Example #1
0
def ParseCreateOptionsBase(args):
  """Parses the flags provided with the cluster creation command."""

  flags.MungeBasicAuthFlags(args)
  if (args.IsSpecified('enable_cloud_endpoints') and
      properties.VALUES.container.new_scopes_behavior.GetBool()):
    raise util.Error('Flag --[no-]enable-cloud-endpoints is not allowed if '
                     'property container/ new_scopes_behavior is set to true.')
  flags.WarnForUnspecifiedAutorepair(args)
  flags.WarnForUnspecifiedIpAllocationPolicy(args)
  cluster_ipv4_cidr = args.cluster_ipv4_cidr
  enable_master_authorized_networks = args.enable_master_authorized_networks
  return api_adapter.CreateClusterOptions(
      accelerators=args.accelerator,
      additional_zones=args.additional_zones,
      addons=args.addons,
      cluster_ipv4_cidr=cluster_ipv4_cidr,
      cluster_secondary_range_name=args.cluster_secondary_range_name,
      cluster_version=args.cluster_version,
      node_version=args.node_version,
      create_subnetwork=args.create_subnetwork,
      disk_type=args.disk_type,
      enable_autorepair=args.enable_autorepair,
      enable_autoscaling=args.enable_autoscaling,
      enable_autoupgrade=args.enable_autoupgrade,
      enable_cloud_endpoints=args.enable_cloud_endpoints,
      enable_cloud_logging=args.enable_cloud_logging,
      enable_cloud_monitoring=args.enable_cloud_monitoring,
      enable_ip_alias=args.enable_ip_alias,
      enable_kubernetes_alpha=args.enable_kubernetes_alpha,
      enable_legacy_authorization=args.enable_legacy_authorization,
      enable_master_authorized_networks=enable_master_authorized_networks,
      enable_network_policy=args.enable_network_policy,
      image_type=args.image_type,
      image=args.image,
      image_project=args.image_project,
      image_family=args.image_family,
      issue_client_certificate=args.issue_client_certificate,
      labels=args.labels,
      local_ssd_count=args.local_ssd_count,
      maintenance_window=args.maintenance_window,
      master_authorized_networks=args.master_authorized_networks,
      max_nodes=args.max_nodes,
      max_nodes_per_pool=args.max_nodes_per_pool,
      min_cpu_platform=args.min_cpu_platform,
      min_nodes=args.min_nodes,
      network=args.network,
      node_disk_size_gb=args.disk_size,
      node_labels=args.node_labels,
      node_locations=args.node_locations,
      node_machine_type=args.machine_type,
      node_taints=args.node_taints,
      num_nodes=args.num_nodes,
      password=args.password,
      preemptible=args.preemptible,
      scopes=args.scopes,
      service_account=args.service_account,
      services_ipv4_cidr=args.services_ipv4_cidr,
      services_secondary_range_name=args.services_secondary_range_name,
      subnetwork=args.subnetwork,
      tags=args.tags,
      user=args.username)
Example #2
0
def ParseCreateOptionsBase(args, is_autopilot, get_default, location,
                           project_id):
    """Parses the flags provided with the cluster creation command."""
    if hasattr(args, 'addons') and args.IsSpecified('addons') and \
        api_adapter.DASHBOARD in args.addons:
        log.warning(
            'The `KubernetesDashboard` addon is deprecated, and will be removed as '
            'an option for new clusters starting in 1.15. It is recommended to use '
            'the Cloud Console to manage and monitor your Kubernetes clusters, '
            'workloads and applications. See: '
            'https://cloud.google.com/kubernetes-engine/docs/concepts/dashboards'
        )

    flags.LogBasicAuthDeprecationWarning(args)
    flags.MungeBasicAuthFlags(args)
    MaybeLogAuthWarning(args)
    MaybeLogReleaseChannelDefaultWarning(args)

    enable_ip_alias = get_default('enable_ip_alias')
    if hasattr(args, 'enable_ip_alias'):
        flags.WarnForUnspecifiedIpAllocationPolicy(args)

    enable_autorepair = None
    if hasattr(args, 'enable_autorepair'):
        enable_autorepair = cmd_util.GetAutoRepair(args)
        if enable_autorepair:
            flags.WarnForNodeModification(args, enable_autorepair)

    metadata = metadata_utils.ConstructMetadataDict(
        get_default('metadata'), get_default('metadata_from_file'))

    cloud_run_config = flags.GetLegacyCloudRunFlag('{}_config', args,
                                                   get_default)
    flags.ValidateCloudRunConfigCreateArgs(cloud_run_config,
                                           get_default('addons'))

