From 22d0be1a20a39b4afeef872c5f06828c3b3daf54 Mon Sep 17 00:00:00 2001 From: Niv Ben Shabat <70891304+nishabat@users.noreply.github.com> Date: Wed, 3 Aug 2022 12:42:57 +0300 Subject: [PATCH 1/4] MDC - Choose existing namespace if one exists --- .../partner_extensions/AzureDefender.py | 35 +++++++++++++++---- 1 file changed, 29 insertions(+), 6 deletions(-) diff --git a/src/k8s-extension/azext_k8s_extension/partner_extensions/AzureDefender.py b/src/k8s-extension/azext_k8s_extension/partner_extensions/AzureDefender.py index e0d6d047292..848e1ee0053 100644 --- a/src/k8s-extension/azext_k8s_extension/partner_extensions/AzureDefender.py +++ b/src/k8s-extension/azext_k8s_extension/partner_extensions/AzureDefender.py @@ -11,6 +11,9 @@ from ..vendored_sdks.models import ScopeCluster from ..vendored_sdks.models import Scope +from azure.cli.core.commands.client_factory import get_subscription_id +from .._client_factory import cf_resources + from .DefaultExtension import DefaultExtension from .ContainerInsights import _get_container_insights_settings @@ -32,17 +35,17 @@ def Create(self, cmd, client, resource_group_name, cluster_name, name, cluster_t # Hardcoding name, release_namespace and scope since ci only supports one instance and cluster scope # and platform doesn't have support yet extension specific constraints like this name = extension_type.lower() - release_namespace = "mdc" + + logger.warning('Ignoring name, release-namespace and scope parameters since %s ' + 'only supports cluster scope and single instance of this extension.', extension_type) + release_namespace = self._choose_the_right_namespace(cmd, resource_group_name, cluster_name, name) + logger.warning("Defaulting to extension name '%s' and using release-namespace '%s'", name, release_namespace) + # Scope is always cluster scope_cluster = ScopeCluster(release_namespace=release_namespace) ext_scope = Scope(cluster=scope_cluster, namespace=None) - is_ci_extension_type = False - logger.warning('Ignoring name, release-namespace and scope parameters since %s ' - 'only supports cluster scope and single instance of this extension.', extension_type) - logger.warning("Defaulting to extension name '%s' and release-namespace '%s'", name, release_namespace) - _get_container_insights_settings(cmd, resource_group_name, cluster_name, configuration_settings, configuration_protected_settings, is_ci_extension_type) @@ -58,3 +61,23 @@ def Create(self, cmd, client, resource_group_name, cluster_name, name, cluster_t configuration_protected_settings=configuration_protected_settings ) return extension_instance, name, create_identity + + def _choose_the_right_namespace(self, cmd, cluster_resource_group_name, cluster_name, extension_name): + logger.warning("Choosing the right namespace ...") + + subscription_id = get_subscription_id(cmd.cli_ctx) + resources = cf_resources(cmd.cli_ctx, subscription_id) + + cluster_resource_id = '/subscriptions/{0}/resourceGroups/{1}/providers/Microsoft.Kubernetes' \ + '/connectedClusters/{2}/providers/Microsoft.KubernetesConfiguration/extensions/microsoft.azuredefender.kubernetes'.format(subscription_id, cluster_resource_group_name, cluster_name) + resource = None + try: + resource = resources.get_by_id(cluster_resource_id, '2022-03-01') + except: + choosen_namespace = "mdc" + logger.info("Defaulted to {0}...".format(choosen_namespace)) + return choosen_namespace + + choosen_namespace = resource.properties["scope"]["cluster"]["releaseNamespace"] + logger.info("found an existing extension, using its namespace: {0}".format(choosen_namespace)) + return choosen_namespace From 5cb2e9c2079a05ad84052b197cb3749b2c3ac3d0 Mon Sep 17 00:00:00 2001 From: Niv Ben Shabat <70891304+nishabat@users.noreply.github.com> Date: Wed, 3 Aug 2022 19:20:23 +0300 Subject: [PATCH 2/4] Update AzureDefender.py --- .../azext_k8s_extension/partner_extensions/AzureDefender.