Skip to content

Commit

Permalink
[AKS] Add a new command to enable bootstrap artifact source when crea…
Browse files Browse the repository at this point in the history
…ting cluster (#7479)
  • Loading branch information
bingosummer authored Apr 10, 2024
1 parent a567eed commit 607d4e6
Show file tree
Hide file tree
Showing 12 changed files with 5,102 additions and 3 deletions.
5 changes: 5 additions & 0 deletions src/aks-preview/HISTORY.rst
Original file line number Diff line number Diff line change
Expand Up @@ -11,14 +11,19 @@ To release a new version, please select a new version number (usually plus 1 to

Pending
+++++++

3.0.0b3
+++++++
* Add `--nodepool-initialization-taints` to `az aks create` and `az aks update`.
* Add `--bootstrap-artifact-source` and `--bootstrap-container-registry-resource-id` to `az aks create`.

3.0.0b2
+++++++
* Add `--sku` to the `az aks create` command.
* Add `--sku` to the `az aks update` command.
* Support cluster service health probe mode by `--cluster-service-load-balancer-health-probe-mode {Shared, Servicenodeport}`


3.0.0b1
+++++++
* [BREAKING CHANGE] Remove support for nodeSelector for egress gateway for `az aks mesh` command.
Expand Down
3 changes: 3 additions & 0 deletions src/aks-preview/azext_aks_preview/_consts.py
Original file line number Diff line number Diff line change
Expand Up @@ -311,3 +311,6 @@
# Cluster service health probe mode
CONST_CLUSTER_SERVICE_HEALTH_PROBE_MODE_SERVICE_NODE_PORT = "Servicenodeport"
CONST_CLUSTER_SERVICE_HEALTH_PROBE_MODE_SHARED = "Shared"

CONST_ARTIFACT_SOURCE_DIRECT = "Direct"
CONST_ARTIFACT_SOURCE_CACHE = "Cache"
8 changes: 8 additions & 0 deletions src/aks-preview/azext_aks_preview/_help.py
Original file line number Diff line number Diff line change
Expand Up @@ -617,6 +617,14 @@
- name: --enable-vtpm
type: bool
short-summary: Enable vTPM on all node pools in the cluster. Must use VMSS agent pool type.
- name: --bootstrap-artifact-source
type: string
short-summary: Configure artifact source when bootstraping the cluster.
long-summary: |
The artifacts include the addon image. Use "Direct" to download artifacts from MCR, "Cache" to downalod artifacts from Azure Container Registry.
- name: --bootstrap-container-registry-resource-id
type: string
short-summary: Configure container registry resource ID. Must use "Cache" as bootstrap artifact source.
examples:
- name: Create a Kubernetes cluster with an existing SSH public key.
text: az aks create -g MyResourceGroup -n MyManagedCluster --ssh-key-value /path/to/publickey
Expand Down
19 changes: 19 additions & 0 deletions src/aks-preview/azext_aks_preview/_params.py
Original file line number Diff line number Diff line change
Expand Up @@ -117,6 +117,8 @@
CONST_SSH_ACCESS_DISABLED,
CONST_CLUSTER_SERVICE_HEALTH_PROBE_MODE_SERVICE_NODE_PORT,
CONST_CLUSTER_SERVICE_HEALTH_PROBE_MODE_SHARED,
CONST_ARTIFACT_SOURCE_DIRECT,
CONST_ARTIFACT_SOURCE_CACHE,
)
from azext_aks_preview._validators import (
validate_acr,
Expand Down Expand Up @@ -180,6 +182,7 @@
validate_azure_service_mesh_revision,
validate_artifact_streaming,
validate_custom_endpoints,
validate_bootstrap_container_registry_resource_id,
)
from azext_aks_preview.azurecontainerstorage._consts import (
CONST_ACSTOR_ALL,
Expand Down Expand Up @@ -369,6 +372,11 @@
CONST_CLUSTER_SERVICE_HEALTH_PROBE_MODE_SHARED,
]

bootstrap_artifact_source_types = [
CONST_ARTIFACT_SOURCE_DIRECT,
CONST_ARTIFACT_SOURCE_CACHE,
]


def load_arguments(self, _):
acr_arg_type = CLIArgumentType(metavar="ACR_NAME_OR_RESOURCE_ID")
Expand Down Expand Up @@ -577,6 +585,17 @@ def load_arguments(self, _):
validator=validate_azure_keyvault_kms_key_vault_resource_id,
)
c.argument("http_proxy_config")
c.argument(
"bootstrap_artifact_source",
arg_type=get_enum_type(bootstrap_artifact_source_types),
default=CONST_ARTIFACT_SOURCE_DIRECT,
is_preview=True,
)
c.argument(
"bootstrap_container_registry_resource_id",
validator=validate_bootstrap_container_registry_resource_id,
is_preview=True,
)
# addons
c.argument(
"enable_addons",
Expand Down
9 changes: 9 additions & 0 deletions src/aks-preview/azext_aks_preview/_validators.py
Original file line number Diff line number Diff line change
Expand Up @@ -651,6 +651,15 @@ def validate_azure_keyvault_kms_key_vault_resource_id(namespace):
raise InvalidArgumentValueError("--azure-keyvault-kms-key-vault-resource-id is not a valid Azure resource ID.")


