diff --git a/src/ConnectedKubernetes/custom/New-AzConnectedKubernetes.ps1 b/src/ConnectedKubernetes/custom/New-AzConnectedKubernetes.ps1 index 90edcc63c082..f0e5ae5741a9 100644 --- a/src/ConnectedKubernetes/custom/New-AzConnectedKubernetes.ps1 +++ b/src/ConnectedKubernetes/custom/New-AzConnectedKubernetes.ps1 @@ -54,12 +54,55 @@ function New-AzConnectedKubernetes { # The ID of the target subscription. ${SubscriptionId}, + [Parameter()] + [Microsoft.Azure.PowerShell.Cmdlets.ConnectedKubernetes.Category('Path')] + [System.Uri] + # The http URI of the proxy server for the kubernetes cluster to use + ${HttpProxy}, + + [Parameter()] + [Microsoft.Azure.PowerShell.Cmdlets.ConnectedKubernetes.Category('Path')] + [System.Uri] + # The https URI of the proxy server for the kubernetes cluster to use + ${HttpsProxy}, + + [Parameter()] + [Microsoft.Azure.PowerShell.Cmdlets.ConnectedKubernetes.Category('Path')] + [System.String] + # The comma-separated list of hostnames that should be excluded from the proxy server for the kubernetes cluster to use + ${NoProxy}, + + [Parameter()] + [Microsoft.Azure.PowerShell.Cmdlets.ConnectedKubernetes.Category('Path')] + [System.String] + # The path to the certificate file for proxy or custom Certificate Authority. + ${ProxyCert}, + + [Parameter()] + [Microsoft.Azure.PowerShell.Cmdlets.ConnectedKubernetes.Category('Path')] + [ValidateRange(0,3600)] + [Int] + # The time required (in seconds) for the arc-agent pods to be installed on the kubernetes cluster. + ${OnboardingTimeout} = 600, + + [Parameter()] + [Microsoft.Azure.PowerShell.Cmdlets.ConnectedKubernetes.Category('Path')] + [System.Management.Automation.SwitchParameter] + # Flag to disable auto upgrade of arc agents. + ${DisableAutoUpgrade}, + + [Parameter()] + [Microsoft.Azure.PowerShell.Cmdlets.ConnectedKubernetes.Category('Path')] + [System.String] + # Override the default container log path to enable fluent-bit logging. + ${ContainerLogPath}, + [Parameter(HelpMessage="Path to the kube config file")] [Microsoft.Azure.PowerShell.Cmdlets.ConnectedKubernetes.Category('Body')] [System.String] # Path to the kube config file ${KubeConfig}, - + [Parameter(HelpMessage="Kubconfig context from current machine")] [Microsoft.Azure.PowerShell.Cmdlets.ConnectedKubernetes.Category('Body')] [System.String] @@ -172,14 +215,14 @@ function New-AzConnectedKubernetes { [Parameter(DontShow)] [Microsoft.Azure.PowerShell.Cmdlets.ConnectedKubernetes.Category('Runtime')] [System.Uri] - # The URI for the proxy server to use + # The URI of the proxy server for host os to use ${Proxy}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Azure.PowerShell.Cmdlets.ConnectedKubernetes.Category('Runtime')] [System.Management.Automation.PSCredential] - # Credentials for a proxy server to use for the remote call + # The credential of the proxy server for host os to use ${ProxyCredential}, [Parameter(DontShow)] @@ -224,7 +267,7 @@ function New-AzConnectedKubernetes { if ($PSBoundParameters.ContainsKey('KubeContext')) { $Null = $PSBoundParameters.Remove('KubeContext') } - if (($KubeContext -eq $null) -or ($KubeContext -eq '')) { + if (($null -eq $KubeContext) -or ($KubeContext -eq '')) { $KubeContext = kubectl config current-context } @@ -260,9 +303,10 @@ function New-AzConnectedKubernetes { #EndRegion #Region get release namespace + Set-Variable ReleaseInstallNamespace -option Constant -value "azure-arc-release" $ReleaseNamespace = $null try { - $ReleaseNamespace = (helm status azure-arc -o json --kubeconfig $KubeConfig --kube-context $KubeContext | ConvertFrom-Json).namespace + $ReleaseNamespace = (helm status azure-arc -o json --kubeconfig $KubeConfig --kube-context $KubeContext -n $ReleaseInstallNamespace | ConvertFrom-Json).namespace } catch { Write-Error "Fail to find the namespace for azure-arc." } @@ -292,7 +336,12 @@ function New-AzConnectedKubernetes { $HelmRepoUrl = Get-ChildItem -Path Env:HELMREPOURL helm repo add $HelmRepoName $HelmRepoUrl --kubeconfig $KubeConfig --kube-context $KubeContext } - + + $resources = Get-Module Az.Resources -ListAvailable + if ($null -eq $resources) { + Write-Error "Missing required module(s): Az.Resources. Please run 'Install-Module Az.Resources -Repository PSGallery' to install Az.Resources." + return + } if (Test-Path Env:HELMREGISTRY) { $RegisteryPath = Get-ChildItem -Path Env:HELMREGISTRY } else { @@ -301,7 +350,15 @@ function New-AzConnectedKubernetes { $ReleaseTrain = Get-ChildItem -Path Env:RELEASETRAIN } else { $ReleaseTrain = 'stable' - } + } + $AzLocation = Get-AzLocation | Where-Object { ($_.DisplayName -ieq $Location) -or ($_.Location -ieq $Location)} + $Region = $AzLocation.Location + if ($null -eq $Region) { + Write-Error "Invalid location: $Location" + return + } else { + $Location = $Region + } $ChartLocationUrl = "https://${Location}.dp.kubernetesconfiguration.azure.com/azure-arc-k8sagents/GetLatestHelmPackagePath?api-version=2019-11-01-preview&releaseTrain=${ReleaseTrain}" $Uri = [System.Uri]::New($ChartLocationUrl) @@ -315,12 +372,12 @@ function New-AzConnectedKubernetes { $HeaderParameter = @{ "Authorization" = "Bearer $AccessToken" } - $Response = Invoke-WebRequest -Uri $Uri -Headers $HeaderParameter -Method Post + $Response = Invoke-WebRequest -Uri $Uri -Headers $HeaderParameter -Method Post -UseBasicParsing if ($Response.StatusCode -eq 200) { $RegisteryPath = ($Response.Content | ConvertFrom-Json).repositoryPath } else { - Write-Error "Error while fetching helm chart registry path: ${$Response.RawContent}" - throw + throw "Error while fetching helm chart registry path: ${$Response.RawContent}" + } } Set-Item -Path Env:HELM_EXPERIMENTAL_OCI -Value 1 @@ -328,8 +385,7 @@ function New-AzConnectedKubernetes { try { helm chart pull $RegisteryPath --kubeconfig $KubeConfig --kube-context $KubeContext } catch { - Write-Error "Unable to pull helm chart from the registery $RegisteryPath" - throw + throw "Unable to pull helm chart from the registery $RegisteryPath" } #Endregion @@ -349,9 +405,20 @@ function New-AzConnectedKubernetes { #Endregion $RSA = [System.Security.Cryptography.RSA]::Create(4096) - $AgentPublicKey = [System.Convert]::ToBase64String($RSA.ExportRSAPublicKey()) - $AgentPrivateKey = "-----BEGIN RSA PRIVATE KEY-----`n" + [System.Convert]::ToBase64String($RSA.ExportRSAPrivateKey()) + "`n-----END RSA PRIVATE KEY-----" - + if ($PSVersionTable.PSVersion.Major -eq 5) { + try { + . "$PSScriptRoot/RSAHelper.ps1" + $AgentPublicKey = ExportRSAPublicKeyBase64($RSA) + $AgentPrivateKey = ExportRSAPrivateKeyBase64($RSA) + $AgentPrivateKey = "-----BEGIN RSA PRIVATE KEY-----`n" + $AgentPrivateKey + "`n-----END RSA PRIVATE KEY-----" + } catch { + throw "Unable to generate RSA keys" + } + } else { + $AgentPublicKey = [System.Convert]::ToBase64String($RSA.ExportRSAPublicKey()) + $AgentPrivateKey = "-----BEGIN RSA PRIVATE KEY-----`n" + [System.Convert]::ToBase64String($RSA.ExportRSAPrivateKey()) + "`n-----END RSA PRIVATE KEY-----" + } + $HelmChartPath = Join-Path -Path $ChartExportPath -ChildPath 'azure-arc-k8sagents' if (Test-Path Env:HELMCHART) { $ChartPath = Get-ChildItem -Path Env:HELMCHART @@ -359,11 +426,86 @@ function New-AzConnectedKubernetes { $ChartPath = $HelmChartPath } + #Region helm options + $options = "" + $proxyEnableState = $false + if (-not ([string]::IsNullOrEmpty($HttpProxy))) { + $HttpProxyStr = $HttpProxy.ToString() + $HttpProxyStr = $HttpProxyStr -replace ',','\,' + $HttpProxyStr = $HttpProxyStr -replace '/','\/' + $options += " --set global.httpProxy=$HttpProxyStr" + $proxyEnableState = $true + $Null = $PSBoundParameters.Remove('HttpProxy') + } + if (-not ([string]::IsNullOrEmpty($HttpsProxy))) { + $HttpsProxyStr = $HttpsProxy.ToString() + $HttpsProxyStr = $HttpsProxyStr -replace ',','\,' + $HttpsProxyStr = $HttpsProxyStr -replace '/','\/' + $options += " --set global.httpsProxy=$HttpsProxyStr" + $proxyEnableState = $true + $Null = $PSBoundParameters.Remove('HttpsProxy') + } + if (-not ([string]::IsNullOrEmpty($NoProxy))) { + $NoProxy = $NoProxy -replace ',','\,' + $NoProxy = $NoProxy -replace '/','\/' + $options += " --set