    MaybeLogCloudNatHelpText(args, is_autopilot, location, project_id)

    flags.ValidateNotificationConfigFlag(args)

    return api_adapter.CreateClusterOptions(
        accelerators=get_default('accelerator'),
        additional_zones=get_default('additional_zones'),
        addons=get_default('addons'),
        boot_disk_kms_key=get_default('boot_disk_kms_key'),
        cluster_ipv4_cidr=get_default('cluster_ipv4_cidr'),
        cluster_secondary_range_name=get_default('cluster_secondary_range_name'),
        cluster_version=get_default('cluster_version'),
        cloud_run_config=cloud_run_config,
        node_version=get_default('node_version'),
        create_subnetwork=get_default('create_subnetwork'),
        disable_default_snat=get_default('disable_default_snat'),
        disk_type=get_default('disk_type'),
        enable_autorepair=enable_autorepair,
        enable_autoscaling=get_default('enable_autoscaling'),
        enable_autoupgrade=(cmd_util.GetAutoUpgrade(args) if
                            hasattr(args, 'enable_autoupgrade')
                            else None),
        enable_binauthz=get_default('enable_binauthz'),
        enable_stackdriver_kubernetes=_GetEnableStackdriver(args),
        enable_cloud_logging=args.enable_cloud_logging if (hasattr(args, 'enable_cloud_logging') and args.IsSpecified('enable_cloud_logging')) else None,
        enable_cloud_monitoring=args.enable_cloud_monitoring if (hasattr(args, 'enable_cloud_monitoring') and args.IsSpecified('enable_cloud_monitoring')) else None,
        enable_workload_monitoring_eap=get_default('enable_workload_monitoring_eap'),
        enable_ip_alias=enable_ip_alias,
        enable_intra_node_visibility=get_default('enable_intra_node_visibility'),
        enable_kubernetes_alpha=get_default('enable_kubernetes_alpha'),
        enable_cloud_run_alpha=flags.GetLegacyCloudRunFlag('enable_{}_alpha', args, get_default),
        enable_legacy_authorization=get_default('enable_legacy_authorization'),
        enable_master_authorized_networks=\
          get_default('enable_master_authorized_networks'),
        enable_master_global_access=get_default('enable_master_global_access'),
        enable_network_policy=get_default('enable_network_policy'),
        enable_private_nodes=get_default('enable_private_nodes'),
        enable_private_endpoint=get_default('enable_private_endpoint'),
        enable_gke_oidc=getattr(args, 'enable_gke_oidc', None),
        image_type=get_default('image_type'),
        image=get_default('image'),
        image_project=get_default('image_project'),
        image_family=get_default('image_family'),
        issue_client_certificate=get_default('issue_client_certificate'),
        labels=get_default('labels'),
        local_ssd_count=get_default('local_ssd_count'),
        maintenance_window=get_default('maintenance_window'),
        maintenance_window_start=get_default('maintenance_window_start'),
        maintenance_window_end=get_default('maintenance_window_end'),
        maintenance_window_recurrence=get_default('maintenance_window_recurrence'),
        master_authorized_networks=get_default('master_authorized_networks'),
        master_ipv4_cidr=get_default('master_ipv4_cidr'),
        max_nodes=get_default('max_nodes'),
        max_nodes_per_pool=get_default('max_nodes_per_pool'),
        min_cpu_platform=get_default('min_cpu_platform'),
        min_nodes=get_default('min_nodes'),
        network=get_default('network'),
        node_disk_size_gb=utils.BytesToGb(args.disk_size) if hasattr(args, 'disk_size') else None,
        node_labels=get_default('node_labels'),
        node_locations=get_default('node_locations'),
        node_machine_type=get_default('machine_type'),
        node_taints=get_default('node_taints'),
        num_nodes=get_default('num_nodes'),
        password=get_default('password'),
        preemptible=get_default('preemptible'),
        scopes=get_default('scopes'),
        service_account=get_default('service_account'),
        services_ipv4_cidr=get_default('services_ipv4_cidr'),
        services_secondary_range_name=get_default('services_secondary_range_name'),
        subnetwork=get_default('subnetwork'),
        system_config_from_file=get_default('system_config_from_file'),
        private_ipv6_google_access_type=get_default('private_ipv6_google_access_type'),
        tags=get_default('tags'),
        user=get_default('username'),
        metadata=metadata,
        default_max_pods_per_node=get_default('default_max_pods_per_node'),
        max_pods_per_node=get_default('max_pods_per_node'),
        enable_tpu=get_default('enable_tpu'),
        tpu_ipv4_cidr=get_default('tpu_ipv4_cidr'),
        resource_usage_bigquery_dataset=get_default('resource_usage_bigquery_dataset'),
        enable_network_egress_metering=get_default('enable_network_egress_metering'),
        enable_resource_consumption_metering=get_default('enable_resource_consumption_metering'),
        database_encryption_key=get_default('database_encryption_key'),
        workload_pool=get_default('workload_pool'),
        identity_provider=get_default('identity_provider'),
        workload_metadata=get_default('workload_metadata'),
        workload_metadata_from_node=get_default('workload_metadata_from_node'),
        enable_vertical_pod_autoscaling=get_default('enable_vertical_pod_autoscaling'),
        enable_autoprovisioning=get_default('enable_autoprovisioning'),
        autoprovisioning_config_file=get_default('autoprovisioning_config_file'),
        autoprovisioning_service_account=get_default('autoprovisioning_service_account'),
        autoprovisioning_scopes=get_default('autoprovisioning_scopes'),
        autoprovisioning_locations=get_default('autoprovisioning_locations'),
        autoprovisioning_max_surge_upgrade=get_default('autoprovisioning_max_surge_upgrade'),
        autoprovisioning_max_unavailable_upgrade=get_default('autoprovisioning_max_unavailable_upgrade'),
        enable_autoprovisioning_autorepair=get_default('enable_autoprovisioning_autorepair'),
        enable_autoprovisioning_autoupgrade=get_default('enable_autoprovisioning_autoupgrade'),
        autoprovisioning_min_cpu_platform=get_default('autoprovisioning_min_cpu_platform'),
        min_cpu=get_default('min_cpu'),
        max_cpu=get_default('max_cpu'),
        min_memory=get_default('min_memory'),
        max_memory=get_default('max_memory'),
        min_accelerator=get_default('min_accelerator'),
        max_accelerator=get_default('max_accelerator'),
        shielded_secure_boot=get_default('shielded_secure_boot'),
        shielded_integrity_monitoring=get_default('shielded_integrity_monitoring'),
        reservation_affinity=get_default('reservation_affinity'),
        reservation=get_default('reservation'),
        release_channel=get_default('release_channel'),
        enable_shielded_nodes=get_default('enable_shielded_nodes'),
        max_surge_upgrade=get_default('max_surge_upgrade'),
        max_unavailable_upgrade=get_default('max_unavailable_upgrade'),
        autopilot=is_autopilot)
Example #3
0
def ParseCreateOptionsBase(args):
    """Parses the flags provided with the cluster creation command."""
    if not (args.IsSpecified('enable_basic_auth')
            or args.IsSpecified('username')):
        log.warning('Starting in 1.12, new clusters will have basic '
                    'authentication disabled by default. Basic authentication '
                    'can be enabled (or disabled) manually using the '
                    '`--[no-]enable-basic-auth` flag.')
    if not args.IsSpecified('issue_client_certificate'):
        log.warning(
            'Starting in 1.12, new clusters will not have a client '
            'certificate issued. You can manually enable (or disable) the '
            'issuance of the client certificate using the '
            '`--[no-]issue-client-certificate` flag.')

