From 6eeaf636bbcc0b6877e3e1c9a7d1346d88c0c7dd Mon Sep 17 00:00:00 2001 From: Guoxun Wei Date: Tue, 8 Sep 2020 18:23:19 +0800 Subject: [PATCH] Remove legacy aci connector actions --- .../azure/cli/command_modules/acs/_help.py | 128 -------------- .../azure/cli/command_modules/acs/_params.py | 35 +--- .../cli/command_modules/acs/_validators.py | 14 -- .../azure/cli/command_modules/acs/commands.py | 3 - .../azure/cli/command_modules/acs/custom.py | 164 ------------------ 5 files changed, 1 insertion(+), 343 deletions(-) diff --git a/src/azure-cli/azure/cli/command_modules/acs/_help.py b/src/azure-cli/azure/cli/command_modules/acs/_help.py index 9115fec3fa4..f81ff866dad 100644 --- a/src/azure-cli/azure/cli/command_modules/acs/_help.py +++ b/src/azure-cli/azure/cli/command_modules/acs/_help.py @@ -565,58 +565,6 @@ short-summary: Download and install kubectl, the Kubernetes command-line tool. Download and install kubelogin, a client-go credential (exec) plugin implementing azure authentication. """ -helps['aks install-connector'] = """ -type: command -short-summary: Install the ACI Connector on a managed Kubernetes cluster. -parameters: - - name: --chart-url - type: string - short-summary: URL of a Helm chart that installs ACI Connector. - - name: --connector-name - type: string - short-summary: Name of the ACI Connector. - - name: --os-type - type: string - short-summary: Install support for deploying ACIs of this operating system type. - - name: --service-principal - type: string - short-summary: Service principal used for authentication to Azure APIs. - long-summary: If not specified, use the AKS service principal defined in the file /etc/kubernetes/azure.json on the node which runs the virtual kubelet pod. - - name: --client-secret - type: string - short-summary: Secret associated with the service principal. This argument is required if `--service-principal` is specified. - - name: --image-tag - type: string - short-summary: The image tag of the virtual kubelet. Use 'latest' if it is not specified - - name: --aci-resource-group - type: string - short-summary: The resource group to create the ACI container groups. Use the MC_* resource group if it is not specified. - - name: --location -l - type: string - short-summary: The location to create the ACI container groups. Use the location of the MC_* resource group if it is not specified. -examples: - - name: Install the virtual Kubelet for Linux to a managed Kubernetes cluster. - text: |- - az aks install-connector --name MyManagedCluster --resource-group MyResourceGroup - - name: Install the virtual Kubelet for Windows to a managed Kubernetes cluster. - text: |- - az aks install-connector --name MyManagedCluster --resource-group MyResourceGroup \\ - --connector-name virtual-kubelet --os-type Windows - - name: Install the virtual Kubelet for both Windows and Linux to a managed Kubernetes cluster. - text: |- - az aks install-connector --name MyManagedCluster --resource-group MyResourceGroup \\ - --connector-name virtual-kubelet --os-type Both - - name: Install the virtual Kubelet using a specific service principal in a specific resource group. - text: |- - az aks install-connector --name MyManagedCluster --resource-group MyResourceGroup \\ - --connector-name virtual-kubelet --service-principal {SPN_ID} --client-secret {SPN_SECRET} \\ - --aci-resource-group ACI-resource-group - - name: Install the virtual Kubelet from a custom Helm chart with custom tag. - text: |- - az aks install-connector --name MyManagedCluster --resource-group MyResourceGroup \\ - --connector-name virtual-kubelet --chart-url {CustomURL} --image-tag {VirtualKubeletImageTag} -""" - helps['aks list'] = """ type: command short-summary: List managed Kubernetes clusters. @@ -758,29 +706,6 @@ short-summary: Version of Kubernetes to upgrade the node pool to, such as "1.16.9". """ -helps['aks remove-connector'] = """ -type: command -short-summary: Remove the ACI Connector from a managed Kubernetes cluster. -parameters: - - name: --connector-name - type: string - short-summary: Name of the ACI Connector. - - name: --graceful - type: bool - short-summary: Use a "cordon and drain" strategy to evict pods safely before removing the ACI node. - - name: --os-type - type: string - short-summary: Remove support for deploying ACIs of this operating system type. -examples: - - name: Remove the ACI Connector from a cluster using the graceful mode. - text: |- - az aks remove-connector --name MyManagedCluster --resource-group MyResourceGroup \\ - --connector-name MyConnector --graceful - - name: Remove the ACI Connector from a managed Kubernetes cluster. (autogenerated) - text: az aks remove-connector --connector-name MyConnector --name MyManagedCluster --os-type Windows --resource-group MyResourceGroup - crafted: true -""" - helps['aks remove-dev-spaces'] = """ type: command short-summary: Remove Azure Dev Spaces from a managed Kubernetes cluster. @@ -870,59 +795,6 @@ crafted: true """ -helps['aks upgrade-connector'] = """ -type: command -short-summary: Upgrade the ACI Connector on a managed Kubernetes cluster. -parameters: - - name: --chart-url - type: string - short-summary: URL of a Helm chart that installs ACI Connector. - - name: --connector-name - type: string - short-summary: Name of the ACI Connector. - - name: --os-type - type: string - short-summary: Install support for deploying ACIs of this operating system type. - - name: --service-principal - type: string - short-summary: Service principal used for authentication to Azure APIs. - long-summary: If not specified, use the AKS service principal defined in the file /etc/kubernetes/azure.json on the node which runs the virtual kubelet pod. - - name: --client-secret - type: string - short-summary: Secret associated with the service principal. This argument is required if `--service-principal` is specified. - - name: --image-tag - type: string - short-summary: The image tag of the virtual kubelet. Use 'latest' if it is not specified - - name: --aci-resource-group - type: string - short-summary: The resource group to create the ACI container groups. Use the MC_* resource group if it is not specified. - - name: --location -l - type: string - short-summary: The location to create the ACI container groups. Use the location of the MC_* resource group if it is not specified. -examples: - - name: Upgrade the ACI Connector for Linux to a managed Kubernetes cluster. - text: |- - az aks upgrade-connector --name MyManagedCluster --resource-group MyResourceGroup \\ - --connector-name virtual-kubelet - - name: Upgrade the ACI Connector for Windows to a managed Kubernetes cluster. - text: |- - az aks upgrade-connector --name MyManagedCluster --resource-group MyResourceGroup \\ - --connector-name virtual-kubelet --os-type Windows - - name: Upgrade the ACI Connector for both Windows and Linux to a managed Kubernetes cluster. - text: |- - az aks upgrade-connector --name MyManagedCluster --resource-group MyResourceGroup \\ - --connector-name virtual-kubelet --os-type Both - - name: Upgrade the ACI Connector to use a specific service principal in a specific resource group. - text: |- - az aks upgrade-connector --name MyManagedCluster --resource-group MyResourceGroup \\ - --connector-name virtual-kubelet --service-principal {SPN_ID} --client-secret {SPN_SECRET} \\ - --aci-resource-group ACI-resource-group - - name: Upgrade the ACI Connector from a custom Helm chart with custom tag. - text: |- - az aks upgrade-connector --name MyManagedCluster --resource-group MyResourceGroup \\ - --connector-name virtual-kubelet --chart-url {CustomURL} --image-tag {VirtualKubeletImageTag} -""" - helps['aks use-dev-spaces'] = """ type: command short-summary: Use Azure Dev Spaces with a managed Kubernetes cluster. diff --git a/src/azure-cli/azure/cli/command_modules/acs/_params.py b/src/azure-cli/azure/cli/command_modules/acs/_params.py index 3db2f329b3a..de5ef791769 100644 --- a/src/azure-cli/azure/cli/command_modules/acs/_params.py +++ b/src/azure-cli/azure/cli/command_modules/acs/_params.py @@ -18,16 +18,12 @@ get_vm_size_completion_list, get_k8s_versions_completion_list, get_k8s_upgrades_completion_list) from ._validators import ( validate_cluster_autoscaler_profile, validate_create_parameters, validate_kubectl_version, validate_kubelogin_version, validate_k8s_version, validate_linux_host_name, - validate_list_of_integers, validate_ssh_key, validate_connector_name, validate_nodes_count, + validate_list_of_integers, validate_ssh_key, validate_nodes_count, validate_nodepool_name, validate_vm_set_type, validate_load_balancer_sku, validate_load_balancer_outbound_ips, validate_load_balancer_outbound_ip_prefixes, validate_taints, validate_ip_ranges, validate_acr, validate_nodepool_tags, validate_load_balancer_outbound_ports, validate_load_balancer_idle_timeout, validate_vnet_subnet_id, validate_nodepool_labels) from ._consts import CONST_OUTBOUND_TYPE_LOAD_BALANCER, CONST_OUTBOUND_TYPE_USER_DEFINED_ROUTING -aci_connector_os_type = ['Windows', 'Linux', 'Both'] - -aci_connector_chart_url = 'https://github.com/virtual-kubelet/virtual-kubelet/raw/master/charts/virtual-kubelet-for-aks-latest.tgz' - orchestrator_types = ["Custom", "DCOS", "Kubernetes", "Swarm", "DockerCE"] regions_in_preview = [ @@ -253,25 +249,6 @@ def load_arguments(self, _): c.argument('kubelogin_version', validator=validate_kubelogin_version, help='Version of kubelogin to install.') c.argument('kubelogin_install_location', default=_get_default_install_location('kubelogin'), help='Path at which to install kubelogin.') - with self.argument_context('aks install-connector') as c: - c.argument('aci_resource_group', help='The resource group to create the ACI container groups') - c.argument('chart_url', default=aci_connector_chart_url, help='URL to the chart') - c.argument('client_secret', help='Client secret to use with the service principal for making calls to Azure APIs') - c.argument('connector_name', default='aci-connector', help='The name for the ACI Connector', validator=validate_connector_name) - c.argument('image_tag', help='The image tag of the virtual kubelet') - c.argument('location', help='The location to create the ACI container groups') - c.argument('os_type', get_enum_type(aci_connector_os_type), help='The OS type of the connector') - c.argument('service_principal', - help='Service principal for making calls into Azure APIs. If not set, auto generate a new service principal of Contributor role, and save it locally for reusing') - - with self.argument_context('aks remove-connector') as c: - c.argument('connector_name', default='aci-connector', - help='The name for the ACI Connector', validator=validate_connector_name) - c.argument('graceful', action='store_true', - help='Mention if you want to drain/uncordon your aci-connector to move your applications') - c.argument('os_type', get_enum_type(aci_connector_os_type), - help='The OS type of the connector') - with self.argument_context('aks update-credentials', arg_group='Service Principal') as c: c.argument('reset_service_principal', action='store_true') c.argument('service_principal') @@ -320,16 +297,6 @@ def load_arguments(self, _): c.argument('tags', tags_type) c.argument('mode', get_enum_type(nodepool_mode_type)) - with self.argument_context('aks upgrade-connector') as c: - c.argument('aci_resource_group') - c.argument('chart_url', default=aci_connector_chart_url) - c.argument('client_secret') - c.argument('connector_name', default='aci-connector', validator=validate_connector_name) - c.argument('image_tag') - c.argument('location') - c.argument('os_type', get_enum_type(aci_connector_os_type)) - c.argument('service_principal') - with self.argument_context('aks use-dev-spaces') as c: c.argument('update', options_list=['--update'], action='store_true') c.argument('space_name', options_list=['--space', '-s']) diff --git a/src/azure-cli/azure/cli/command_modules/acs/_validators.py b/src/azure-cli/azure/cli/command_modules/acs/_validators.py index 9b108e9873d..93c516835db 100644 --- a/src/azure-cli/azure/cli/command_modules/acs/_validators.py +++ b/src/azure-cli/azure/cli/command_modules/acs/_validators.py @@ -21,20 +21,6 @@ logger = get_logger(__name__) -def validate_connector_name(namespace): - """Validates a string as a legal connector name. - - This validation will also occur server-side in the kubernetes, but that may take - for a while. So it's more user-friendly to validate in the CLI pre-flight. - """ - # https://github.com/kubernetes/community/blob/master/contributors/design-proposals/architecture/identifiers.md - regex = re.compile(r'^[a-z0-9]([a-z0-9\-]*[a-z0-9])?$') - found = regex.findall(namespace.connector_name) - if not found: - raise CLIError('--connector-name must consist of lower case alphanumeric characters or dashes (-), ' - 'and must start and end with alphanumeric characters.') - - def validate_ssh_key(namespace): if hasattr(namespace, 'no_ssh_key') and namespace.no_ssh_key: return diff --git a/src/azure-cli/azure/cli/command_modules/acs/commands.py b/src/azure-cli/azure/cli/command_modules/acs/commands.py index f30c9ab8223..b6e023fd177 100644 --- a/src/azure-cli/azure/cli/command_modules/acs/commands.py +++ b/src/azure-cli/azure/cli/command_modules/acs/commands.py @@ -86,14 +86,11 @@ def load_command_table(self, _): g.custom_command('get-credentials', 'aks_get_credentials') g.command('get-upgrades', 