global.noProxy=$NoProxy" + $proxyEnableState = $true + $Null = $PSBoundParameters.Remove('NoProxy') + } + if ($proxyEnableState) { + $options += " --set global.isProxyEnabled=true" + } + try { + if ((-not ([string]::IsNullOrEmpty($ProxyCert))) -and (Test-Path $ProxyCert)) { + $options += " --set-file global.proxyCert=$ProxyCert" + $options += " --set global.isCustomCert=true" + } + } catch { + throw "Unable to find ProxyCert from file path" + } + if ($DisableAutoUpgrade) { + $options += " --set systemDefaultValues.azureArcAgents.autoUpdate=false" + $Null = $PSBoundParameters.Remove('DisableAutoUpgrade') + } + if (-not ([string]::IsNullOrEmpty($ContainerLogPath))) { + $options += " --set systemDefaultValues.fluent-bit.containerLogPath=$ContainerLogPath" + $Null = $PSBoundParameters.Remove('ContainerLogPath') + } + if (-not ([string]::IsNullOrEmpty($KubeConfig))) { + $options += " --kubeconfig $KubeConfig" + } + if (-not ([string]::IsNullOrEmpty($KubeContext))) { + $options += " --kube-context $KubeContext" + } + if (!$NoWait) { + $options += " --wait --timeout $OnboardingTimeout" + $options += "s" + } + #Endregion + if ($PSBoundParameters.ContainsKey('OnboardingTimeout')) { + $PSBoundParameters.Remove('OnboardingTimeout') + } + if ((-not ([string]::IsNullOrEmpty($Proxy))) -and (-not $PSBoundParameters.ContainsKey('ProxyCredential'))) { + if (-not ([string]::IsNullOrEmpty($Proxy.UserInfo))) { + try{ + $userInfo = $Proxy.UserInfo -Split ':' + $pass = ConvertTo-SecureString $userInfo[1] -AsPlainText -Force + $ProxyCredential = New-Object System.Management.Automation.PSCredential ($userInfo[0] , $pass) + $PSBoundParameters.Add('ProxyCredential', $ProxyCredential) + } catch { + Write-Warning "Please set ProxyCredential or provide username and password in the Proxy parameter" + throw + } + } else { + Write-Warning "If the proxy is a private proxy, pass ProxyCredential parameter or provide username and password in the Proxy parameter" + } + } + $PSBoundParameters.Add('AgentPublicKeyCertificate', $AgentPublicKey) $Response = Az.ConnectedKubernetes.internal\New-AzConnectedKubernetes @PSBoundParameters - $TenantId = [Microsoft.Azure.Commands.Common.Authentication.Abstractions.AzureRmProfileProvider]::Instance.Profile.DefaultContext.Tenant.Id - helm upgrade --install azure-arc $ChartPath --set global.subscriptionId=$SubscriptionId --set global.resourceGroupName=$ResourceGroupName --set global.resourceName=$ClusterName --set global.tenantId=$TenantId --set global.location=$Location --set global.onboardingPrivateKey=$AgentPrivateKey --set systemDefaultValues.spnOnboarding=false --set global.azureEnvironment=AZUREPUBLICCLOUD --set systemDefaultValues.clusterconnect-agent.enabled=true --set global.kubernetesDistro=$Distribution --set global.kubernetesInfra=$Infrastructure --kubeconfig $KubeConfig --kube-context $KubeContext --wait --timeout 600s + $TenantId = [Microsoft.Azure.Commands.Common.Authentication.Abstractions.AzureRmProfileProvider]::Instance.Profile.DefaultContext.Tenant.Id + helm upgrade --install azure-arc $ChartPath --namespace $ReleaseInstallNamespace --create-namespace --set global.subscriptionId=$SubscriptionId --set global.resourceGroupName=$ResourceGroupName --set global.resourceName=$ClusterName --set global.tenantId=$TenantId --set global.location=$Location --set global.onboardingPrivateKey=$AgentPrivateKey --set systemDefaultValues.spnOnboarding=false --set global.azureEnvironment=AZUREPUBLICCLOUD --set systemDefaultValues.clusterconnect-agent.enabled=true --set global.kubernetesDistro=$Distribution --set global.kubernetesInfra=$Infrastructure (-split $options) Return $Response } } diff --git a/src/ConnectedKubernetes/custom/README.md b/src/ConnectedKubernetes/custom/README.md index ebb3fefb9bbc..78e76af5d1da 100644 --- a/src/ConnectedKubernetes/custom/README.md +++ b/src/ConnectedKubernetes/custom/README.md @@ -32,7 +32,7 @@ These provide functionality to our HTTP pipeline and other useful features. In s ### Attributes For processing the cmdlets, we've created some additional attributes: - `Microsoft.Azure.PowerShell.Cmdlets.ConnectedKubernetes.DescriptionAttribute` - - Used in C# cmdlets to provide a high-level description of the cmdlet. This is propagated to reference documentation via [help comments](https://learn.microsoft.com/powershell/module/microsoft.powershell.core/about/about_comment_based_help) in the exported scripts. + - Used in C# cmdlets to provide a high-level description of the cmdlet. This is propagated to reference documentation via [help comments](https://docs.microsoft.com/powershell/module/microsoft.powershell.core/about/about_comment_based_help) in the exported scripts. - `Microsoft.Azure.PowerShell.Cmdlets.ConnectedKubernetes.DoNotExportAttribute` - Used in C# and script cmdlets to suppress creating an exported cmdlet at build-time. These cmdlets will *not be exposed* by `Az.ConnectedKubernetes`. - `Microsoft.Azure.PowerShell.Cmdlets.ConnectedKubernetes.InternalExportAttribute` diff --git a/src/ConnectedKubernetes/custom/RSAHelper.ps1 b/src/ConnectedKubernetes/custom/RSAHelper.ps1 new file mode 100644 index 000000000000..c12ecc638b55 --- /dev/null +++ b/src/ConnectedKubernetes/custom/RSAHelper.ps1 @@ -0,0 +1,134 @@ +function ExportRSAPrivateKeyBase64{ +[Microsoft.Azure.PowerShell.Cmdlets.ConnectedKubernetes.DoNotExportAttribute()] + param( + [Parameter(Mandatory)] + [System.Security.Cryptography.RSA] + $RSA + ) + process{ + $RSAParams = $RSA.ExportParameters(1) + [byte]$Sequence = 0x30 + [byte[]]$Version = (0x00) + $stream = [System.IO.MemoryStream]::new() + $writer = [System.IO.BinaryWriter]::new($stream) + $writer.Write($Sequence); # SEQUENCE + $innerStream = [System.IO.MemoryStream]::new() + $innerWriter = [System.IO.BinaryWriter]::new($innerStream) + + EncodeIntegerBigEndian $innerWriter $Version + EncodeIntegerBigEndian $innerWriter $RSAParams.Modulus + EncodeIntegerBigEndian $innerWriter $RSAParams.Exponent + EncodeIntegerBigEndian $innerWriter $RSAParams.D + EncodeIntegerBigEndian $innerWriter $RSAParams.P + EncodeIntegerBigEndian $innerWriter $RSAParams.Q + EncodeIntegerBigEndian $innerWriter $RSAParams.DP + EncodeIntegerBigEndian $innerWriter $RSAParams.DQ + EncodeIntegerBigEndian $innerWriter $RSAParams.InverseQ + + $length = ([int]($innerStream.Length)) + EncodeLength $writer $length + $writer.Write($innerStream.GetBuffer(), 0, $length) + + $base64 = [Convert]::ToBase64String($stream.GetBuffer(), 0, ([int]($stream.Length))) + + return $base64 + } +} + +function ExportRSAPublicKeyBase64{ +[Microsoft.Azure.PowerShell.Cmdlets.ConnectedKubernetes.DoNotExportAttribute()] + param( + [Parameter(Mandatory)] + [System.Security.Cryptography.RSA] + $RSA + ) + process{ + $RSAParams = $RSA.ExportParameters(0) + [byte]$Sequence = 0x30 + $stream = [System.IO.MemoryStream]::new() + $writer = [System.IO.BinaryWriter]::new($stream) + $writer.Write($Sequence); + $innerStream = [System.IO.MemoryStream]::new() + $innerWriter = [System.IO.BinaryWriter]::new($innerStream) + EncodeIntegerBigEndian $innerWriter $RSAParams.Modulus + EncodeIntegerBigEndian $innerWriter $RSAParams.Exponent + + $length = ([int]($innerStream.Length)) + EncodeLength $writer $length + $writer.Write($innerStream.GetBuffer(), 0, $length) + + $base64 = [Convert]::ToBase64String($stream.GetBuffer(), 0, ([int]($stream.Length))) + + return $base64 + } +} + +function EncodeLength{ +[Microsoft.Azure.PowerShell.Cmdlets.ConnectedKubernetes.DoNotExportAttribute()] + param( + [System.IO.BinaryWriter]$stream, + [int]$length + ) + process{ + [byte]$bytex80 = 0x80 + if($length -lt 0){ + throw "Length must be non-negative" + } + if($length -lt $bytex80){ + $stream.Write(([byte]$length)) + } + else{ + $temp = $length + $bytesRequired = 0; + while ($temp -gt 0) { + $temp = $temp -shr 8 + $bytesRequired++ + } + + [byte]$byteToWrite = $bytesRequired -bor $bytex80 + $stream.Write($byteToWrite) + $iValue = ($bytesRequired - 1) + [byte]$0ffByte = 0xff + for ($i = $iValue; $i -ge 0; $i--) { + [byte]$byteToWrite = ($length -shr (8 * $i) -band $0ffByte) + $stream.Write($byteToWrite ) + } + } + } +} + +function