    flags.MungeBasicAuthFlags(args)

    if args.IsSpecified('issue_client_certificate') and not (
            args.IsSpecified('enable_basic_auth')
            or args.IsSpecified('username')):
        log.warning(
            'If `--issue-client-certificate` is specified but '
            '`--enable-basic-auth` or `--username` is not, our API will '
            'treat that as `--no-enable-basic-auth`.')

    if (args.IsSpecified('enable_cloud_endpoints')
            and properties.VALUES.container.new_scopes_behavior.GetBool()):
        raise util.Error(
            'Flag --[no-]enable-cloud-endpoints is not allowed if '
            'property container/ new_scopes_behavior is set to true.')
    if args.IsSpecified('enable_autorepair'):
        enable_autorepair = args.enable_autorepair
    else:
        # Node pools using COS support auto repairs, enable it for them by default.
        # Other node pools using (Ubuntu, custom images) don't support node auto
        # repairs, attempting to enable autorepair for them will result in API call
        # failing so don't do it.
        enable_autorepair = ((args.image_type or '').lower() in ['', 'cos'])
    flags.WarnForUnspecifiedIpAllocationPolicy(args)
    metadata = metadata_utils.ConstructMetadataDict(args.metadata,
                                                    args.metadata_from_file)
    return api_adapter.CreateClusterOptions(
        accelerators=args.accelerator,
        additional_zones=args.additional_zones,
        addons=args.addons,
        cluster_ipv4_cidr=args.cluster_ipv4_cidr,
        cluster_secondary_range_name=args.cluster_secondary_range_name,
        cluster_version=args.cluster_version,
        node_version=args.node_version,
        create_subnetwork=args.create_subnetwork,
        disk_type=args.disk_type,
        enable_autorepair=enable_autorepair,
        enable_autoscaling=args.enable_autoscaling,
        enable_autoupgrade=args.enable_autoupgrade,
        enable_cloud_endpoints=args.enable_cloud_endpoints,
        enable_cloud_logging=args.enable_cloud_logging,
        enable_cloud_monitoring=args.enable_cloud_monitoring,
        enable_ip_alias=args.enable_ip_alias,
        enable_kubernetes_alpha=args.enable_kubernetes_alpha,
        enable_legacy_authorization=args.enable_legacy_authorization,
        enable_master_authorized_networks=args.
        enable_master_authorized_networks,
        enable_network_policy=args.enable_network_policy,
        enable_private_nodes=args.enable_private_nodes,
        enable_private_endpoint=args.enable_private_endpoint,
        image_type=args.image_type,
        image=args.image,
        image_project=args.image_project,
        image_family=args.image_family,
        issue_client_certificate=args.issue_client_certificate,
        labels=args.labels,
        local_ssd_count=args.local_ssd_count,
        maintenance_window=args.maintenance_window,
        master_authorized_networks=args.master_authorized_networks,
        master_ipv4_cidr=args.master_ipv4_cidr,
        max_nodes=args.max_nodes,
        max_nodes_per_pool=args.max_nodes_per_pool,
        min_cpu_platform=args.min_cpu_platform,
        min_nodes=args.min_nodes,
        network=args.network,
        node_disk_size_gb=utils.BytesToGb(args.disk_size),
        node_labels=args.node_labels,
        node_locations=args.node_locations,
        node_machine_type=args.machine_type,
        node_taints=args.node_taints,
        num_nodes=args.num_nodes,
        password=args.password,
        preemptible=args.preemptible,
        scopes=args.scopes,
        service_account=args.service_account,
        services_ipv4_cidr=args.services_ipv4_cidr,
        services_secondary_range_name=args.services_secondary_range_name,
        subnetwork=args.subnetwork,
        tags=args.tags,
        user=args.username,
        metadata=metadata)
Example #4
0
    def Run(self, args):
        """This is what gets called when the user runs this command.

