diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS index 437794e19b..1e685f462e 100644 --- a/.github/CODEOWNERS +++ b/.github/CODEOWNERS @@ -132,9 +132,9 @@ /src/ssh/ @rlrossiter @danybeam @fengzhou-msft @N6UDP -/src/k8s-configuration/ @NarayanThiru @jonathan-innis +/src/k8s-configuration/ @NarayanThiru @bavneetsingh16 @deeksha345 @anagg929 -/src/k8s-extension/ @NarayanThiru @jonathan-innis +/src/k8s-extension/ @NarayanThiru @bavneetsingh16 @deeksha345 @anagg929 /src/log-analytics-solution/ @zhoxing-ms diff --git a/src/k8s-extension/HISTORY.rst b/src/k8s-extension/HISTORY.rst index 99b8f0a1a8..02546900bc 100644 --- a/src/k8s-extension/HISTORY.rst +++ b/src/k8s-extension/HISTORY.rst @@ -3,6 +3,12 @@ Release History =============== +1.2.5 +++++++++++++++++++ +* microsoft.azuremonitor.containers: ContainerInsights Extension Managed Identity Auth Onboarding related bug fixes. +* microsoft.openservicemesh: Fix osm-arc installations for non-connectedClusters +* k8s-extension azuredefender namespace to mdc + 1.2.4 ++++++++++++++++++ * microsoft.azureml.kubernetes: Do not invoke `create_or_update` for already existed resources. diff --git a/src/k8s-extension/azext_k8s_extension/partner_extensions/AzureDefender.py b/src/k8s-extension/azext_k8s_extension/partner_extensions/AzureDefender.py index 4dce31b976..e0d6d04729 100644 --- a/src/k8s-extension/azext_k8s_extension/partner_extensions/AzureDefender.py +++ b/src/k8s-extension/azext_k8s_extension/partner_extensions/AzureDefender.py @@ -32,7 +32,7 @@ def Create(self, cmd, client, resource_group_name, cluster_name, name, cluster_t # Hardcoding name, release_namespace and scope since ci only supports one instance and cluster scope # and platform doesn't have support yet extension specific constraints like this name = extension_type.lower() - release_namespace = "azuredefender" + release_namespace = "mdc" # Scope is always cluster scope_cluster = ScopeCluster(release_namespace=release_namespace) ext_scope = Scope(cluster=scope_cluster, namespace=None) diff --git a/src/k8s-extension/azext_k8s_extension/partner_extensions/ContainerInsights.py b/src/k8s-extension/azext_k8s_extension/partner_extensions/ContainerInsights.py index f2eeb3ff5b..0db8b5dbed 100644 --- a/src/k8s-extension/azext_k8s_extension/partner_extensions/ContainerInsights.py +++ b/src/k8s-extension/azext_k8s_extension/partner_extensions/ContainerInsights.py @@ -483,12 +483,12 @@ def _get_container_insights_settings(cmd, cluster_resource_group_name, cluster_n raise InvalidArgumentValueError('{} is not a valid Azure resource ID.'.format(workspace_resource_id)) if is_ci_extension_type: - if not _is_container_insights_solution_exists(cmd, workspace_resource_id): - logger.info("creating containerinsights solution resource since it doesnt exist") - _ensure_container_insights_for_monitoring(cmd, workspace_resource_id).result() if useAADAuth: logger.info("creating data collection rule and association") _ensure_container_insights_dcr_for_monitoring(cmd, subscription_id, cluster_resource_group_name, cluster_name, workspace_resource_id) + elif not _is_container_insights_solution_exists(cmd, workspace_resource_id): + logger.info("Creating ContainerInsights solution resource, since it doesn't exist and it is using legacy authentication") + _ensure_container_insights_for_monitoring(cmd, workspace_resource_id).result() # extract subscription ID and resource group from workspace_resource_id URL parsed = parse_resource_id(workspace_resource_id) @@ -499,16 +499,20 @@ def _get_container_insights_settings(cmd, cluster_resource_group_name, cluster_n