Skip to content

Commit

Permalink
[k8s-extension] Release v1.0.4 with SSL secret support for AzureML (A…
Browse files Browse the repository at this point in the history
…zure#4286)

* Create pull.yml

* Update pull.yml

* Update azure-pipelines.yml

* Initial commit of k8s-extension

* Update pipelines file

* Update CODEOWNERS

* Update private preview pipelines

* Remove open service mesh from public release

* Update pipeline files

* Update public extension pipeline

* Change condition variable

* Add version to public preview/private preview

* Update pipelines

* Add different testing based on private branch

* Add annotations to extension model

* Update k8s-custom-pipelines.yml

* Update SDKs with Updated Swagger Spec for 2020-07-01-preview (#13)

* Update sdks with updated swagger spec

* Update version and history rst

* Reorder release history timeline

* Fix ExtensionInstanceForCreate for import

* remove py2 bdist support

* Add custom table formatting

* Remove unnecessary files

* Fix style issues

* Fix branch based on comments

* Update identity piece manually

* Don't handle defaults at the CLI level

* Remove defaults from CLI client

* Check null target namespace with namespace scope

* Update style

* Add cassandra operator and location to model

* Stage Public Version of k8s-extension 0.2.0 for official release (#15)

* Create pull.yml

* Update pull.yml

* Update azure-pipelines.yml

* Initial commit of k8s-extension

* Update pipelines file

* Update CODEOWNERS

* Update private preview pipelines

* Remove open service mesh from public release

* Update pipeline files

* Update public extension pipeline

* Change condition variable

* Add version to public preview/private preview

* Update pipelines

* Add different testing based on private branch

* Add annotations to extension model

* Update k8s-custom-pipelines.yml

* Update SDKs with Updated Swagger Spec for 2020-07-01-preview (#13)

* Update sdks with updated swagger spec

* Update version and history rst

* Reorder release history timeline

* Fix ExtensionInstanceForCreate for import

* remove py2 bdist support

* Add custom table formatting

* Remove unnecessary files

* Fix style issues

* Fix branch based on comments

* Update identity piece manually

* Don't handle defaults at the CLI level

* Remove defaults from CLI client

* Check null target namespace with namespace scope

* Update style

* Add cassandra operator and location to model

Co-authored-by: [email protected] <Action - Fork Sync>

* Remove custom pipelines file

* Update extension description, remove private const

* Update pipeline file

* Disable refs docs

* Update to include better create warning logs and remove update context (#20)

* Update to include better create warning logs and remove update context

* Remove help text for update

* Fix spelling error

* Update message

* Fix k8s-extension conflict with private version

* Fix style errors

* Fix filename

* add customization for microsoft.azureml.kubernetes (#23)

* add customization for microsoft.azureml.kubernetes

* Update release history

Co-authored-by: Yue Yu <[email protected]>
Co-authored-by: jonathan-innis <[email protected]>

* Add E2E Testing from Separate branch into internal code (#26)

* Add internal e2e testing

* Change to testing folder

* Inference CLI validation for Scoring FE (#24)

* cli validation starter

* added the call to the fe validation function

* nodeport validation not required

* test fix

Co-authored-by: Jonathan Innis <[email protected]>

* legal warning added (#27)

* Remove deprecated method logger.warn

* Update k8s-custom-pipelines.yml for Azure Pipelines

* Update k8s-custom-pipelines.yml for Azure Pipelines

* Add Azure Defender to E2E testing (#28)

* Add azure defender testing to e2e

* Remove the debug flag

* Add configuration testing

* Fix pipeline failures

* Make test script more intuitive

* Remove parameter from testing

* Fix wrong location for k8s config whl

* Fix pip upgrade issue

* Fix pip install upgrade issue

* Fix pip install issue

* delete resurce in testcase (#29)

Co-authored-by: Yue Yu <[email protected]>
Co-authored-by: Jonathan Innis <[email protected]>

* Check Provider is Registered with Subscription Before Making Requests (#18)

* Add check for KubernetesConfiguration

* Disable pylint and rename

* Update provider registration link

* Update version

* Remove extra blank line

* Fix bug in import

* only validate scoring fe when inference is enabled (#31)

* only validate scoring fe when inference is enabled

* Fix versioning

Co-authored-by: Yue Yu <[email protected]>
Co-authored-by: jonathan-innis <[email protected]>

* Provider registration case insensitive

* do not validate against scoring fe if inference is not enabled. (#33)

* do not validate against scoring fe if inference is not enabled.