def validate_bootstrap_container_registry_resource_id(namespace):
container_registry_resource_id = namespace.bootstrap_container_registry_resource_id
if container_registry_resource_id is None or container_registry_resource_id == '':
return
from msrestazure.tools import is_valid_resource_id
if not is_valid_resource_id(container_registry_resource_id):
raise InvalidArgumentValueError("--bootstrap-container-registry-resource-id is not a valid Azure resource ID.")


def validate_enable_custom_ca_trust(namespace):
"""Validates Custom CA Trust can only be used on Linux."""
if namespace.enable_custom_ca_trust:
Expand Down
3 changes: 3 additions & 0 deletions src/aks-preview/azext_aks_preview/custom.py
Original file line number Diff line number Diff line change
Expand Up @@ -59,6 +59,7 @@
CONST_VIRTUAL_MACHINES,
CONST_AVAILABILITY_SET,
CONST_MIN_NODE_IMAGE_VERSION,
CONST_ARTIFACT_SOURCE_DIRECT,
)
from azext_aks_preview._helpers import (
check_is_private_link_cluster,
Expand Down Expand Up @@ -524,6 +525,8 @@ def aks_create(
azure_keyvault_kms_key_vault_network_access=None,
azure_keyvault_kms_key_vault_resource_id=None,
http_proxy_config=None,
bootstrap_artifact_source=CONST_ARTIFACT_SOURCE_DIRECT,
bootstrap_container_registry_resource_id=None,
# addons
enable_addons=None, # pylint: disable=redefined-outer-name
workspace_resource_id=None,
Expand Down
31 changes: 31 additions & 0 deletions src/aks-preview/azext_aks_preview/managed_cluster_decorator.py
Original file line number Diff line number Diff line change
Expand Up @@ -34,6 +34,7 @@
CONST_SECRET_ROTATION_ENABLED,
CONST_PRIVATE_DNS_ZONE_CONTRIBUTOR_ROLE,
CONST_DNS_ZONE_CONTRIBUTOR_ROLE,
CONST_ARTIFACT_SOURCE_CACHE,
)
from azext_aks_preview._helpers import (
check_is_apiserver_vnet_integration_cluster,
Expand Down Expand Up @@ -2679,6 +2680,16 @@ def get_ssh_access(self) -> Union[str, None]:
"""
return self.raw_param.get("ssh_access")

def get_bootstrap_artifact_source(self) -> Union[str, None]:
"""Obtain the value of bootstrap_artifact_source.
"""
return self.raw_param.get("bootstrap_artifact_source")

def get_bootstrap_container_registry_resource_id(self) -> Union[str, None]:
"""Obtain the value of bootstrap_container_registry_resource_id.
"""
return self.raw_param.get("bootstrap_container_registry_resource_id")


# pylint: disable=too-many-public-methods
class AKSPreviewManagedClusterCreateDecorator(AKSManagedClusterCreateDecorator):
Expand Down Expand Up @@ -3301,6 +3312,24 @@ def set_up_agentpool_profile_ssh_access(self, mc: ManagedCluster) -> ManagedClus
agent_pool_profile.security_profile.ssh_access = ssh_access
return mc

def set_up_bootstrap_profile(self, mc: ManagedCluster) -> ManagedCluster:
self._ensure_mc(mc)

bootstrap_artifact_source = self.context.get_bootstrap_artifact_source()
bootstrap_container_registry_resource_id = self.context.get_bootstrap_container_registry_resource_id()
if bootstrap_artifact_source is not None:
if bootstrap_artifact_source != CONST_ARTIFACT_SOURCE_CACHE and bootstrap_container_registry_resource_id:
raise MutuallyExclusiveArgumentError(
"Cannot specify --bootstrap-container-registry-resource-id when "
"--bootstrap-artifact-source is not Cache."
)
if mc.bootstrap_profile is None:
mc.bootstrap_profile = self.models.ManagedClusterBootstrapProfile() # pylint: disable=no-member
mc.bootstrap_profile.artifact_source = bootstrap_artifact_source
mc.bootstrap_profile.container_registry_id = bootstrap_container_registry_resource_id

return mc

# pylint: disable=unused-argument
def construct_mc_profile_preview(self, bypass_restore_defaults: bool = False) -> ManagedCluster:
"""The overall controller used to construct the default ManagedCluster profile.
Expand Down Expand Up @@ -3361,6 +3390,8 @@ def construct_mc_profile_preview(self, bypass_restore_defaults: bool = False) ->
mc = self.set_up_node_provisioning_profile(mc)
# set up agentpool profile ssh access
mc = self.set_up_agentpool_profile_ssh_access(mc)
# set up bootstrap profile
mc = self.set_up_bootstrap_profile(mc)

# DO NOT MOVE: keep this at the bottom, restore defaults
mc = self._restore_defaults_in_mc(mc)
Expand Down
Loading

0 comments on commit 607d4e6

Please sign in to comment.