    Args:
      args: an argparse namespace. All the arguments that were provided to this
        command invocation.

    Returns:
      Some value that we want to have printed later.
    """
        adapter = self.context['api_adapter']
        location_get = self.context['location_get']
        location = location_get(args)
        cluster_ref = adapter.ParseCluster(args.name, location)
        # Make sure it exists (will raise appropriate error if not)
        cluster = adapter.GetCluster(cluster_ref)

        # locations will be None if additional-zones was specified, an empty list
        # if it was specified with no argument, or a populated list if zones were
        # provided. We want to distinguish between the case where it isn't
        # specified (and thus shouldn't be passed on to the API) and the case where
        # it's specified as wanting no additional zones, in which case we must pass
        # the cluster's primary zone to the API.
        # TODO(b/29578401): Remove the hasattr once the flag is GA.
        locations = None
        if hasattr(args,
                   'additional_zones') and args.additional_zones is not None:
            locations = sorted([cluster_ref.zone] + args.additional_zones)
        if hasattr(args, 'node_locations') and args.node_locations is not None:
            locations = sorted(args.node_locations)

        if args.username is not None or args.enable_basic_auth is not None:
            flags.MungeBasicAuthFlags(args)
            options = api_adapter.SetMasterAuthOptions(
                action=api_adapter.SetMasterAuthOptions.SET_USERNAME,
                username=args.username,
                password=args.password)

            try:
                op_ref = adapter.SetMasterAuth(cluster_ref, options)
            except apitools_exceptions.HttpError as error:
                raise exceptions.HttpException(error, util.HTTP_ERROR_FORMAT)
        elif (args.generate_password or args.set_password
              or args.password is not None):
            if args.generate_password:
                password = ''
                options = api_adapter.SetMasterAuthOptions(
                    action=api_adapter.SetMasterAuthOptions.GENERATE_PASSWORD,
                    password=password)
            else:
                password = args.password
                if args.password is None:
                    password = raw_input('Please enter the new password:'******'Enabling/Disabling Network Policy causes a rolling '
                'update of all cluster nodes, similar to performing a cluster '
                'upgrade.  This operation is long-running and will block other '
                'operations on the cluster (including delete) until it has run '
                'to completion.',
                cancel_on_no=True)
            options = api_adapter.SetNetworkPolicyOptions(
                enabled=args.enable_network_policy)
            try:
                op_ref = adapter.SetNetworkPolicy(cluster_ref, options)
            except apitools_exceptions.HttpError as error:
                raise exceptions.HttpException(error, util.HTTP_ERROR_FORMAT)
        elif args.start_ip_rotation:
            console_io.PromptContinue(
                message=
                'This will start an IP Rotation on cluster [{name}]. The '
                'master will be updated to serve on a new IP address in addition to '
                'the current IP address. Kubernetes Engine will then recreate all '
                'nodes ({num_nodes} nodes) to point to the new IP address. This '
                'operation is long-running and will block other operations on the '
                'cluster (including delete) until it has run to completion.'.
                format(name=cluster.name, num_nodes=cluster.currentNodeCount),
                cancel_on_no=True)
            try:
                op_ref = adapter.StartIpRotation(cluster_ref)
            except apitools_exceptions.HttpError as error:
                raise exceptions.HttpException(error, util.HTTP_ERROR_FORMAT)
        elif args.complete_ip_rotation:
            console_io.PromptContinue(
                message=
                'This will complete the in-progress IP Rotation on cluster '
                '[{name}]. The master will be updated to stop serving on the old IP '
                'address and only serve on the new IP address. Make sure all API '
                'clients have been updated to communicate with the new IP address '
                '(e.g. by running `gcloud container clusters get-credentials '
                '--project {project} --zone {zone} {name}`). This operation is long-'
                'running and will block other operations on the cluster (including '
                'delete) until it has run to completion.'.format(
                    name=cluster.name,
                    project=cluster_ref.projectId,
                    zone=cluster.zone),
                cancel_on_no=True)
            try:
                op_ref = adapter.CompleteIpRotation(cluster_ref)
            except apitools_exceptions.HttpError as error:
                raise exceptions.HttpException(error, util.HTTP_ERROR_FORMAT)
        elif args.update_labels is not None:
            try:
                op_ref = adapter.UpdateLabels(cluster_ref, args.update_labels)
            except apitools_exceptions.HttpError as error:
                raise exceptions.HttpException(error, util.HTTP_ERROR_FORMAT)
        elif args.remove_labels is not None:
            try:
                op_ref = adapter.RemoveLabels(cluster_ref, args.remove_labels)
            except apitools_exceptions.HttpError as error:
                raise exceptions.HttpException(error, util.HTTP_ERROR_FORMAT)
        elif args.logging_service is not None:
            try:
                op_ref = adapter.SetLoggingService(cluster_ref,
                                                   args.logging_service)
            except apitools_exceptions.HttpError as error:
                raise exceptions.HttpException(error, util.HTTP_ERROR_FORMAT)
        elif args.maintenance_window is not None:
            try:
                op_ref = adapter.SetMaintenanceWindow(cluster_ref,
                                                      args.maintenance_window)
            except apitools_exceptions.HttpError as error:
                raise exceptions.HttpException(error, util.HTTP_ERROR_FORMAT)
        else:
            if args.enable_legacy_authorization is not None:
                op_ref = adapter.SetLegacyAuthorization(
                    cluster_ref, args.enable_legacy_authorization)
            else:
                options = self.ParseUpdateOptions(args, locations)
                op_ref = adapter.UpdateCluster(cluster_ref, options)

