Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

update connectedk8s for ARM metadata 2022-09-01 #6328

Merged
merged 1 commit into from
Aug 3, 2023
Merged

update connectedk8s for ARM metadata 2022-09-01 #6328

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
39 changes: 5 additions & 34 deletions src/connectedk8s/HISTORY.rst
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,11 @@
.. :changelog:

Release History
===============

1.4.0
++++++
* Added support for reading ARM metadata 2022-09-01.

1.3.20
++++++
Expand All @@ -9,19 +14,16 @@ Release History

1.3.19
++++++

* Adding outbound network connectivity check for Cluster Connect (OBO endpoint)

1.3.18
++++++

* Cleaning up stale CRDs if present during onboarding (even in absence of azure-arc release)
* Adding retries in Helm client download
* Added some failures to be classified as userfaults

1.3.17
++++++

* Added a spinner which runs while ARM resource is being provisioned
* Added additional logging to indicate which step is running

Expand All @@ -34,174 +36,143 @@ Release History

1.3.15
++++++

* Diagnoser Enhancements - storing metadata and KAP CR snapshots , azure-arc helm values , azure-arc ns secret list
* Removing circular imports of 1. custom from precheckutils and 2.(precheckutils and troubleshootutils) from utils
* Adding back heuristics detection in connect command

1.3.14
++++++

* Changing telemetry push interval to 1 hr
* Adding two new supported infra values - Windows 10 IoT Enterprise, LTSCWindows 10 Enterprise LTSC
* Saving cluster diagnostic checks pod and job logs

1.3.13
++++++

* Bumping up the cluster diagnostic checks helm chart version - Nodeselector addition

1.3.12
++++++

* Added retries for helm chart pull and config DP POST call
* Fix parameterizing for kid in csp method
* Bug fix in delete_arc_agents for arm64 parameter
* Added specific exception messages for pre-checks

1.3.11
++++++

* Added support for custom AAD token
* Removed ARM64 unsupported warning
* Increased helm delete timeout for ARM64 clusters
* Added multi-architectural images for troubleshoot* Delete azure-arc-release NS if exists as part of delete command

1.3.10
++++++

* Added CLI heuristics change
* Added AKS IOT infra support
* Bug Fix in precheckutils

1.3.9
++++++

* Added DNS and outbound connectivity prechecks in connect command

1.3.8
++++++

* Added connectedk8s proxy support for fairfax

1.3.7
++++++

* Install new helm release in azure-arc-release NS

1.3.6
++++++

* Updated patch behaviour for Azure Hybrid Benefit property

1.3.5
++++++

* Added software assurance related changes for AKS HCI
* Added parameter for overriding container log path
* Updated kubernetes package dependency to 24.2.0

1.3.4
++++++

* Fixed a proxy related bug in connectedk8s upgrade

1.3.3
++++++

* Added a timeout in force delete's CRD deletion command

1.3.2
++++++

* Added force delete command which is an added functionality in connectedk8s delete function

1.3.1
++++++

* Updated min cli core version to 2.30.0

1.3.0
++++++

* Added private link support

1.2.11
++++++

* Increased the timeout of diagnoser job completion to 180 seconds

1.2.10
++++++

* Added troubleshoot command which can be used to diagnose Arc enabled K8s clusters

1.2.9
++++++

* Add correlation-id parameter to internally track onboarding sources

1.2.8
++++++

* Bump up CSP version to 1.3.019103, bump up `pycryptodome` to 3.14.1 to support Python 3.10

1.2.7
++++++

* Avoid using packaging module and revert minCliCoreVersion to 2.16.0

1.2.6
++++++

* Update minCliCoreVersion to 2.23.0

1.2.5
++++++

* Using MSAL based auth for CLI version >= 2.30.0

1.2.4
++++++

* Custom cert changes, using "userValues.txt" for existing values in update command instead of --reuse-values, fix to wait for LRO to complete before starting agent installation/deletion

1.2.3
++++++

* Fetching the tenantID from subscription object instead of graphclient

1.2.2
++++++

* Updated connectedk8s proxy to support mooncake

1.2.1
++++++

* Add maxCliCoreVersion as 2.29.0

1.2.0
++++++

* Updated CSP version to 1.3.017131
* Updated GA SDK to 2021-10-01
* Updated CSP endpoint to CDN
* Disabled proxy command in fairfax