EncodeIntegerBigEndian{ +[Microsoft.Azure.PowerShell.Cmdlets.ConnectedKubernetes.DoNotExportAttribute()] + param( + [System.IO.BinaryWriter]$stream, + [byte[]]$value, + [bool]$forceUnsigned = $true + ) + process{ + [byte]$Integer = 0x02 + + $stream.Write($Integer); # INTEGER + $prefixZeros = 0 + for ($i = 0; $i -lt $value.Length; $i++) { + if ($value[$i] -ne 0){break} + $prefixZeros++ + } + if(($value.Length - $prefixZeros) -eq 0){ + EncodeLength $stream 1 + $stream.Write(([byte]0)) + } + else{ + [byte]$newByte = 0x7f + if(($forceUnsigned) -AND ($value[$prefixZeros] -gt $newByte)){ + EncodeLength $stream ($value.Length - $prefixZeros +1) + $stream.Write(([byte]0)) + } + else{ + EncodeLength $stream ($value.Length - $prefixZeros) + } + for ($i = $prefixZeros; $i -lt $value.Length; $i++) { + $stream.Write($value[$i]) + } + } + } +} diff --git a/src/ConnectedKubernetes/custom/Remove-AzConnectedKubernetes.ps1 b/src/ConnectedKubernetes/custom/Remove-AzConnectedKubernetes.ps1 index b9616a9cd8dc..1ee62412b9f0 100644 --- a/src/ConnectedKubernetes/custom/Remove-AzConnectedKubernetes.ps1 +++ b/src/ConnectedKubernetes/custom/Remove-AzConnectedKubernetes.ps1 @@ -186,9 +186,10 @@ param( #Endregion #Region get release namespace + Set-Variable ReleaseInstallNamespace -option Constant -value "azure-arc-release" $ReleaseNamespace = $null try { - $ReleaseNamespace = (helm status azure-arc -o json --kubeconfig $KubeConfig --kube-context $KubeContext | ConvertFrom-Json).namespace + $ReleaseNamespace = (helm status azure-arc -o json --kubeconfig $KubeConfig --kube-context $KubeContext -n $ReleaseInstallNamespace | ConvertFrom-Json).namespace } catch { Write-Error "Fail to find the namespace for azure-arc." } @@ -211,7 +212,7 @@ param( } if (($ResourceGroupName -eq $ConfigmapRgName) -and ($ClusterName -eq $ConfigmapClusterName)) { Az.ConnectedKubernetes.internal\Remove-AzConnectedKubernetes @PSBoundParameters - helm delete azure-arc --namespace $ReleaseNamespace --kubeconfig $KubeConfig --kube-context $KubeContext + helm delete azure-arc --namespace $ReleaseInstallNamespace --kubeconfig $KubeConfig --kube-context $KubeContext } else { Write-Error "The current context in the kubeconfig file does not correspond to the connected cluster resource specified. Agents installed on this cluster correspond to the resource group name '$ConfigmapRgName' and resource name '$ConfigmapClusterName'." } diff --git a/src/ConnectedKubernetes/docs/New-AzConnectedKubernetes.md b/src/ConnectedKubernetes/docs/New-AzConnectedKubernetes.md index 71330a3d191e..0c2bf28dca13 100644 --- a/src/ConnectedKubernetes/docs/New-AzConnectedKubernetes.md +++ b/src/ConnectedKubernetes/docs/New-AzConnectedKubernetes.md @@ -14,8 +14,10 @@ API to register a new Kubernetes cluster and create a tracked resource in Azure ``` New-AzConnectedKubernetes -ClusterName -ResourceGroupName -Location - [-SubscriptionId ] [-AcceptEULA] [-AzureHybridBenefit ] [-Distribution ] - [-DistributionVersion ] [-Infrastructure ] [-KubeConfig ] [-KubeContext ] + [-ContainerLogPath ] [-DisableAutoUpgrade] [-HttpProxy ] [-HttpsProxy ] [-NoProxy ] + [-OnboardingTimeout ] [-ProxyCert ] [-SubscriptionId ] [-AcceptEULA] + [-AzureHybridBenefit ] [-Distribution ] [-DistributionVersion ] + [-Infrastructure ] [-KubeConfig ] [-KubeContext ] [-PrivateLinkScopeResourceId ] [-PrivateLinkState ] [-ProvisioningState ] [-Tag ] [-DefaultProfile ] [-AsJob] [-NoWait] [-Confirm] [-WhatIf] [] @@ -81,6 +83,60 @@ eastus azps_test_cluster_ahb azps_test_group Using [-AcceptEULA] will default to your acceptance of the terms of our legal agreement and create a connected kubernetes. +### Example 5: Create a connected kubernetes with parameters HttpProxy, HttpsProxy, NoProxy and Proxy. +```powershell +New-AzConnectedKubernetes -ClusterName azps_test_cluster_ahb -ResourceGroupName azps_test_group -Location eastus -KubeConfig $HOME\.kube\config -KubeContext azps_aks_t01 -HttpProxy "http://proxy-user:proxy-password@proxy-ip:port" -HttpsProxy "http://proxy-user:proxy-password@proxy-ip:port" -NoProxy "localhost,127.0.0.0/8,192.168.0.0/16,172.17.0.0/16,10.96.0.0/12,10.244.0.0/16,10.43.0.0/24,.svc" -Proxy "http://proxy-user:proxy-password@proxy-ip:port" +``` + +```output +Location Name ResourceGroupName +-------- ---- ----------------- +eastus azps_test_cluster_ahb azps_test_group +``` + +This command creates a connected kubernetes with parameters HttpProxy, HttpsProxy, NoProxy and Proxy. + +### Example 6: Create a connected kubernetes with parameters HttpProxy, HttpsProxy, NoProxy, Proxy and ProxyCredential. +```powershell +$pwd = ConvertTo-SecureString "proxy-password" -AsPlainText -Force +$cred = New-Object System.Management.Automation.PSCredential ("proxy-user", $pwd) +New-AzConnectedKubernetes -ClusterName azps_test_cluster_ahb -ResourceGroupName azps_test_group -Location eastus -KubeConfig $HOME\.kube\config -KubeContext azps_aks_t01 -HttpProxy "http://proxy-user:proxy-password@proxy-ip:port" -HttpsProxy "http://proxy-user:proxy-password@proxy-ip:port" -NoProxy "localhost,127.0.0.0/8,192.168.0.0/16,172.17.0.0/16,10.96.0.0/12,10.244.0.0/16,10.43.0.0/24,.svc" -Proxy "http://proxy-ip:port" -ProxyCredential $cred +``` + +```output +Location Name ResourceGroupName +-------- ---- ----------------- +eastus azps_test_cluster_ahb azps_test_group +``` + +This command creates a connected kubernetes with parameters HttpProxy, HttpsProxy, NoProxy, Proxy and ProxyCredential. + +### Example 7: Create a connected kubernetes and disable auto upgrade of arc agents. +```powershell +New-AzConnectedKubernetes -ClusterName azps_test_cluster -ResourceGroupName azps_test_group -Location eastus -DisableAutoUpgrade +``` + +```output +Location Name ResourceGroupName +-------- ---- ----------------- +eastus azps_test_cluster azps_test_group +``` + +This command creates a connected kubernetes and disable auto upgrade of arc agents. + +### Example 8: Create a connected kubernetes with custom onboarding timeout. +```powershell +New-AzConnectedKubernetes -ClusterName azps_test_cluster -ResourceGroupName azps_test_group -Location eastus -OnboardingTimeout 600 +``` + +```output +Location Name ResourceGroupName +-------- ---- ----------------- +eastus azps_test_cluster azps_test_group +``` + +This command creates a connected kubernetes with custom onboarding timeout. + ## PARAMETERS ### -AcceptEULA @@ -143,6 +199,21 @@ Accept pipeline input: False Accept wildcard characters: False ``` +### -ContainerLogPath +Override the default container log path to enable fluent-bit logging. + +```yaml +Type: System.String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + ### -DefaultProfile The credentials, account, tenant, and subscription used for communication with Azure. @@ -158,6 +229,21 @@ Accept pipeline input: False Accept wildcard characters: False ``` +### -DisableAutoUpgrade +Flag to disable auto upgrade of arc agents. + +```yaml +Type: System.Management.Automation.SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + ### -Distribution The Kubernetes distribution running on this connected cluster. @@ -188,6 +274,36 @@ Accept pipeline input: False Accept wildcard characters: False ``` +### -HttpProxy +The http URI of the proxy server for the kubernetes cluster to use + +```yaml +Type: System.Uri +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -HttpsProxy +The https URI of the proxy server for the kubernetes cluster to use + +```yaml +Type: System.Uri +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + ### -Infrastructure The infrastructure on which the Kubernetes cluster represented by this connected cluster is running on. @@ -248,6 +364,21 @@ Accept pipeline input: False Accept wildcard characters: False ``` +### -NoProxy +The comma-separated list of hostnames that should be excluded from the proxy server for the kubernetes cluster to use + +```yaml +Type: System.String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + ### -NoWait Run the command asynchronously @@ -263,6 +394,21 @@ Accept pipeline input: False Accept wildcard characters: False ``` +### -OnboardingTimeout +The time required (in