding ipv6 default route
* fix linter issue
* fix comments
* fix comments
* fix an issue
* fix comments and UT
* fix the UT test
* fix the subnet family afINET
* fix the UT test
* fix an UT test
* fix Ramiro's comments
* fix latest comments
* fix a linter issue
* add context to failure of UT test
* Update network/network_windows.go
Co-authored-by: tamilmani1989 <tamanoha@microsoft.com>
Signed-off-by: Paul Yu <129891899+paulyufan2@users.noreply.github.com>
* add an UT to cover failure case
* change the UT name
* add UT to mock powershell command
* fix UT
* fix linter issue
---------
Signed-off-by: Paul Yu <129891899+paulyufan2@users.noreply.github.com>
Co-authored-by: tamilmani1989 <tamanoha@microsoft.com>
* Move network utils functions with iptables to new file
* Add receiver to iptables and create interface
* Resolve conflicts from rebasing
* Add changes for building on windows
* Address linter issues
* Address windows linter issues
* Invert if condition for linter nesting
* Scope iptables interfaces to package
* Rename iptables client to avoid stuttering
* Move EnableIPForwarding to snat linux
* Rename ipTablesClientInterface to ipTablesClient
* Address linter issues from moving enable ip forwarding function
* Rename after rebase
* feat: 🌈 StatelessCNI: Adding getEndpoint and UpdateEndpoint API to CNS (#2102)
* Adding getEndpoint and UpdateEndpoint API to CNS with the respective clients in support of stateless CNI.
* Updating the unit tests and address the comments.
* Addressing the comments.
* Addressing the coments regarding CNS support for Stateless CNI
* Adddressing the PR comments
* 🌈 feat: adding flags for stateless cni (#2103)
feat: stateless cni
* 🌈 feat: StatelessCNI: Applying stateless CNI mode changes in network package. (#2197)
* Apllying stateless CNI mode in network package.
* Addresing the commetns.
* feat: create stateless cni binary for swift (#2275)
* enabling CNS telemetry
* Master rebase changes
* CNI Telemetry enabled on CNS
* Stateless CNI changes.
* making change to CNSendpointStorePath
* Updating makefile to avoid creating statless CNI release.
---------
Co-authored-by: Vipul Singh <vipul21sept@gmail.com>
* Add vm and vnet ns block wireserver port 80 rule
* Use existing variable for known ip
* Move code to networkutils
* Address feedback
* Address iptables version feedback
* Address protocol and format feedback
* Add comments
* Remove cidr in case ipv6 is used
* Make initial changes to enable forwarding
Reuse existing code to enable ip forwarding
Add forwarding message
Add transparent vlan config to dropgz
Add enable ip forward to each network namespace for redundancy
* Add general run with retries function
* Migrate existing code to use retry function
* Add retries for checking of vnet and container veth creation
* Add preliminary repair item fixes
* Clarify log message
* Fix unit tests, move ensure clean populate vm to add endpoints, remove ip forwarding fix as it is in other branch
* Move setting link netns and confirmation to function
* Add tests for setLinkNetNSAndConfirm
* Address linter issues
* Add vm ns to vnet namespace log statement
* Fix after rebasing in swift refactoring changes from master
* Address feedback and check error message
* Address feedback
* Address linter issue
* Address log feedback
* Address feedback by asserting any error is an interface not found error
* Enable ipv4 forwarding on network creation
* Add multitenancy transparent vlan conflist to dropgz
* Test if applying fix each time works
* Address linter issues
* Revert "Test if applying fix each time works"
This reverts commit 8989dedc2e.
* Remove overlap in adding dropgz conflist
* Add unit test if forwarding fails
* Make error handling consistent with ipv6 forwarding
* Address linter issue
* wip: apply dirty NetPols every 500ms in Linux
* only build npm linux image
* fix: check for empty cache
* feat: toggle for netpol interval. default 500 ms
* ci: remove stages "build binaries" and "run windows tests"
* wip: max batched netpols (toggle-specified)
* ci: remove manifest build/push for win npm
* wip: handle ipset deletion properly and max batch for delete too
* fix: correct remove policy
* fix: only remove policy if it was in kernel
* finalize toggles, allowing ability to turn off iptablesInBackground
* ci: conf + cyc use PR's configmaps
* fix: lints
* fix dp toggle: iptablesInBackground
* fix lock typo and config logging
* fix background thread. add comments. only add tmp ref when enabled
* copy pod selector list
* fix: removepolicy needs namespace too
* rename opInfo to event
* fix: fix references and prevent concurrent map read/write
* tmp: debug logging
* fix: missing set references by swap keys and values
* Revert "tmp: debug logging"
This reverts commit 70ed34c714ea4a6d009a1fe90a7168be4bedd5bf.
* fix: add podSelectorList to fake NetPol
* log: do not print error when failing to delete non-existent nft rule
* log: verbose iptables bootup
* log: use fmt.Errorf for clean logging
* log: never return error for iptables in background and fix some lints
* fix: activate/deactivate azure chain rules
* fix: correctly decrement netpols in kernel
* ci: run UTs again
* ci: update profiles. default to placefirst=false
* address comment: rename batch to pendingPolicy
* refactor: make dirty cache OS-specific
* test: UTs
* test: put UT cfg back to placefirst to not break things
* ci: update cyclonus workflows
* fmt: address comment & lint
* fmt: rename numInKernel to policiesInKernel
* log: switch to fmt.Errorf
* fmt: whitespace
* feat: resiliency to errors while reconciling dirty netpols
* log: temporarily print everything for ipset restore
* fix: remove nomatch from ipset -D for cidr blocks
* test: UTs for non-happy path
* test: fix hns fake
* fix: don't change windows. let it delete ipsets when removing policies
* fix windows lint
* fix: ignore chain doesn't exist errors for iptables -D
* feat: latency and failure metrics
* test: update exit code for UT
* metrics: new metrics should go in node-metrics path
* style: simplify nesting
* style: move identical windows & linux code to shared file
* ci: remove v1 conformance and cyclonus
* feat: add NetPols in background from the DP (revert background code in pMgr)
* style: remove "background" from iptables metrics
* revert changes in ipsetmanager, const.go, and dp.Remove/UpdatePolicy
* style: whitespace
* perf: use len() instead of creating slice from map
* remove verbosity for iptables bootup
* build: add return statement
* style: whitespace
* build: fix variable shadowing
* build: fix more import shadowing
* build: windows pointer issue and UT issue
* test: fix UT for iptables error code 2
* ci: enable linux scale test
* ci: revert to master pipeline.yaml
* revert changes to chain-management. do changes in PR #2012
* log: change wording
* test: UTs for netpol in background
* log: wording
* feat: apply ipsets for each netpol individually
* config: rearrange ConfigMap & update capz yaml
* fix: windows bootup phase logic for addpolicy
* feat: restrict netpol in background to linux + nftables
* test: skip nftables check for UT
* style: netpols[0] instead of loop
* log: address log comments
* style: lint for long line
---------
Co-authored-by: Vamsi Kalapala <vakr@microsoft.com>
Paul Yu
Alexander
Kshitija Murudi
Behzad Mirkhanzadeh
Vamsi Kalapala
rayaisaiah
Jaeryn
John Payne
tamilmani1989
Hunter Gregory
Ramiro
Steven Nguyen
Paul Johnston