1.1.11
++++++

* Installing helm binary as part of CLI commands

1.1.10
++++++

* Fixed ARM exception telemetry

1.1.9
++++++

* Increase onboarding and upgrade timeout

1.1.8
Expand Down
75 changes: 59 additions & 16 deletions src/connectedk8s/azext_connectedk8s/_utils.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,7 @@
# Licensed under the MIT License. See License.txt in the project root for license information.
# --------------------------------------------------------------------------------------------

import sys
import os
import shutil
import subprocess
Expand Down Expand Up @@ -377,21 +378,21 @@ def add_helm_repo(kube_config, kube_context, helm_client_location):
raise CLIInternalError("Unable to add repository {} to helm: ".format(repo_url) + error_helm_repo.decode("ascii"))


def get_helm_registry(cmd, config_dp_endpoint, dp_endpoint_dogfood=None, release_train_dogfood=None):
def get_helm_registry(cmd, config_dp_endpoint, release_train_custom=None):
# Setting uri
get_chart_location_url = "{}/{}/GetLatestHelmPackagePath?api-version=2019-11-01-preview".format(config_dp_endpoint, 'azure-arc-k8sagents')
api_version = "2019-11-01-preview"
chart_location_url_segment = "azure-arc-k8sagents/GetLatestHelmPackagePath?api-version={}".format(api_version)
release_train = os.getenv('RELEASETRAIN') if os.getenv('RELEASETRAIN') else 'stable'
if dp_endpoint_dogfood:
get_chart_location_url = "{}/azure-arc-k8sagents/GetLatestHelmPackagePath?api-version=2019-11-01-preview".format(dp_endpoint_dogfood)
if release_train_dogfood:
release_train = release_train_dogfood
chart_location_url = "{}/{}".format(config_dp_endpoint, chart_location_url_segment)
if release_train_custom:
release_train = release_train_custom
uri_parameters = ["releaseTrain={}".format(release_train)]
resource = cmd.cli_ctx.cloud.endpoints.active_directory_resource_id
headers = None
if os.getenv('AZURE_ACCESS_TOKEN'):
headers = ["Authorization=Bearer {}".format(os.getenv('AZURE_ACCESS_TOKEN'))]
# Sending request with retries
r = send_request_with_retries(cmd.cli_ctx, 'post', get_chart_location_url, headers=headers, fault_type=consts.Get_HelmRegistery_Path_Fault_Type, summary='Error while fetching helm chart registry path', uri_parameters=uri_parameters, resource=resource)
r = send_request_with_retries(cmd.cli_ctx, 'post', chart_location_url, headers=headers, fault_type=consts.Get_HelmRegistery_Path_Fault_Type, summary='Error while fetching helm chart registry path', uri_parameters=uri_parameters, resource=resource)
if r.content:
try:
return r.json().get('repositoryPath')
Expand Down Expand Up @@ -490,18 +491,16 @@ def validate_infrastructure_type(infra):


def get_values_file():
values_file_provided = False
values_file = os.getenv('HELMVALUESPATH')
if (values_file is not None) and (os.path.isfile(values_file)):
values_file_provided = True
logger.warning("Values files detected. Reading additional helm parameters from same.")
# trimming required for windows os
if (values_file.startswith("'") or values_file.startswith('"')):
values_file = values_file[1:]
if (values_file.endswith("'") or values_file.endswith('"')):
values_file = values_file[:-1]

return values_file_provided, values_file
return values_file
return None


def ensure_namespace_cleanup():
Expand Down Expand Up @@ -568,11 +567,12 @@ def cleanup_release_install_namespace_if_exists():


# DO NOT use this method for re-put scenarios. This method involves new NS creation for helm release. For re-put scenarios, brownfield scenario needs to be handled where helm release still stays in default NS
def helm_install_release(chart_path, subscription_id, kubernetes_distro, kubernetes_infra, resource_group_name, cluster_name,
location, onboarding_tenant_id, http_proxy, https_proxy, no_proxy, proxy_cert, private_key_pem,
kube_config, kube_context, no_wait, values_file_provided, values_file, cloud_name, disable_auto_upgrade,
enable_custom_locations, custom_locations_oid, helm_client_location, enable_private_link, onboarding_timeout="600",
def helm_install_release(resource_manager, chart_path, subscription_id, kubernetes_distro, kubernetes_infra, resource_group_name,
cluster_name, location, onboarding_tenant_id, http_proxy, https_proxy, no_proxy, proxy_cert, private_key_pem,
kube_config, kube_context, no_wait, values_file, cloud_name, disable_auto_upgrade, enable_custom_locations,
custom_locations_oid, helm_client_location, enable_private_link, arm_metadata, onboarding_timeout="600",
container_log_path=None):