        if not args. async:
            adapter.WaitForOperation(
                op_ref, 'Updating {0}'.format(cluster_ref.clusterId))

            log.UpdatedResource(cluster_ref)
            cluster_url = util.GenerateClusterUrl(cluster_ref)
            log.status.Print(
                'To inspect the contents of your cluster, go to: ' +
                cluster_url)

            if args.start_ip_rotation or args.complete_ip_rotation:
                cluster = adapter.GetCluster(cluster_ref)
                try:
                    util.ClusterConfig.Persist(cluster, cluster_ref.projectId)
                except kconfig.MissingEnvVarError as error:
                    log.warning(error.message)
Example #5
0
  def Run(self, args):
    """This is what gets called when the user runs this command.

    Args:
      args: an argparse namespace. All the arguments that were provided to this
        command invocation.

    Returns:
      Some value that we want to have printed later.
    """
    adapter = self.context['api_adapter']
    location_get = self.context['location_get']
    location = location_get(args)
    cluster_ref = adapter.ParseCluster(args.name, location)
    cluster_name = args.name
    cluster_node_count = None
    cluster_zone = cluster_ref.zone
    try:
      # Attempt to get cluster for better prompts and to validate args.
      # Error is a warning but not fatal. Should only exit with a failure on
      # the actual update API calls below.
      cluster = adapter.GetCluster(cluster_ref)
      cluster_name = cluster.name
      cluster_node_count = cluster.currentNodeCount
      cluster_zone = cluster.zone
    except (exceptions.HttpException, apitools_exceptions.HttpForbiddenError,
            util.Error) as error:
      log.warning(('Problem loading details of cluster to update:\n\n{}\n\n'
                   'You can still attempt updates to the cluster.\n').format(
                       console_attr.SafeText(error)))

    # locations will be None if additional-zones was specified, an empty list
    # if it was specified with no argument, or a populated list if zones were
    # provided. We want to distinguish between the case where it isn't
    # specified (and thus shouldn't be passed on to the API) and the case where
    # it's specified as wanting no additional zones, in which case we must pass
    # the cluster's primary zone to the API.
    # TODO(b/29578401): Remove the hasattr once the flag is GA.
    locations = None
    if hasattr(args, 'additional_zones') and args.additional_zones is not None:
      locations = sorted([cluster_ref.zone] + args.additional_zones)
    if hasattr(args, 'node_locations') and args.node_locations is not None:
      locations = sorted(args.node_locations)

    if args.IsSpecified('username') or args.IsSpecified('enable_basic_auth'):
      flags.MungeBasicAuthFlags(args)
      options = api_adapter.SetMasterAuthOptions(
          action=api_adapter.SetMasterAuthOptions.SET_USERNAME,
          username=args.username,
          password=args.password)