* add inference enabled scenario

* refine

* increase sleeping time

* fix

Co-authored-by: Yue Yu <[email protected]>
Co-authored-by: Jonathan Innis <[email protected]>

* Add OSM as Public Preview Extension (#34)

* Add OSM as public preview extension

* Add osm testing

* Add release train to tests

* Fix failing osm test

* Upgrade pip in integration testing

* Remove ununsed import

* Fix release train check in update

* Parallelize E2E Testing (#36)

* Add OSM as public preview extension

* Add osm testing

* Update test logic to parallelize

* Fix test success checking

* Parallelize extension testing

* Better error checking logic

* Fix azureml deletion

* Fix private build (#40)

* change amlk8s to amlarc (#42)

Co-authored-by: Yue Yu <[email protected]>

* Servicebus client model changes (#44)

* Servicebus client model changes

* Fix testing script

* Update history file and pipeline

* Update min cli core version for track 2 updates

* Read SSL cert and key from files (#38)

* first sketch of the change

fixes

removed extra blank lines

changes regarding param renaming

added ssl tests

added more detail to the unit test

additional import

moved pem files out of public folder

fixed import

chenged import

changed import

unit tests fix

unit test fix

fixed unit tests

fixed unit test

unit test fix

changes int test cert and key

* test protected config

* fix test typo

* temporary changes reverted

* fixing tests

* fixed file paths

* removed accidentally added file

* changes according to review comments

* more changes according to review comments

* changes according to review comments

Co-authored-by: Jonathan Innis <[email protected]>

* Upgrade release version

* Liakaz/inference read ssl from file (#47)

* first sketch of the change

fixes

removed extra blank lines

changes regarding param renaming

added ssl tests

added more detail to the unit test

additional import

moved pem files out of public folder

fixed import

chenged import

changed import

unit tests fix

unit test fix

fixed unit tests

fixed unit test

unit test fix

changes int test cert and key

* test protected config

* fix test typo

* temporary changes reverted

* fixing tests

* fixed file paths

* removed accidentally added file

* changes according to review comments

* more changes according to review comments

* changes according to review comments

* fixed decode error

* renamed the experimental param

Co-authored-by: Jonathan Innis <[email protected]>

* Fix style issues (#51)

* Fixed scoring fe related extension param names (#49)

* fixed scoring fe related extension params

* bug fix and style fixes

* variable rename

* fixed the error type

* set cluster to prod by default

* Add distro validation for osm-arc (#50)

* Add distro validation for osm-arc

* fixed indentation

* Fix linting

* Resolve comments

* Add unit test

* fix lint

Co-authored-by: Jonathan Innis <[email protected]>

* Add distro validation for osm-arc (#50)

* Add distro validation for osm-arc

* fixed indentation

* Fix linting

* Resolve comments

* Add unit test

* fix lint

Co-authored-by: Jonathan Innis <[email protected]>

* Add distro validation for osm-arc (#53)

removed release-train logic

* Add Custom Delete Logic for Partners (#54)

* Add custom delete logic

* Fix failing unit tests

* Add warning message when deleting amlarc extension (#55)

* add warning message

* fix indentation

* Update release version

* Remove Pyhelm from OSM customization (#58)

* Fix OSM pyhelm bug

* Debug bootstrap error

* Update release message

* Remove pyhelm dependency

* Update tests to only check extensionconfig creation (#61)

* Update tests to only check extensionconfig creation

* Single set of CRUD for AzureML

* Debug logs for connectedk8s

* Increase open service mesh version number

* Update k8s-extension Models to Track2 (#64)

* Update k8s-extension models to track2

* Add debug for failed cleanup

* Increase version number

* Exit 0 on failed cleanup

* Fix identity in wrong place in model (#66)