log_analytics_workspace = log_analytics_client.workspaces.get(workspace_rg_name, workspace_name) if not log_analytics_workspace: raise InvalidArgumentValueError( - 'Fails to retrieve workspace by {}'.format(workspace_name)) - - shared_keys = log_analytics_client.shared_keys.get_shared_keys( - workspace_rg_name, workspace_name) - if not shared_keys: - raise InvalidArgumentValueError('Fails to retrieve shared key for workspace {}'.format( - log_analytics_workspace)) + 'Failed to retrieve workspace by {}'.format(workspace_name)) + + # workspace key not used in case of AAD MSI auth + configuration_protected_settings['omsagent.secret.key'] = "" + if not useAADAuth: + shared_keys = log_analytics_client.shared_keys.get_shared_keys( + workspace_rg_name, workspace_name) + if not shared_keys: + raise InvalidArgumentValueError('Failed to retrieve shared key for workspace {}'.format( + log_analytics_workspace)) + configuration_protected_settings['omsagent.secret.key'] = shared_keys.primary_shared_key configuration_protected_settings['omsagent.secret.wsid'] = log_analytics_workspace.customer_id configuration_settings['logAnalyticsWorkspaceResourceID'] = workspace_resource_id - configuration_protected_settings['omsagent.secret.key'] = shared_keys.primary_shared_key + # set the domain for the ci agent for non azure public clouds cloud_name = cmd.cli_ctx.cloud.name if cloud_name.lower() == 'azurechinacloud': @@ -562,6 +566,9 @@ def _ensure_container_insights_dcr_for_monitoring(cmd, subscription_id, cluster_ try: resource = resources.get_by_id(workspace_resource_id, '2015-11-01-preview') workspace_region = resource.location + # location can have spaces for example 'East US' + # and some workspaces it will be "eastus" hence remove the spaces and converting lowercase + workspace_region = workspace_region.replace(" ", "").lower() except HttpResponseError as ex: raise ex diff --git a/src/k8s-extension/azext_k8s_extension/partner_extensions/OpenServiceMesh.py b/src/k8s-extension/azext_k8s_extension/partner_extensions/OpenServiceMesh.py index b1ad669453..7b02f0e433 100644 --- a/src/k8s-extension/azext_k8s_extension/partner_extensions/OpenServiceMesh.py +++ b/src/k8s-extension/azext_k8s_extension/partner_extensions/OpenServiceMesh.py @@ -52,7 +52,8 @@ def Create(self, cmd, client, resource_group_name, cluster_name, name, cluster_t # NOTE-2: Return a valid Extension object, Instance name and flag for Identity create_identity = True - _validate_tested_distro(cmd, resource_group_name, cluster_name, version, release_train) + if cluster_type == "connectedClusters": + _validate_tested_distro(cmd, resource_group_name, cluster_name, version, release_train) extension = Extension( extension_type=extension_type, @@ -70,6 +71,7 @@ def Create(self, cmd, client, resource_group_name, cluster_name, name, cluster_t def _validate_tested_distro(cmd, cluster_resource_group_name, cluster_name, extension_version, extension_release_train): + logger.warning("Running validated distros...") field_unavailable_error = '\"testedDistros\" field unavailable for version {0} of microsoft.openservicemesh, ' \ 'cannot determine if this Kubernetes distribution has been properly tested'.format(extension_version) diff --git a/src/k8s-extension/setup.py b/src/k8s-extension/setup.py index a2e25840af..bcaef1d588 100644 --- a/src/k8s-extension/setup.py +++ b/src/k8s-extension/setup.py @@ -33,7 +33,7 @@ # TODO: Add any additional SDK dependencies here DEPENDENCIES = [] -VERSION = "1.2.4" +VERSION = "1.2.5" with open("README.rst", "r", encoding="utf-8") as f: README = f.read()