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/k8s-extension/azext_k8s_extension/partner_extensions/AzureDefender.py b/src/k8s-extension/azext_k8s_extension/partner_extensions/AzureDefender.py index 848e1ee0053..7b3865b7ab9 100644 --- a/src/k8s-extension/azext_k8s_extension/partner_extensions/AzureDefender.py +++ b/src/k8s-extension/azext_k8s_extension/partner_extensions/AzureDefender.py @@ -35,12 +35,12 @@ def Create(self, cmd, client, resource_group_name, cluster_name, name, cluster_t # Hardcoding name, release_namespace and scope since ci only supports one instance and cluster scope # and platform doesn't have support yet extension specific constraints like this name = extension_type.lower() - + logger.warning('Ignoring name, release-namespace and scope parameters since %s ' 'only supports cluster scope and single instance of this extension.', extension_type) release_namespace = self._choose_the_right_namespace(cmd, resource_group_name, cluster_name, name) logger.warning("Defaulting to extension name '%s' and using release-namespace '%s'", name, release_namespace) - + # Scope is always cluster scope_cluster = ScopeCluster(release_namespace=release_namespace) ext_scope = Scope(cluster=scope_cluster, namespace=None) From 01cf8cc1500074b1af89dc5628e9e6757da1e8a2 Mon Sep 17 00:00:00 2001 From: Niv Ben Shabat <70891304+nishabat@users.noreply.github.com> Date: Wed, 3 Aug 2022 22:15:39 +0300 Subject: [PATCH 3/4] Update AzureDefender.py --- .../partner_extensions/AzureDefender.py | 20 ++++++++++++------- 1 file changed, 13 insertions(+), 7 deletions(-) diff --git a/src/k8s-extension/azext_k8s_extension/partner_extensions/AzureDefender.py b/src/k8s-extension/azext_k8s_extension/partner_extensions/AzureDefender.py index 7b3865b7ab9..556a99739af 100644 --- a/src/k8s-extension/azext_k8s_extension/partner_extensions/AzureDefender.py +++ b/src/k8s-extension/azext_k8s_extension/partner_extensions/AzureDefender.py @@ -13,6 +13,7 @@ from azure.cli.core.commands.client_factory import get_subscription_id from .._client_factory import cf_resources +from ..consts import * from .DefaultExtension import DefaultExtension from .ContainerInsights import _get_container_insights_settings @@ -21,8 +22,8 @@ class AzureDefender(DefaultExtension): - def Create(self, cmd, client, resource_group_name, cluster_name, name, cluster_type, extension_type, - scope, auto_upgrade_minor_version, release_train, version, target_namespace, + def Create(self, cmd, client, resource_group_name, cluster_name, name, cluster_type, cluster_rp, + extension_type, scope, auto_upgrade_minor_version, release_train, version, target_namespace, release_namespace, configuration_settings, configuration_protected_settings, configuration_settings_file, configuration_protected_settings_file): @@ -35,10 +36,10 @@ def Create(self, cmd, client, resource_group_name, cluster_name, name, cluster_t # Hardcoding name, release_namespace and scope since ci only supports one instance and cluster scope # and platform doesn't have support yet extension specific constraints like this name = extension_type.lower() - + logger.warning('Ignoring name, release-namespace and scope parameters since %s ' 'only supports cluster scope and single instance of this extension.', extension_type) - release_namespace = self._choose_the_right_namespace(cmd, resource_group_name, cluster_name, name) + release_namespace = self._choose_the_right_namespace(cmd, cluster_type, resource_group_name, cluster_name, name) logger.warning("Defaulting to extension name '%s' and using release-namespace '%s'", name, release_namespace) # Scope is always cluster @@ -46,7 +47,7 @@ def Create(self, cmd, client, resource_group_name, cluster_name, name, cluster_t ext_scope = Scope(cluster=scope_cluster, namespace=None) is_ci_extension_type = False - _get_container_insights_settings(cmd, resource_group_name, cluster_name, configuration_settings, + _get_container_insights_settings(cmd, resource_group_name, cluster_rp, cluster_type, cluster_name, configuration_settings, configuration_protected_settings, is_ci_extension_type) # NOTE-2: Return a valid Extension object, Instance name and flag for Identity @@ -62,9 +63,15 @@ def Create(self, cmd, client, resource_group_name, cluster_name, name, cluster_t ) return extension_instance, name, create_identity - def _choose_the_right_namespace(self, cmd, cluster_resource_group_name, cluster_name, extension_name): + def _choose_the_right_namespace(self, cmd, cluster_type, cluster_resource_group_name, cluster_name, extension_name): logger.warning("Choosing the right namespace ...") + choosen_namespace = "mdc" + # If that's not connected cluster, the namespace should always stay mdc + if cluster_type.lower() != CONNECTED_CLUSTER_TYPE.lower(): + logger.info("Non connected cluster, hence, Defaulted to {0}...".format(choosen_namespace)) + return choosen_namespace + subscription_id = get_subscription_id(cmd.cli_ctx) resources = cf_resources(cmd.cli_ctx, subscription_id) @@ -74,7 +81,6 @@ def _choose_the_right_namespace(self, cmd, cluster_resource_group_name, cluster_ try: resource = resources.get_by_id(cluster_resource_id, '2022-03-01') except: - choosen_namespace = "mdc" logger.info("Defaulted to {0}...".format(choosen_namespace)) return choosen_namespace From c032c7709ff48af8cf095936ea9a0bba469060b5 Mon Sep 17 00:00:00 2001 From: Niv Ben Shabat <70891304+nishabat@users.noreply.github.com> Date: Wed, 3 Aug 2022 22:30:44 +0300 Subject: [PATCH 4/4] Update AzureDefender.py --- .../azext_k8s_extension/partner_extensions/AzureDefender.py | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/k8s-extension/azext_k8s_extension/partner_extensions/AzureDefender.py b/src/k8s-extension/azext_k8s_extension/partner_extensions/AzureDefender.py index 556a99739af..abf86e2c2a0 100644 --- a/src/k8s-extension/azext_k8s_extension/partner_extensions/AzureDefender.py +++ b/src/k8s-extension/azext_k8s_extension/partner_extensions/AzureDefender.py @@ -13,7 +13,7 @@ from azure.cli.core.commands.client_factory import get_subscription_id from .._client_factory import cf_resources -from ..consts import * +from .. import consts from .DefaultExtension import DefaultExtension from .ContainerInsights import _get_container_insights_settings @@ -36,7 +36,7 @@ def Create(self, cmd, client, resource_group_name, cluster_name, name, cluster_t # Hardcoding name, release_namespace and scope since ci only supports one instance and cluster scope # and platform doesn't have support yet extension specific constraints like this name = extension_type.lower() - + logger.warning('Ignoring name, release-namespace and scope parameters since %s ' 'only supports cluster scope and single instance of this extension.', extension_type) release_namespace = self._choose_the_right_namespace(cmd, cluster_type, resource_group_name, cluster_name, name) @@ -68,7 +68,7 @@ def _choose_the_right_namespace(self, cmd, cluster_type, cluster_resource_group_ choosen_namespace = "mdc" # If that's not connected cluster, the namespace should always stay mdc - if cluster_type.lower() != CONNECTED_CLUSTER_TYPE.lower(): + if cluster_type.lower() != consts.CONNECTED_CLUSTER_TYPE.lower(): logger.info("Non connected cluster, hence, Defaulted to {0}...".format(choosen_namespace)) return choosen_namespace