Install azure keyvault python package for k8s master image

[lixiaoyuner]

Why I did it

Currently we will use AAD to do authentication with python language inside k8s master, we need to pre-install azure key-vault python packages.
Found some issues to fix when I tried to test k8s master image build.

• Need to install gnupg package before installing GPG key for bookworm
• The netcat package's name has changed to netcat-openbsd in bookworm
• Upgrade the cri-dockerd version to 0.3.10 for bookworm
• Need to build a VHDX disk for convenience of image usage
• Change the k8s master change flag name to make it easy to understand
• Remove the -x for the skipvstest script due to it will add an extra quota when the variables are referred.

Work item tracking

• Microsoft ADO (number only): 26435886

How I did it

• pip3 install azure-keyvault-secrets
• apt-get -y install gnupg before install GPG key
• apt-get -y install netcat-openbsd
• upgrade the cri-dockerd version for bookworm

How to verify it

• pip3 list to check if azure-keyvault-secrets is installed inside image
• dpkg -l to check if gnupg and netcat-openbsd is installed inside image
• systemctl status cri-dockerd.service to check if it's running well

Which release branch to backport (provide reason below if selected)

• 201811
• 201911
• 202006
• 202012
• 202106
• 202111
• 202205
• 202211
• 202305

Tested branch (Please provide the tested image version)

Description for the changelog

Link to config_db schema for YANG module changes

A picture of a cute animal (not mandatory but encouraged)

[xumia]

Looks like the keep option "-k" can be removed.

[lixiaoyuner]

Looks like the keep option "-k" can be removed.

Yes, you are correct. Thanks for this comment, fixed.

[xumia]

LGTM

[losha228]

LGTM

[qiluo-msft]

apt-get update

No need to update again. #Closed

[lixiaoyuner]

apt-get update

No need to update again.

Removed

[qiluo-msft]

sudo LANG=C chroot $FILESYSTEM_ROOT apt-get update

No need to update again. #Closed

---

Refers to: build_debian.sh:281 in e65bae4. [](commit_id = e65bae4, deletion_comment = False)

[qiluo-msft]

apt-get update

No need to update again. #Closed

[lixiaoyuner]

apt-get update

No need to update again.

Removed

[qiluo-msft]

bullseye

Fixed distro is not future-proof. #Closed

[lixiaoyuner]

bullseye

Fixed distro is not future-proof.

Have changed this back, the cri-dockerd latest version has bookworm version, I have upgraded the version to 0.3.10

[qiluo-msft]

gnupg

This will install more package(s) into sonic image. Is it really needed? Your intention is to change master image only.

[lixiaoyuner]

gnupg

This will install more package(s) into sonic image. Is it really needed? Your intention is to change master image only.

Yes, indeed need to install gnupg before install gpg file for bookworm, I have removed gnupg after installing the gpg file.

[lixiaoyuner]

/azpw run

[mssonicbld]

/AzurePipelines run

[azure-pipelines]

You have several pipelines (over 10) configured to build pull requests in this repository. Specify which pipelines you would like to run by using /azp run [pipelines] command. You can specify multiple pipelines using a comma separated list.

[lixiaoyuner]

/azpw run

[mssonicbld]

/AzurePipelines run

[azure-pipelines]

You have several pipelines (over 10) configured to build pull requests in this repository. Specify which pipelines you would like to run by using /azp run [pipelines] command. You can specify multiple pipelines using a comma separated list.

[liushilongbuaa]

/azpw ms_conflict

[liushilongbuaa]

/azpw ms_conflict

[qiluo-msft]

remove

purge is better than remove #Closed

[qiluo-msft]

Unnecessary change?