* Readd osm-arc distro validation (#62)

* Add distro validation for osm-arc

removed release-train logic

* Readd osm_arc distro validation

* Fix style

* Rm space

* Edit test

* Fixed tests and error logic

* Remove dependency

* Add delete method

Co-authored-by: Jonathan Innis <[email protected]>

* Don't Send Identity Headers If In DF (#67)

* Don't send identity for clusters in dogfood

* Add location to model for identity

* Add identity validation to testing

* Use default extension with identity instead of Cassandra specific (#69)

* Remove the identity check for now

* Add -t for clusterType parameter (#71)

* Adding a flag for AKS to AMLARC migration and set up corresponding FE… (#65)

* Adding a flag for AKS to AMLARC migration and set up corresponding FE helm values

* Remove one extra line

* Adding Scoring FE IS_AKS_MIGRATION check logic for helm values

Co-authored-by: Harry Yang <[email protected]>
Co-authored-by: Jonathan Innis <[email protected]>

* remove version requirement and auto upgrade minor version check (#72)

* Custom User Confirmation for Partners (#70)

* Custom user confirmation

* Check for disable confirm prompty for confirmation

* Add yes to delete command

* Code cleanup and style fixes (#73)

* Enabled identity by default (#74)

* Increase version

* Fix df check and add unit test (#77)

* Bump extension version

* Pin helm version

* Extensions GA changes into Public Branch (#79)

* Add openservicemesh back

* OpenServiceMesh import

* Update osm with new extension model

* Add back private file

* Add Azure ML to list of private extensions (#16)

* Update k8s-custom-pipelines.yml

* Add Microsoft.PolicyInsights extension (#17)

* Add Policy extension

* Update comment

* Update args

* Fix linting errors

Co-authored-by: Jonathan Innis <[email protected]>

* Add HISTORY_private file for private preview

* Change versioning scheme

* Update the code for supporting both extensions at once

* Fix style issue

* Remove old consts file

* change the resource tag from managed_by:amlk8s to created_by:amlk8s-e… (#22)

* change the resource tag from managed_by:amlk8s to created_by:amlk8s-extension

* remove the lock when creating resources

* fix lint

* update version and HISTORY_private.rst

* change error message

Co-authored-by: Yue Yu <[email protected]>

* Update the beta version with upstream

* Update the private history file

* Add upgrade pip to pipeline

* Move pip install within virtualenv

* Merge in k8s-extension/public (0.3.1) (#32)

* delete resurce in testcase (#29)

Co-authored-by: Yue Yu <[email protected]>
Co-authored-by: Jonathan Innis <[email protected]>

* Check Provider is Registered with Subscription Before Making Requests (#18)

* Add check for KubernetesConfiguration

* Disable pylint and rename

* Update provider registration link

* Update version

* Remove extra blank line

* Fix bug in import

* only validate scoring fe when inference is enabled (#31)

* only validate scoring fe when inference is enabled

* Fix versioning

Co-authored-by: Yue Yu <[email protected]>
Co-authored-by: jonathan-innis <[email protected]>

* Update private release

Co-authored-by: yuyue9284 <[email protected]>
Co-authored-by: Yue Yu <[email protected]>

* Release Version 0.4.0-b1 (#37)

* Merge k8s-extension/public into k8s-extension/private

* Update the version

* Fix testing concurrency

* K8s extension/private 0.4.0b2 (#41)

* Fix private build (#40)

* Update version

* Upgrade to v0.5.2

* Fix policy bug

* Increase private version

* Update consts_private.py

* Increase private version

* Increase version with public

* Add flux to private version

* Update models for 2021-05-01-preview

* Add async models to version

* Add no wait to delete and create

* support managed cluster

* Bump version

* Pin helm version

* Add cmd to delete call

* Add force deletion

* add dapr extension (#78)