      try:
        op_ref = adapter.SetMasterAuth(cluster_ref, options)
      except apitools_exceptions.HttpError as error:
        raise exceptions.HttpException(error, util.HTTP_ERROR_FORMAT)
    elif (args.generate_password or args.set_password or
          args.IsSpecified('password')):
      if args.generate_password:
        password = ''
        options = api_adapter.SetMasterAuthOptions(
            action=api_adapter.SetMasterAuthOptions.GENERATE_PASSWORD,
            password=password)
      else:
        password = args.password
        if not args.IsSpecified('password'):
          password = input('Please enter the new password:'******'Enabling/Disabling Network Policy causes a rolling '
          'update of all cluster nodes, similar to performing a cluster '
          'upgrade.  This operation is long-running and will block other '
          'operations on the cluster (including delete) until it has run '
          'to completion.',
          cancel_on_no=True)
      options = api_adapter.SetNetworkPolicyOptions(
          enabled=args.enable_network_policy)
      try:
        op_ref = adapter.SetNetworkPolicy(cluster_ref, options)
      except apitools_exceptions.HttpError as error:
        raise exceptions.HttpException(error, util.HTTP_ERROR_FORMAT)
    elif args.start_ip_rotation or args.start_credential_rotation:
      if args.start_ip_rotation:
        msg_tmpl = """This will start an IP Rotation on cluster [{name}]. The \
master will be updated to serve on a new IP address in addition to the current \
IP address. Kubernetes Engine will then recreate all nodes ({num_nodes} nodes) \
to point to the new IP address. This operation is long-running and will block \
other operations on the cluster (including delete) until it has run to \
completion."""
        rotate_credentials = False
      elif args.start_credential_rotation:
        msg_tmpl = """This will start an IP and Credentials Rotation on cluster\
 [{name}]. The master will be updated to serve on a new IP address in addition \
to the current IP address, and cluster credentials will be rotated. Kubernetes \
Engine will then recreate all nodes ({num_nodes} nodes) to point to the new IP \
address. This operation is long-running and will block other operations on the \
cluster (including delete) until it has run to completion."""
        rotate_credentials = True
      console_io.PromptContinue(
          message=msg_tmpl.format(
              name=cluster_name,
              num_nodes=cluster_node_count if cluster_node_count else '?'),
          cancel_on_no=True)
      try:
        op_ref = adapter.StartIpRotation(
            cluster_ref, rotate_credentials=rotate_credentials)
      except apitools_exceptions.HttpError as error:
        raise exceptions.HttpException(error, util.HTTP_ERROR_FORMAT)
    elif args.complete_ip_rotation or args.complete_credential_rotation:
      if args.complete_ip_rotation:
        msg_tmpl = """This will complete the in-progress IP Rotation on \
cluster [{name}]. The master will be updated to stop serving on the old IP \
address and only serve on the new IP address. Make sure all API clients have \
been updated to communicate with the new IP address (e.g. by running `gcloud \
container clusters get-credentials --project {project} --zone {zone} {name}`). \
This operation is long-running and will block other operations on the cluster \
(including delete) until it has run to completion."""
      elif args.complete_credential_rotation:
        msg_tmpl = """This will complete the in-progress Credential Rotation on\
 cluster [{name}]. The master will be updated to stop serving on the old IP \
address and only serve on the new IP address. Old cluster credentials will be \
invalidated. Make sure all API clients have been updated to communicate with \
the new IP address (e.g. by running `gcloud container clusters get-credentials \
--project {project} --zone {zone} {name}`). This operation is long-running and \
will block other operations on the cluster (including delete) until it has run \
to completion."""
      console_io.PromptContinue(
          message=msg_tmpl.format(
              name=cluster_name,
              project=cluster_ref.projectId,
              zone=cluster_zone),
          cancel_on_no=True)
      try:
        op_ref = adapter.CompleteIpRotation(cluster_ref)
      except apitools_exceptions.HttpError as error:
        raise exceptions.HttpException(error, util.HTTP_ERROR_FORMAT)
    elif args.update_labels is not None:
      try:
        op_ref = adapter.UpdateLabels(cluster_ref, args.update_labels)
      except apitools_exceptions.HttpError as error:
        raise exceptions.HttpException(error, util.HTTP_ERROR_FORMAT)
    elif args.remove_labels is not None:
      try:
        op_ref = adapter.RemoveLabels(cluster_ref, args.remove_labels)
      except apitools_exceptions.HttpError as error:
        raise exceptions.HttpException(error, util.HTTP_ERROR_FORMAT)
    elif args.logging_service is not None and args.monitoring_service is None:
      try:
        op_ref = adapter.SetLoggingService(cluster_ref, args.logging_service)
      except apitools_exceptions.HttpError as error:
        raise exceptions.HttpException(error, util.HTTP_ERROR_FORMAT)
    elif args.maintenance_window is not None:
      try:
        op_ref = adapter.SetMaintenanceWindow(cluster_ref,
                                              args.maintenance_window)
      except apitools_exceptions.HttpError as error:
        raise exceptions.HttpException(error, util.HTTP_ERROR_FORMAT)
    else:
      if args.enable_legacy_authorization is not None:
        op_ref = adapter.SetLegacyAuthorization(
            cluster_ref, args.enable_legacy_authorization)
      else:
        options = self.ParseUpdateOptions(args, locations)
        op_ref = adapter.UpdateCluster(cluster_ref, options)

    if not args.async:
      adapter.WaitForOperation(op_ref,
                               'Updating {0}'.format(cluster_ref.clusterId),
                               timeout_s=1800)

      log.UpdatedResource(cluster_ref)
      cluster_url = util.GenerateClusterUrl(cluster_ref)
      log.status.Print('To inspect the contents of your cluster, go to: ' +
                       cluster_url)

      if (args.start_ip_rotation or args.complete_ip_rotation or
          args.start_credential_rotation or args.complete_credential_rotation):
        cluster = adapter.GetCluster(cluster_ref)
        try:
          util.ClusterConfig.Persist(cluster, cluster_ref.projectId)
        except kconfig.MissingEnvVarError as error:
          log.warning(error)
Example #6
0
def ParseCreateOptionsBase(args):
  """Parses the flags provided with the cluster creation command."""
  if args.IsSpecified('addons') and api_adapter.DASHBOARD in args.addons:
    log.warning(
        'The `KubernetesDashboard` addon is deprecated, and will be removed as '
        'an option for new clusters starting in 1.15. It is recommended to use '
        'the Cloud Console to manage and monitor your Kubernetes clusters, '
        'workloads and applications. See: '
        'https://cloud.google.com/kubernetes-engine/docs/concepts/dashboards')

  flags.MungeBasicAuthFlags(args)

  if args.IsSpecified('issue_client_certificate') and not (
      args.IsSpecified('enable_basic_auth') or args.IsSpecified('username')):
    log.warning('If `--issue-client-certificate` is specified but '
                '`--enable-basic-auth` or `--username` is not, our API will '
                'treat that as `--no-enable-basic-auth`.')