seconds) for the arc-agent pods to be installed on the kubernetes cluster. + +```yaml +Type: System.Int32 +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + ### -PrivateLinkScopeResourceId The resource id of the private link scope this connected cluster is assigned to, if any. @@ -308,6 +454,21 @@ Accept pipeline input: False Accept wildcard characters: False ``` +### -ProxyCert +The path to the certificate file for proxy or custom Certificate Authority. + +```yaml +Type: System.String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + ### -ResourceGroupName The name of the resource group. The name is case insensitive. diff --git a/src/ConnectedKubernetes/docs/README.md b/src/ConnectedKubernetes/docs/README.md index 6eed363d717e..82c61b69a7c6 100644 --- a/src/ConnectedKubernetes/docs/README.md +++ b/src/ConnectedKubernetes/docs/README.md @@ -8,4 +8,4 @@ This directory contains the documentation of the cmdlets for the `Az.ConnectedKu - Packaged: yes ## Details -The process of documentation generation loads `Az.ConnectedKubernetes` and analyzes the exported cmdlets from the module. It recognizes the [help comments](https://learn.microsoft.com/powershell/module/microsoft.powershell.core/about/about_comment_based_help) that are generated into the scripts in the `..\exports` folder. Additionally, when writing custom cmdlets in the `..\custom` folder, you can use the help comments syntax, which decorate the exported scripts at build-time. The documentation examples are taken from the `..\examples` folder. \ No newline at end of file +The process of documentation generation loads `Az.ConnectedKubernetes` and analyzes the exported cmdlets from the module. It recognizes the [help comments](https://docs.microsoft.com/powershell/module/microsoft.powershell.core/about/about_comment_based_help) that are generated into the scripts in the `..\exports` folder. Additionally, when writing custom cmdlets in the `..\custom` folder, you can use the help comments syntax, which decorate the exported scripts at build-time. The documentation examples are taken from the `..\examples` folder. \ No newline at end of file diff --git a/src/ConnectedKubernetes/examples/New-AzConnectedKubernetes.md b/src/ConnectedKubernetes/examples/New-AzConnectedKubernetes.md index ee2c13280548..b6de62dd9825 100644 --- a/src/ConnectedKubernetes/examples/New-AzConnectedKubernetes.md +++ b/src/ConnectedKubernetes/examples/New-AzConnectedKubernetes.md @@ -51,4 +51,58 @@ Location Name ResourceGroupName eastus azps_test_cluster_ahb azps_test_group ``` -Using [-AcceptEULA] will default to your acceptance of the terms of our legal agreement and create a connected kubernetes. \ No newline at end of file +Using [-AcceptEULA] will default to your acceptance of the terms of our legal agreement and create a connected kubernetes. + +### Example 5: Create a connected kubernetes with parameters HttpProxy, HttpsProxy, NoProxy and Proxy. +```powershell +New-AzConnectedKubernetes -ClusterName azps_test_cluster_ahb -ResourceGroupName azps_test_group -Location eastus -KubeConfig $HOME\.kube\config -KubeContext azps_aks_t01 -HttpProxy "http://proxy-user:proxy-password@proxy-ip:port" -HttpsProxy "http://proxy-user:proxy-password@proxy-ip:port" -NoProxy "localhost,127.0.0.0/8,192.168.0.0/16,172.17.0.0/16,10.96.0.0/12,10.244.0.0/16,10.43.0.0/24,.svc" -Proxy "http://proxy-user:proxy-password@proxy-ip:port" +``` + +```output +Location Name ResourceGroupName +-------- ---- ----------------- +eastus azps_test_cluster_ahb azps_test_group +``` + +This command creates a connected kubernetes with parameters HttpProxy, HttpsProxy, NoProxy and Proxy. + +### Example 6: Create a connected kubernetes with parameters HttpProxy, HttpsProxy, NoProxy, Proxy and ProxyCredential. +```powershell +$pwd = ConvertTo-SecureString "proxy-password" -AsPlainText -Force +$cred = New-Object System.Management.Automation.PSCredential ("proxy-user", $pwd) +New-AzConnectedKubernetes -ClusterName azps_test_cluster_ahb -ResourceGroupName azps_test_group -Location eastus -KubeConfig $HOME\.kube\config -KubeContext azps_aks_t01 -HttpProxy "http://proxy-user:proxy-password@proxy-ip:port" -HttpsProxy "http://proxy-user:proxy-password@proxy-ip:port" -NoProxy "localhost,127.0.0.0/8,192.168.0.0/16,172.17.0.0/16,10.96.0.0/12,10.244.0.0/16,10.43.0.0/24,.svc" -Proxy "http://proxy-ip:port" -ProxyCredential $cred +``` + +```output +Location Name ResourceGroupName +-------- ---- ----------------- +eastus azps_test_cluster_ahb azps_test_group +``` + +This command creates a connected kubernetes with parameters HttpProxy, HttpsProxy, NoProxy, Proxy and ProxyCredential. + +### Example 7: Create a connected kubernetes and disable auto upgrade of arc agents. +```powershell +New-AzConnectedKubernetes -ClusterName azps_test_cluster -ResourceGroupName azps_test_group -Location eastus -DisableAutoUpgrade +``` + +```output +Location Name ResourceGroupName +-------- ---- ----------------- +eastus azps_test_cluster azps_test_group +``` + +This command creates a connected kubernetes and disable auto upgrade of arc agents. + +### Example 8: Create a connected kubernetes with custom onboarding timeout. +```powershell +New-AzConnectedKubernetes -ClusterName azps_test_cluster -ResourceGroupName azps_test_group -Location eastus -OnboardingTimeout 600 +``` + +```output +Location Name ResourceGroupName +-------- ---- ----------------- +eastus azps_test_cluster azps_test_group +``` + +This command creates a connected kubernetes with custom onboarding timeout. diff --git a/src/ConnectedKubernetes/how-to.md b/src/ConnectedKubernetes/how-to.md index eb34578097b6..7bd16a08db0c 100644 --- a/src/ConnectedKubernetes/how-to.md +++ b/src/ConnectedKubernetes/how-to.md @@ -14,7 +14,7 @@ To generate documentation, the process is now integrated into the `build-module. To test the cmdlets, we use [Pester](https://github.com/pester/Pester). Tests scripts (`.ps1`) should be added to the `test` folder. To execute the Pester tests, run the `test-module.ps1` script. This will run all tests in `playback` mode within the `test` folder. To read more about testing cmdlets, look at the [README.md](examples/README.md) in the `examples` folder. ## Packing `Az.ConnectedKubernetes` -To pack `Az.ConnectedKubernetes` for distribution, run the `pack-module.ps1` script. This will take the contents of multiple directories and certain root-folder files to create a `.nupkg`. The structure of the `.nupkg` is created so it can be loaded part of a [PSRepository](https://learn.microsoft.com/powershell/module/powershellget/register-psrepository). Additionally, this package is in a format for distribution to the [PSGallery](https://www.powershellgallery.com/). For signing an Azure module, please contact the [Azure PowerShell](https://github.com/Azure/azure-powershell) team. +To pack `Az.ConnectedKubernetes` for distribution, run the `pack-module.ps1` script. This will take the contents of multiple directories and certain root-folder files to create a `.nupkg`. The structure of the `.nupkg` is created so it can be loaded part of a [PSRepository](https://docs.microsoft.com/powershell/module/powershellget/register-psrepository). Additionally, this package is in a format for distribution to the [PSGallery](https://www.powershellgallery.com/). For signing an Azure module, please contact the [Azure PowerShell](https://github.com/Azure/azure-powershell) team. ## Module Script Details There are multiple scripts created for performing different actions for developing `Az.ConnectedKubernetes`. diff --git a/src/ConnectedKubernetes/test/AzConnectedKubernetes.Tests.ps1 b/src/ConnectedKubernetes/test/AzConnectedKubernetes.Tests.ps1 index fdfb3a487168..40893d06e0f5 100644 --- a/src/ConnectedKubernetes/test/AzConnectedKubernetes.Tests.ps1 +++ b/src/ConnectedKubernetes/test/AzConnectedKubernetes.Tests.ps1 @@ -18,7 +18,7 @@ Describe 'AzConnectedKubernetes' { $config.ProvisioningState | Should -Be 'Succeeded' # Clear helm azure-arc environment - helm delete azure-arc --no-hooks + helm delete azure-arc -n azure-arc-release --no-hooks } | Should -Not -Throw }