cmd_helm_install = [helm_client_location, "upgrade", "--install", "azure-arc", chart_path,
"--set", "global.subscriptionId={}".format(subscription_id),
"--set", "global.kubernetesDistro={}".format(kubernetes_distro),
Expand All @@ -588,6 +588,28 @@ def helm_install_release(chart_path, subscription_id, kubernetes_distro, kuberne
"--namespace", "{}".format(consts.Release_Install_Namespace),
"--create-namespace",
"--output", "json"]

# Special configurations from 2022-09-01 ARM metadata.
if "dataplaneEndpoints" in arm_metadata:
notification_endpoint = arm_metadata["dataplaneEndpoints"]["arcGlobalNotificationServiceEndpoint"]
config_endpoint = arm_metadata["dataplaneEndpoints"]["arcConfigEndpoint"]
his_endpoint = arm_metadata["dataplaneEndpoints"]["arcHybridIdentityServiceEndpoint"]
if his_endpoint[-1] != "/":
his_endpoint = his_endpoint + "/"
his_endpoint = his_endpoint + f"discovery?location={location}&api-version=1.0-preview"
relay_endpoint = arm_metadata["suffixes"]["relayEndpointSuffix"]
active_directory = arm_metadata["authentication"]["loginEndpoint"]
cmd_helm_install.extend(
[
"--set", "systemDefaultValues.azureResourceManagerEndpoint={}".format(resource_manager),
Copy link
Member

@bganapa bganapa Jun 22, 2023
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

just for reviewers, These are all the Helm overrides needed for disconnecte, all of these agent overrides are already merged in upstream ClusterConfigurationAgents repo

"--set", "systemDefaultValues.azureArcAgents.config_dp_endpoint_override={}".format(config_endpoint),
"--set", "systemDefaultValues.clusterconnect-agent.notification_dp_endpoint_override={}".format(notification_endpoint),
"--set", "systemDefaultValues.clusterconnect-agent.relay_endpoint_suffix_override={}".format(relay_endpoint),
"--set", "systemDefaultValues.clusteridentityoperator.his_endpoint_override={}".format(his_endpoint),
"--set", "systemDefaultValues.activeDirectoryEndpoint={}".format(active_directory)
]
)

# Add custom-locations related params
if enable_custom_locations and not enable_private_link:
cmd_helm_install.extend(["--set", "systemDefaultValues.customLocations.enabled=true"])
Expand All @@ -596,7 +618,7 @@ def helm_install_release(chart_path, subscription_id, kubernetes_distro, kuberne
if enable_private_link is True:
cmd_helm_install.extend(["--set", "systemDefaultValues.clusterconnect-agent.enabled=false"])
# To set some other helm parameters through file
if values_file_provided:
if values_file:
cmd_helm_install.extend(["-f", values_file])
if disable_auto_upgrade:
cmd_helm_install.extend(["--set", "systemDefaultValues.azureArcAgents.autoUpdate={}".format("false")])
Expand Down Expand Up @@ -795,3 +817,24 @@ def is_cli_using_msal_auth():
continue
return i > j
return len(v1.split(".")) == len(v2.split("."))


def get_metadata(arm_endpoint, api_version="2022-09-01"):
metadata_url_suffix = f"/metadata/endpoints?api-version={api_version}"
metadata_endpoint = None
try:
import requests
session = requests.Session()
metadata_endpoint = arm_endpoint + metadata_url_suffix
print(f"Retrieving ARM metadata from: {metadata_endpoint}")
response = session.get(metadata_endpoint)
if response.status_code == 200:
return response.json()
else:
msg = f"ARM metadata endpoint '{metadata_endpoint}' returned status code {response.status_code}."
raise HttpResponseError(msg)
except Exception as err:
msg = f"Failed to request ARM metadata {metadata_endpoint}."
print(msg, file=sys.stderr)
print(f"Please ensure you have network connection. Error: {str(err)}", file=sys.stderr)
arm_exception_handler(err, msg)
Loading