diff --git a/src/k8s-extension/azext_k8s_extension/partner_extensions/AzureDefender.py b/src/k8s-extension/azext_k8s_extension/partner_extensions/AzureDefender.py index bee8afa0067..abf86e2c2a0 100644 --- a/src/k8s-extension/azext_k8s_extension/partner_extensions/AzureDefender.py +++ b/src/k8s-extension/azext_k8s_extension/partner_extensions/AzureDefender.py @@ -11,6 +11,10 @@ from ..vendored_sdks.models import ScopeCluster from ..vendored_sdks.models import Scope +from azure.cli.core.commands.client_factory import get_subscription_id +from .._client_factory import cf_resources +from .. import consts + from .DefaultExtension import DefaultExtension from .ContainerInsights import _get_container_insights_settings @@ -32,17 +36,17 @@ def Create(self, cmd, client, resource_group_name, cluster_name, name, cluster_t # Hardcoding name, release_namespace and scope since ci only supports one instance and cluster scope # and platform doesn't have support yet extension specific constraints like this name = extension_type.lower() - release_namespace = "mdc" + + logger.warning('Ignoring name, release-namespace and scope parameters since %s ' + 'only supports cluster scope and single instance of this extension.', extension_type) + release_namespace = self._choose_the_right_namespace(cmd, cluster_type, resource_group_name, cluster_name, name) + logger.warning("Defaulting to extension name '%s' and using release-namespace '%s'", name, release_namespace) + # Scope is always cluster scope_cluster = ScopeCluster(release_namespace=release_namespace) ext_scope = Scope(cluster=scope_cluster, namespace=None) - is_ci_extension_type = False - logger.warning('Ignoring name, release-namespace and scope parameters since %s ' - 'only supports cluster scope and single instance of this extension.', extension_type) - logger.warning("Defaulting to extension name '%s' and release-namespace '%s'", name, release_namespace) - _get_container_insights_settings(cmd, resource_group_name, cluster_rp, cluster_type, cluster_name, configuration_settings, configuration_protected_settings, is_ci_extension_type) @@ -58,3 +62,28 @@ def Create(self, cmd, client, resource_group_name, cluster_name, name, cluster_t configuration_protected_settings=configuration_protected_settings ) return extension_instance, name, create_identity + + def _choose_the_right_namespace(self, cmd, cluster_type, cluster_resource_group_name, cluster_name, extension_name): + logger.warning("Choosing the right namespace ...") + + choosen_namespace = "mdc" + # If that's not connected cluster, the namespace should always stay mdc + if cluster_type.lower() != consts.CONNECTED_CLUSTER_TYPE.lower(): + logger.info("Non connected cluster, hence, Defaulted to {0}...".format(choosen_namespace)) + return choosen_namespace + + subscription_id = get_subscription_id(cmd.cli_ctx) + resources = cf_resources(cmd.cli_ctx, subscription_id) + + cluster_resource_id = '/subscriptions/{0}/resourceGroups/{1}/providers/Microsoft.Kubernetes' \ + '/connectedClusters/{2}/providers/Microsoft.KubernetesConfiguration/extensions/microsoft.azuredefender.kubernetes'.format(subscription_id, cluster_resource_group_name, cluster_name) + resource = None + try: + resource = resources.get_by_id(cluster_resource_id, '2022-03-01') + except: + logger.info("Defaulted to {0}...".format(choosen_namespace)) + return choosen_namespace + + choosen_namespace = resource.properties["scope"]["cluster"]["releaseNamespace"] + logger.info("found an existing extension, using its namespace: {0}".format(choosen_namespace)) + return choosen_namespace