  flags.WarnForUnspecifiedIpAllocationPolicy(args)
  enable_autorepair = cmd_util.GetAutoRepair(args)
  flags.WarnForNodeModification(args, enable_autorepair)
  metadata = metadata_utils.ConstructMetadataDict(args.metadata,
                                                  args.metadata_from_file)

  return api_adapter.CreateClusterOptions(
      accelerators=args.accelerator,
      additional_zones=args.additional_zones,
      addons=args.addons,
      cluster_ipv4_cidr=args.cluster_ipv4_cidr,
      cluster_secondary_range_name=args.cluster_secondary_range_name,
      cluster_version=args.cluster_version,
      node_version=args.node_version,
      create_subnetwork=args.create_subnetwork,
      disk_type=args.disk_type,
      enable_autorepair=enable_autorepair,
      enable_autoscaling=args.enable_autoscaling,
      enable_autoupgrade=cmd_util.GetAutoUpgrade(args),
      enable_binauthz=args.enable_binauthz,
      enable_stackdriver_kubernetes=args.enable_stackdriver_kubernetes if args.IsSpecified('enable_stackdriver_kubernetes') else None,
      enable_cloud_logging=args.enable_cloud_logging if args.IsSpecified('enable_cloud_logging') else None,
      enable_cloud_monitoring=args.enable_cloud_monitoring if args.IsSpecified('enable_cloud_monitoring') else None,
      enable_ip_alias=args.enable_ip_alias,
      enable_intra_node_visibility=args.enable_intra_node_visibility,
      enable_kubernetes_alpha=args.enable_kubernetes_alpha,
      enable_cloud_run_alpha=args.enable_cloud_run_alpha if args.IsSpecified('enable_cloud_run_alpha') else None,
      enable_legacy_authorization=args.enable_legacy_authorization,
      enable_master_authorized_networks=args.enable_master_authorized_networks,
      enable_network_policy=args.enable_network_policy,
      enable_private_nodes=args.enable_private_nodes,
      enable_private_endpoint=args.enable_private_endpoint,
      image_type=args.image_type,
      image=args.image,
      image_project=args.image_project,
      image_family=args.image_family,
      issue_client_certificate=args.issue_client_certificate,
      labels=args.labels,
      local_ssd_count=args.local_ssd_count,
      maintenance_window=args.maintenance_window,
      maintenance_window_start=args.maintenance_window_start,
      maintenance_window_end=args.maintenance_window_end,
      maintenance_window_recurrence=args.maintenance_window_recurrence,
      master_authorized_networks=args.master_authorized_networks,
      master_ipv4_cidr=args.master_ipv4_cidr,
      max_nodes=args.max_nodes,
      max_nodes_per_pool=args.max_nodes_per_pool,
      min_cpu_platform=args.min_cpu_platform,
      min_nodes=args.min_nodes,
      network=args.network,
      node_disk_size_gb=utils.BytesToGb(args.disk_size),
      node_labels=args.node_labels,
      node_locations=args.node_locations,
      node_machine_type=args.machine_type,
      node_taints=args.node_taints,
      num_nodes=args.num_nodes,
      password=args.password,
      preemptible=args.preemptible,
      scopes=args.scopes,
      service_account=args.service_account,
      services_ipv4_cidr=args.services_ipv4_cidr,
      services_secondary_range_name=args.services_secondary_range_name,
      subnetwork=args.subnetwork,
      tags=args.tags,
      user=args.username,
      metadata=metadata,
      default_max_pods_per_node=args.default_max_pods_per_node,
      max_pods_per_node=args.max_pods_per_node,
      enable_tpu=args.enable_tpu,
      tpu_ipv4_cidr=args.tpu_ipv4_cidr,
      resource_usage_bigquery_dataset=args.resource_usage_bigquery_dataset,
      enable_network_egress_metering=args.enable_network_egress_metering,
      enable_resource_consumption_metering=\
          args.enable_resource_consumption_metering,
      database_encryption_key=args.database_encryption_key,
      enable_vertical_pod_autoscaling=args.enable_vertical_pod_autoscaling,
      enable_autoprovisioning=args.enable_autoprovisioning,
      autoprovisioning_config_file=args.autoprovisioning_config_file,
      autoprovisioning_service_account=args.autoprovisioning_service_account,
      autoprovisioning_scopes=args.autoprovisioning_scopes,
      autoprovisioning_locations=args.autoprovisioning_locations,
      autoprovisioning_max_surge_upgrade=getattr(args, 'autoprovisioning_max_surge_upgrade', None),
      autoprovisioning_max_unavailable_upgrade=getattr(args, 'autoprovisioning_max_unavailable_upgrade', None),
      enable_autoprovisioning_autorepair=getattr(args, 'enable_autoprovisioning_autorepair', None),
      enable_autoprovisioning_autoupgrade=getattr(args, 'enable_autoprovisioning_autoupgrade', None),
      min_cpu=args.min_cpu,
      max_cpu=args.max_cpu,
      min_memory=args.min_memory,
      max_memory=args.max_memory,
      min_accelerator=args.min_accelerator,
      max_accelerator=args.max_accelerator,
      shielded_secure_boot=args.shielded_secure_boot,
      shielded_integrity_monitoring=args.shielded_integrity_monitoring,
      reservation_affinity=getattr(args, 'reservation_affinity', None),
      reservation=getattr(args, 'reservation', None),)
Example #7
0
def ParseCreateOptionsBase(args):
    """Parses the flags provided with the cluster creation command."""
    if not (args.IsSpecified('enable_basic_auth')
            or args.IsSpecified('username')):
        log.warning('Starting in 1.12, new clusters will have basic '
                    'authentication disabled by default. Basic authentication '
                    'can be enabled (or disabled) manually using the '
                    '`--[no-]enable-basic-auth` flag.')
    if not args.IsSpecified('issue_client_certificate'):
        log.warning(
            'Starting in 1.12, new clusters will not have a client '
            'certificate issued. You can manually enable (or disable) the '
            'issuance of the client certificate using the '
            '`--[no-]issue-client-certificate` flag.')
    if args.IsSpecified('addons') and api_adapter.DASHBOARD in args.addons:
        log.warning(
            'The `KubernetesDashboard` addon is deprecated, and will be removed as '
            'an option for new clusters starting in 1.15. It is recommended to use '
            'the Cloud Console to manage and monitor your Kubernetes clusters, '
            'workloads and applications. See: '
            'https://cloud.google.com/kubernetes-engine/docs/concepts/dashboards'
        )