Signed-off-by: Ji An Liu <[email protected]>

* Fix failing integration tests

* Adding the GA changes for private branch

* Fix confirm prompt

* Fix update E2E tests

Co-authored-by: jonathan-innis <[email protected]>
Co-authored-by: [email protected] <Action - Fork Sync>
Co-authored-by: nreisch <[email protected]>
Co-authored-by: yuyue9284 <[email protected]>
Co-authored-by: Yue Yu <[email protected]>
Co-authored-by: anagg929 <[email protected]>
Co-authored-by: Ji'an Liu <[email protected]>
Co-authored-by: nanthi <nanthi@NANTHI01>

* Fix configuration settings in update

* Only provide confirmation when specifying settings

* Fix style issues

* Cassandra tests with update (#81)

* Add Microsoft.PolicyInsights extension for public preview (#83)

* Add Azure Policy

* Remove custom configuration and update tests

* Yuyu3/fix upgrade public (#85)

* populate configuration protected settings for azureml

bump version && add log

fetch connection string only if configuration protected settings are set

update ssl key

* bump the version

* reverse changes on version and HISTORY.rst

* inferenceLoadBalancerHA

Co-authored-by: Yue Yu <[email protected]>

* Remove Parallel Powershell Jobs (#82)

* Unparallelize tests

* Moved location of pipeline file

* Remove the parallel invoke expression calls

* Add templates to testing

* Remove policy update test from extension E2E (#88)

* feIsNodePort, feIsInternalLoadBalancer (#87)

Co-authored-by: Yue Yu <[email protected]>
Co-authored-by: Jonathan Innis <[email protected]>

* Fix history file

* Add one more prompt for amlarc extension update (#94)

* Add one more prompt for amlarc extension update

* fix pylint issue

* fix pylint issue

* fix pylint issue

* fix pylint issue

Co-authored-by: Youhua Tu <[email protected]>
Co-authored-by: Youhua Tu <[email protected]>

* Update Identity Creation for Appliance to Latest Version (#95)

* Update appliance API to latest version for identity

* Create a utils file with get parent_api_version

* Fix style errors

* Bump version

* Remove additional entry from history

* Do not create identity with appliances (#97)

* Bump version

* support sslSecret (#99)

* support sslSecret

* fix

* fix error message

Co-authored-by: Jun Min <[email protected]>

* Bump version to 1.0.4

* Remove unneeded files

Co-authored-by: [email protected] <Action - Fork Sync>
Co-authored-by: yuyue9284 <[email protected]>
Co-authored-by: Yue Yu <[email protected]>
Co-authored-by: Lia Kazakova <[email protected]>
Co-authored-by: Niranjan Shankar <[email protected]>
Co-authored-by: jingyizhu99 <[email protected]>
Co-authored-by: Harry Yang <[email protected]>
Co-authored-by: Harry Yang <[email protected]>
Co-authored-by: Thomas Stringer <[email protected]>
Co-authored-by: NarayanThiru <[email protected]>
Co-authored-by: nreisch <[email protected]>
Co-authored-by: anagg929 <[email protected]>
Co-authored-by: Ji'an Liu <[email protected]>
Co-authored-by: nanthi <nanthi@NANTHI01>
Co-authored-by: youhuatuyh <[email protected]>
Co-authored-by: Youhua Tu <[email protected]>
Co-authored-by: Youhua Tu <[email protected]>
Co-authored-by: Jun <[email protected]>
Co-authored-by: Jun Min <[email protected]>
  • Loading branch information
19 people authored Jan 7, 2022
1 parent 906f96c commit d573b22
Show file tree
Hide file tree
Showing 3 changed files with 37 additions and 18 deletions.
4 changes: 4 additions & 0 deletions src/k8s-extension/HISTORY.rst
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,10 @@
Release History
===============

1.0.4
++++++++++++++++++
* microsoft.azureml.kubernetes: Support SSL secret

1.0.3
++++++++++++++++++
* Remove identity creation for calls to Microsoft.ResourceConnector
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -81,6 +81,7 @@ def __init__(self):
self.privateEndpointILB = 'privateEndpointILB'
self.privateEndpointNodeport = 'privateEndpointNodeport'
self.inferenceLoadBalancerHA = 'inferenceLoadBalancerHA'
self.SSL_SECRET = 'sslSecret'