'get_upgrade_profile', table_transformer=aks_upgrades_table_format) g.custom_command('install-cli', 'k8s_install_cli', client_factory=None) - g.custom_command('install-connector', 'k8s_install_connector', is_preview=True) g.custom_command('list', 'aks_list', table_transformer=aks_list_table_format) - g.custom_command('remove-connector', 'k8s_uninstall_connector', is_preview=True) g.custom_command('remove-dev-spaces', 'aks_remove_dev_spaces') g.custom_command('scale', 'aks_scale', supports_no_wait=True) g.custom_show_command('show', 'aks_show', table_transformer=aks_show_table_format) g.custom_command('upgrade', 'aks_upgrade', supports_no_wait=True) - g.custom_command('upgrade-connector', 'k8s_upgrade_connector', is_preview=True) g.custom_command('use-dev-spaces', 'aks_use_dev_spaces') g.custom_command('rotate-certs', 'aks_rotate_certs', supports_no_wait=True, confirmation='Kubernetes will be unavailable during certificate rotation process.\n' + diff --git a/src/azure-cli/azure/cli/command_modules/acs/custom.py b/src/azure-cli/azure/cli/command_modules/acs/custom.py index 5e65056ee32..a19eeeaaa7e 100644 --- a/src/azure-cli/azure/cli/command_modules/acs/custom.py +++ b/src/azure-cli/azure/cli/command_modules/acs/custom.py @@ -452,170 +452,6 @@ def k8s_install_kubelogin(cmd, client_version='latest', install_location=None): install_dir, cli) -def k8s_install_connector(cmd, client, name, resource_group_name, connector_name='aci-connector', - location=None, service_principal=None, client_secret=None, - chart_url=None, os_type='Linux', image_tag=None, aci_resource_group=None): - _k8s_install_or_upgrade_connector("install", cmd, client, name, resource_group_name, connector_name, - location, service_principal, client_secret, chart_url, os_type, - image_tag, aci_resource_group) - - -def k8s_upgrade_connector(cmd, client, name, resource_group_name, connector_name='aci-connector', - location=None, service_principal=None, client_secret=None, - chart_url=None, os_type='Linux', image_tag=None, aci_resource_group=None): - _k8s_install_or_upgrade_connector("upgrade", cmd, client, name, resource_group_name, connector_name, - location, service_principal, client_secret, chart_url, os_type, - image_tag, aci_resource_group) - - -def _k8s_install_or_upgrade_connector(helm_cmd, cmd, client, name, resource_group_name, connector_name, - location, service_principal, client_secret, chart_url, os_type, - image_tag, aci_resource_group): - from subprocess import PIPE, Popen - instance = client.get(resource_group_name, name) - helm_not_installed = 'Helm not detected, please verify if it is installed.' - url_chart = chart_url - if image_tag is None: - image_tag = 'latest' - # Check if Helm is installed locally - try: - Popen(["helm"], stdout=PIPE, stderr=PIPE) - except OSError: - raise CLIError(helm_not_installed) - # If SPN is specified, the secret should also be specified - if service_principal is not None and client_secret is None: - raise CLIError('--client-secret must be specified when --service-principal is specified') - # Validate if the RG exists - rg_location = _get_rg_location(cmd.cli_ctx, aci_resource_group or resource_group_name) - # Auto assign the location - if location is None: - location = rg_location - norm_location = location.replace(' ', '').lower() - # Validate the location upon the ACI avaiable regions - _validate_aci_location(norm_location) - # Get the credentials from a AKS instance - _, browse_path = tempfile.mkstemp() - aks_get_credentials(cmd, client, resource_group_name, name, admin=False, path=browse_path) - subscription_id = get_subscription_id(cmd.cli_ctx) - # Get the TenantID - profile = Profile(cli_ctx=cmd.cli_ctx) - _, _, tenant_id = profile.get_login_credentials() - # Check if we want the linux connector - if os_type.lower() in ['linux', 'both']: - _helm_install_or_upgrade_aci_connector(helm_cmd, image_tag, url_chart, connector_name, service_principal, - client_secret, subscription_id, tenant_id, aci_resource_group, - norm_location, 'Linux', instance.enable_rbac, instance.fqdn) - - # Check if we want the windows connector - if os_type.lower() in ['windows', 'both']: - _helm_install_or_upgrade_aci_connector(helm_cmd, image_tag, url_chart, connector_name, service_principal, - client_secret, subscription_id, tenant_id, aci_resource_group, - norm_location, 'Windows', instance.enable_rbac, instance.fqdn) - - -def _helm_install_or_upgrade_aci_connector(helm_cmd, image_tag, url_chart, connector_name, service_principal, - client_secret, subscription_id, tenant_id, aci_resource_group, - norm_location, os_type, use_rbac, masterFqdn): - rbac_install = "true" if use_rbac else "false" - node_taint = 'azure.com/aci' - helm_release_name = connector_name.lower() + '-' + os_type.lower() + '-' + norm_location - node_name = 'virtual-kubelet-' + helm_release_name - k8s_master = 'https://{}'.format(masterFqdn) - logger.warning("Deploying the ACI connector for '%s' using Helm", os_type) - try: - values = 'env.nodeName={},env.nodeTaint={},env.nodeOsType={},image.tag={},rbac.install={}'.format( - node_name, node_taint, os_type, image_tag, rbac_install) - if service_principal: - values += ",env.azureClientId=" + service_principal - if client_secret: - values += ",env.azureClientKey=" + client_secret - if subscription_id: - values += ",env.azureSubscriptionId=" + subscription_id - if tenant_id: - values += ",env.azureTenantId=" + tenant_id - if aci_resource_group: - values += ",env.aciResourceGroup=" + aci_resource_group - if norm_location: - values += ",env.aciRegion=" + norm_location - # Currently, we need to set the master FQDN. - # This is temporary and we should remove it when possible - values += ",env.masterUri=" + k8s_master - if helm_cmd == "install": - subprocess.call(["helm", "install", url_chart, "--name", helm_release_name, "--set", values]) - elif helm_cmd == "upgrade": - subprocess.call(["helm", "upgrade", helm_release_name, url_chart, "--set", values]) - except subprocess.CalledProcessError as err: - raise CLIError('Could not deploy the ACI connector Chart: {}'.format(err)) - - -def k8s_uninstall_connector(cmd, client, name, resource_group_name, connector_name='aci-connector', - location=None, graceful=False, os_type='Linux'): - from subprocess import PIPE, Popen - helm_not_installed = "Error : Helm not detected, please verify if it is installed." - # Check if Helm is installed locally - try: - Popen(["helm"], stdout=PIPE, stderr=PIPE) - except OSError: - raise CLIError(helm_not_installed) - # Get the credentials from a AKS instance - _, browse_path = tempfile.mkstemp() - aks_get_credentials(cmd, client, resource_group_name, name, admin=False, path=browse_path) - - # Validate if the RG exists - rg_location = _get_rg_location(cmd.cli_ctx, resource_group_name) - # Auto assign the location - if location is None: - location = rg_location - norm_location = location.replace(' ', '').lower() - - if os_type.lower() in ['linux', 'both']: - helm_release_name = connector_name.lower() + '-linux-' + norm_location - node_name = 'virtual-kubelet-' + helm_release_name - _undeploy_connector(graceful, node_name, helm_release_name) - - if os_type.lower() in ['windows', 'both']: - helm_release_name = connector_name.lower() + '-windows-' + norm_location - node_name = 'virtual-kubelet-' + helm_release_name - _undeploy_connector(graceful, node_name, helm_release_name) - - -def _undeploy_connector(graceful, node_name, helm_release_name): - if graceful: - logger.warning('Graceful option selected, will try to drain the node first') - from subprocess import PIPE, Popen - kubectl_not_installed = 'Kubectl not detected, please verify if it is installed.' - try: - Popen(["kubectl"], stdout=PIPE, stderr=PIPE) - except OSError: - raise CLIError(kubectl_not_installed) - - try: - drain_node = subprocess.check_output( - ['kubectl', 'drain', node_name, '--force', '--delete-local-data'], - universal_newlines=True) - - if not drain_node: - raise CLIError('Could not find the node, make sure you' + - ' are using the correct --os-type') - except subprocess.CalledProcessError as err: - raise CLIError('Could not find the node, make sure you are using the correct' + - ' --connector-name, --location and --os-type options: {}'.format(err)) - - logger.warning("Undeploying the '%s' using Helm", helm_release_name) - try: - subprocess.call(['helm', 'del', helm_release_name, '--purge']) - except subprocess.CalledProcessError as err: - raise CLIError('Could not undeploy the ACI connector Chart: {}'.format(err)) - - try: - subprocess.check_output( - ['kubectl', 'delete', 'node', node_name], - universal_newlines=True) - except subprocess.CalledProcessError as err: - raise CLIError('Could not delete the node, make sure you are using the correct' + - ' --connector-name, --location and --os-type options: {}'.format(err)) - - def _build_service_principal(rbac_client, cli_ctx, name, url, client_secret): # use get_progress_controller hook = cli_ctx.get_progress_controller(True)