diff --git a/cluster/gce/windows/common.psm1 b/cluster/gce/windows/common.psm1 index f345ac2d3ae..73af2a12b81 100644 --- a/cluster/gce/windows/common.psm1 +++ b/cluster/gce/windows/common.psm1 @@ -146,5 +146,20 @@ function MustDownload-File { } } +# Returns true if this node is part of a test cluster (see +# cluster/gce/config-test.sh). $KubeEnv is a hash table containing the kube-env +# metadata keys+values. +function Test-IsTestCluster { + param ( + [parameter(Mandatory=$true)] [hashtable]$KubeEnv + ) + + if ($KubeEnv.Contains('TEST_CLUSTER') -and ` + ($KubeEnv['TEST_CLUSTER'] -eq 'true')) { + return $true + } + return $false +} + # Export all public functions: Export-ModuleMember -Function *-* diff --git a/cluster/gce/windows/configure.ps1 b/cluster/gce/windows/configure.ps1 index e5503601743..dffb8cf19d6 100644 --- a/cluster/gce/windows/configure.ps1 +++ b/cluster/gce/windows/configure.ps1 @@ -77,18 +77,6 @@ function FetchAndImport-ModuleFromMetadata { Import-Module -Force C:\$Filename } -# Returns true if this node is part of a test cluster (see -# cluster/gce/config-test.sh). -# -# $kube_env must be set before calling this function. -function Test-IsTestCluster { - if ($kube_env.Contains('TEST_CLUSTER') -and ` - ($kube_env['TEST_CLUSTER'] -eq 'true')) { - return $true - } - return $false -} - try { # Don't use FetchAndImport-ModuleFromMetadata for common.psm1 - the common # module includes variables and functions that any other function may depend @@ -104,8 +92,9 @@ try { Set-PrerequisiteOptions $kube_env = Fetch-KubeEnv + Disable-WindowsDefender - if (Test-IsTestCluster) { + if (Test-IsTestCluster $kube_env) { Log-Output 'Test cluster detected, installing OpenSSH.' FetchAndImport-ModuleFromMetadata 'install-ssh-psm1' 'install-ssh.psm1' InstallAndStart-OpenSsh diff --git a/cluster/gce/windows/k8s-node-setup.psm1 b/cluster/gce/windows/k8s-node-setup.psm1 index 01fe4d00725..840ea2e49fa 100644 --- a/cluster/gce/windows/k8s-node-setup.psm1 +++ b/cluster/gce/windows/k8s-node-setup.psm1 @@ -221,13 +221,6 @@ function Set-PrerequisiteOptions { sc.exe config wuauserv start=disabled sc.exe stop wuauserv - # Windows Defender periodically consumes 100% of the CPU. - # TODO(pjh): this (all of a sudden, ugh) started failing with "The term - # 'Set-MpPreference' is not recognized...". Investigate and fix or remove. - #Log-Output "Disabling Windows Defender service" - #Set-MpPreference -DisableRealtimeMonitoring $true - #Uninstall-WindowsFeature -Name 'Windows-Defender' - # Use TLS 1.2: needed for Invoke-WebRequest downloads from github.com. [Net.ServicePointManager]::SecurityProtocol = ` [Net.SecurityProtocolType]::Tls12 @@ -237,6 +230,24 @@ function Set-PrerequisiteOptions { Install-Module -Name powershell-yaml -Force } +# Disables Windows Defender realtime scanning if this Windows node is part of a +# test cluster. +# +# ${kube_env} must have already been set. +function Disable-WindowsDefender { + # Windows Defender periodically consumes 100% of the CPU, so disable realtime + # scanning. Uninstalling the Windows Feature will prevent the service from + # starting after a reboot. + # TODO(pjh): move this step to image preparation, since we don't want to do a + # full reboot here. + if ((Test-IsTestCluster ${kube_env}) -and + ((Get-WindowsFeature -Name 'Windows-Defender').Installed)) { + Log-Output "Disabling Windows Defender service" + Set-MpPreference -DisableRealtimeMonitoring $true + Uninstall-WindowsFeature -Name 'Windows-Defender' + } +} + # Creates directories where other functions in this module will read and write # data. function Create-Directories {