# constants for existing AKS to AMLARC migration
self.IS_AKS_MIGRATION = 'isAKSMigration'
Expand Down Expand Up @@ -108,7 +109,7 @@ def Create(self, cmd, client, resource_group_name, cluster_name, name, cluster_t
ext_scope = Scope(cluster=scope_cluster, namespace=None)

# validate the config
self.__validate_config(configuration_settings, configuration_protected_settings)
self.__validate_config(configuration_settings, configuration_protected_settings, release_namespace)

# get the arc's location
subscription_id = get_subscription_id(cmd.cli_ctx)
Expand Down Expand Up @@ -285,7 +286,7 @@ def Update(self, cmd, resource_group_name, cluster_name, auto_upgrade_minor_vers
if self.sslKeyPemFile in configuration_protected_settings and \
self.sslCertPemFile in configuration_protected_settings:
logger.info(f"Both {self.sslKeyPemFile} and {self.sslCertPemFile} are set, update ssl key.")
self.__set_inference_ssl_from_file(configuration_protected_settings)
self.__set_inference_ssl_from_file(configuration_protected_settings, self.sslCertPemFile, self.sslKeyPemFile)

return PatchExtension(auto_upgrade_minor_version=auto_upgrade_minor_version,
release_train=release_train,
Expand Down Expand Up @@ -318,7 +319,7 @@ def __normalize_config(self, configuration_settings, configuration_protected_set
logger.warning(
'Internal load balancer only supported on AKS and AKS Engine Clusters.')

def __validate_config(self, configuration_settings, configuration_protected_settings):
def __validate_config(self, configuration_settings, configuration_protected_settings, release_namespace):
# perform basic validation of the input config
config_keys = configuration_settings.keys()
config_protected_keys = configuration_protected_settings.keys()
Expand All @@ -339,12 +340,12 @@ def __validate_config(self, configuration_settings, configuration_protected_sett

if enable_inference:
logger.warning("The installed AzureML extension for AML inference is experimental and not covered by customer support. Please use with discretion.")
self.__validate_scoring_fe_settings(configuration_settings, configuration_protected_settings)
self.__validate_scoring_fe_settings(configuration_settings, configuration_protected_settings, release_namespace)
self.__set_up_inference_ssl(configuration_settings, configuration_protected_settings)
elif not (enable_training or enable_inference):
raise InvalidArgumentValueError(
"Please create Microsoft.AzureML.Kubernetes extension, either "
"for Machine Learning training or inference by specifying "
"To create Microsoft.AzureML.Kubernetes extension, either "
"enable Machine Learning training or inference by specifying "
f"'--configuration-settings {self.ENABLE_TRAINING}=true' or '--configuration-settings {self.ENABLE_INFERENCE}=true'")

configuration_settings[self.ENABLE_TRAINING] = configuration_settings.get(self.ENABLE_TRAINING, enable_training)
Expand All @@ -353,7 +354,7 @@ def __validate_config(self, configuration_settings, configuration_protected_sett
configuration_protected_settings.pop(self.ENABLE_TRAINING, None)
configuration_protected_settings.pop(self.ENABLE_INFERENCE, None)