    flags.MungeBasicAuthFlags(args)

    if args.IsSpecified('issue_client_certificate') and not (
            args.IsSpecified('enable_basic_auth')
            or args.IsSpecified('username')):
        log.warning(
            'If `--issue-client-certificate` is specified but '
            '`--enable-basic-auth` or `--username` is not, our API will '
            'treat that as `--no-enable-basic-auth`.')

    flags.WarnForUnspecifiedIpAllocationPolicy(args)
    enable_autorepair = cmd_util.GetAutoRepair(args)
    flags.WarnForNodeModification(args, enable_autorepair)
    metadata = metadata_utils.ConstructMetadataDict(args.metadata,
                                                    args.metadata_from_file)
    return api_adapter.CreateClusterOptions(
        accelerators=args.accelerator,
        additional_zones=args.additional_zones,
        addons=args.addons,
        cluster_ipv4_cidr=args.cluster_ipv4_cidr,
        cluster_secondary_range_name=args.cluster_secondary_range_name,
        cluster_version=args.cluster_version,
        node_version=args.node_version,
        create_subnetwork=args.create_subnetwork,
        disk_type=args.disk_type,
        enable_autorepair=enable_autorepair,
        enable_autoscaling=args.enable_autoscaling,
        enable_autoupgrade=cmd_util.GetAutoUpgrade(args),
        enable_stackdriver_kubernetes=args.enable_stackdriver_kubernetes,
        enable_cloud_logging=args.enable_cloud_logging,
        enable_cloud_monitoring=args.enable_cloud_monitoring,
        enable_ip_alias=args.enable_ip_alias,
        enable_kubernetes_alpha=args.enable_kubernetes_alpha,
        enable_legacy_authorization=args.enable_legacy_authorization,
        enable_master_authorized_networks=args.enable_master_authorized_networks,
        enable_network_policy=args.enable_network_policy,
        enable_private_nodes=args.enable_private_nodes,
        enable_private_endpoint=args.enable_private_endpoint,
        image_type=args.image_type,
        image=args.image,
        image_project=args.image_project,
        image_family=args.image_family,
        issue_client_certificate=args.issue_client_certificate,
        labels=args.labels,
        local_ssd_count=args.local_ssd_count,
        maintenance_window=args.maintenance_window,
        master_authorized_networks=args.master_authorized_networks,
        master_ipv4_cidr=args.master_ipv4_cidr,
        max_nodes=args.max_nodes,
        max_nodes_per_pool=args.max_nodes_per_pool,
        min_cpu_platform=args.min_cpu_platform,
        min_nodes=args.min_nodes,
        network=args.network,
        node_disk_size_gb=utils.BytesToGb(args.disk_size),
        node_labels=args.node_labels,
        node_locations=args.node_locations,
        node_machine_type=args.machine_type,
        node_taints=args.node_taints,
        num_nodes=args.num_nodes,
        password=args.password,
        preemptible=args.preemptible,
        scopes=args.scopes,
        service_account=args.service_account,
        services_ipv4_cidr=args.services_ipv4_cidr,
        services_secondary_range_name=args.services_secondary_range_name,
        subnetwork=args.subnetwork,
        tags=args.tags,
        user=args.username,
        metadata=metadata,
        default_max_pods_per_node=args.default_max_pods_per_node,
        max_pods_per_node=args.max_pods_per_node,
        enable_tpu=args.enable_tpu,
        tpu_ipv4_cidr=args.tpu_ipv4_cidr,
        resource_usage_bigquery_dataset=args.resource_usage_bigquery_dataset,
        enable_network_egress_metering=args.enable_network_egress_metering,
        enable_resource_consumption_metering=\
            args.enable_resource_consumption_metering)