def __validate_scoring_fe_settings(self, configuration_settings, configuration_protected_settings):
def __validate_scoring_fe_settings(self, configuration_settings, configuration_protected_settings, release_namespace):
isTestCluster = _get_value_from_config_protected_config(
self.inferenceLoadBalancerHA, configuration_settings, configuration_protected_settings)
isTestCluster = str(isTestCluster).lower() == 'false'
Expand All @@ -367,16 +368,20 @@ def __validate_scoring_fe_settings(self, configuration_settings, configuration_p
if isAKSMigration:
configuration_settings['scoringFe.namespace'] = "default"
configuration_settings[self.IS_AKS_MIGRATION] = "true"
sslSecret = _get_value_from_config_protected_config(
self.SSL_SECRET, configuration_settings, configuration_protected_settings)
feSslCertFile = configuration_protected_settings.get(self.sslCertPemFile)
feSslKeyFile = configuration_protected_settings.get(self.sslKeyPemFile)
allowInsecureConnections = _get_value_from_config_protected_config(
self.allowInsecureConnections, configuration_settings, configuration_protected_settings)
allowInsecureConnections = str(allowInsecureConnections).lower() == 'true'
if (not feSslCertFile or not feSslKeyFile) and not allowInsecureConnections:
sslEnabled = (feSslCertFile and feSslKeyFile) or sslSecret
if not sslEnabled and not allowInsecureConnections:
raise InvalidArgumentValueError(
"Provide ssl certificate and key. "
"Otherwise explicitly allow insecure connection by specifying "
"'--configuration-settings allowInsecureConnections=true'")
"To enable HTTPs endpoint, "
"either provide sslCertPemFile and sslKeyPemFile to config protected settings, "
f"or provide sslSecret (kubernetes secret name) containing both ssl cert and ssl key under {release_namespace} namespace. "
"Otherwise, to enable HTTP endpoint, explicitly set allowInsecureConnections=true.")

feIsNodePort = _get_value_from_config_protected_config(
self.privateEndpointNodeport, configuration_settings, configuration_protected_settings)
Expand All @@ -395,16 +400,17 @@ def __validate_scoring_fe_settings(self, configuration_settings, configuration_p
logger.warning(
'Internal load balancer only supported on AKS and AKS Engine Clusters.')

def __set_inference_ssl_from_file(self, configuration_protected_settings):
def __set_inference_ssl_from_secret(self, configuration_settings, fe_ssl_secret):
configuration_settings['scoringFe.sslSecret'] = fe_ssl_secret

def __set_inference_ssl_from_file(self, configuration_protected_settings, fe_ssl_cert_file, fe_ssl_key_file):
import base64
feSslCertFile = configuration_protected_settings.get(self.sslCertPemFile)
feSslKeyFile = configuration_protected_settings.get(self.sslKeyPemFile)
with open(feSslCertFile) as f:
with open(fe_ssl_cert_file) as f:
cert_data = f.read()
cert_data_bytes = cert_data.encode("ascii")
ssl_cert = base64.b64encode(cert_data_bytes).decode()
configuration_protected_settings['scoringFe.sslCert'] = ssl_cert
with open(feSslKeyFile) as f:
with open(fe_ssl_key_file) as f:
key_data = f.read()
key_data_bytes = key_data.encode("ascii")
ssl_key = base64.b64encode(key_data_bytes).decode()
Expand All @@ -415,7 +421,16 @@ def __set_up_inference_ssl(self, configuration_settings, configuration_protected
self.allowInsecureConnections, configuration_settings, configuration_protected_settings)
allowInsecureConnections = str(allowInsecureConnections).lower() == 'true'
if not allowInsecureConnections:
self.__set_inference_ssl_from_file(configuration_protected_settings)
fe_ssl_secret = _get_value_from_config_protected_config(
self.SSL_SECRET, configuration_settings, configuration_protected_settings)
fe_ssl_cert_file = configuration_protected_settings.get(self.sslCertPemFile)
fe_ssl_key_file = configuration_protected_settings.get(self.sslKeyPemFile)

# always take ssl key/cert first, then secret if key/cert file is not provided
if fe_ssl_cert_file and fe_ssl_key_file:
self.__set_inference_ssl_from_file(configuration_protected_settings, fe_ssl_cert_file, fe_ssl_key_file)
else:
self.__set_inference_ssl_from_secret(configuration_settings, fe_ssl_secret)
else:
logger.warning(
'SSL is not enabled. Allowing insecure connections to the deployed services.')
Expand Down
2 changes: 1 addition & 1 deletion src/k8s-extension/setup.py
Original file line number Diff line number Diff line change
Expand Up @@ -33,7 +33,7 @@
# TODO: Add any additional SDK dependencies here
DEPENDENCIES = []

VERSION = "1.0.3"
VERSION = "1.0.4"

with open("README.rst", "r", encoding="utf-8") as f:
README = f.read()
Expand Down

0 comments on commit d573b22

Please sign in to comment.