Remove nodeSelector support for egress gateway for az aks mesh comm…

…and. (#7438)
Azure · Apr 8, 2024 · fb4789b · fb4789b
1 parent 5ba9895
commit fb4789b
Show file tree

Hide file tree

Showing 11 changed files with 634 additions and 2,255 deletions.
diff --git a/src/aks-preview/HISTORY.rst b/src/aks-preview/HISTORY.rst
@@ -12,6 +12,10 @@ To release a new version, please select a new version number (usually plus 1 to
 Pending
 +++++++
 
+3.0.0b1
++++++++
+* [BREAKING CHANGE] Remove support for nodeSelector for egress gateway for `az aks mesh` command.
+
 2.0.0b8
 +++++++
 * Add `az aks check-network outbound` command to check outbound network from nodes.

diff --git a/src/aks-preview/azcli_aks_live_test/configs/ext_matrix_default.json b/src/aks-preview/azcli_aks_live_test/configs/ext_matrix_default.json
@@ -43,9 +43,6 @@
             "test_aks_nodepool_add_with_artifact_streaming",
             "test_aks_nodepool_update_with_artifact_streaming"
         ],
-        "service mesh, missing feature registration for new resource type": [
-            "test_aks_azure_service_mesh_get_revisions"
-        ],
         "ai toolchain operator, enabled in staging only": [
             "test_aks_create_with_enable_ai_toolchain_operator",
             "test_aks_update_with_enable_ai_toolchain_operator"

diff --git a/src/aks-preview/azext_aks_preview/_help.py b/src/aks-preview/azext_aks_preview/_help.py
@@ -2910,13 +2910,9 @@
     type: command
     short-summary: Enable an Azure Service Mesh egress gateway.
     long-summary: This command enables an Azure Service Mesh egress gateway in given cluster.
-    parameters:
-      - name: --egress-gateway-nodeselector --egx-gtw-ns
-        type: string
-        short-summary: Specify the node selector for the egress gateway with space-separated, key-value pairs (key1=value1 key2=value2).
     examples:
       - name: Enable an egress gateway.
-        text: az aks mesh enable-egress-gateway --resource-group MyResourceGroup --name MyManagedCluster --egress-gateway-nodeselector istio=egress
+        text: az aks mesh enable-egress-gateway --resource-group MyResourceGroup --name MyManagedCluster
 """
 
 helps['aks mesh disable-egress-gateway'] = """

diff --git a/src/aks-preview/azext_aks_preview/_params.py b/src/aks-preview/azext_aks_preview/_params.py
@@ -135,7 +135,6 @@
     validate_defender_config_parameter,
     validate_defender_disable_and_enable_parameters,
     validate_disable_windows_outbound_nat,
-    validate_egress_gtw_nodeselector,
     validate_enable_custom_ca_trust,
     validate_eviction_policy,
     validate_grafanaresourceid,
@@ -2046,16 +2045,6 @@ def load_arguments(self, _):
             "ingress_gateway_type", arg_type=get_enum_type(ingress_gateway_types)
         )
 
-    with self.argument_context("aks mesh enable-egress-gateway") as c:
-        c.argument(
-            "egx_gtw_nodeselector",
-            nargs="*",
-            validator=validate_egress_gtw_nodeselector,
-            required=False,
-            default=None,
-            options_list=["--egress-gateway-nodeselector", "--egx-gtw-ns"],
-        )
-
     with self.argument_context("aks mesh enable") as c:
         c.argument("revision", validator=validate_azure_service_mesh_revision)
         c.argument("key_vault_id")

diff --git a/src/aks-preview/azext_aks_preview/_validators.py b/src/aks-preview/azext_aks_preview/_validators.py
@@ -361,30 +361,6 @@ def validate_node_public_ip_tags(ns):
         ns.node_public_ip_tags = tags_dict
 
 
-def validate_egress_gtw_nodeselector(namespace):
-    """Validates that provided node selector is a valid format"""
-
-    if not hasattr(namespace, 'egx_gtw_nodeselector'):
-        return
-
-    labels = namespace.egx_gtw_nodeselector
-
-    if labels is None:
-        # no specify any labels
-        namespace.egx_gtw_nodeselector = {}
-        return
-
-    if isinstance(labels, list):
-        labels_dict = {}
-        for item in labels:
-            labels_dict.update(validate_label(item))
-        after_validation_labels = labels_dict
-    else:
-        after_validation_labels = validate_label(labels)
-
-    namespace.egx_gtw_nodeselector = after_validation_labels
-
-
 def validate_nodepool_labels(namespace):
     """Validates that provided node labels is a valid format"""
 

diff --git a/src/aks-preview/azext_aks_preview/custom.py b/src/aks-preview/azext_aks_preview/custom.py
@@ -2927,15 +2927,13 @@ def aks_mesh_enable_egress_gateway(
         client,
         resource_group_name,
         name,
-        egx_gtw_nodeselector,
 ):
     return _aks_mesh_update(
         cmd,
         client,
         resource_group_name,
         name,
-        enable_egress_gateway=True,
-        egx_gtw_nodeselector=egx_gtw_nodeselector)
+        enable_egress_gateway=True)
 
 
 def aks_mesh_disable_egress_gateway(
@@ -2949,8 +2947,7 @@ def aks_mesh_disable_egress_gateway(
         client,
         resource_group_name,
         name,
-        disable_egress_gateway=True,
-        egx_gtw_nodeselector=None)
+        disable_egress_gateway=True)
 
 
 def aks_mesh_get_revisions(
@@ -3060,7 +3057,6 @@ def _aks_mesh_update(
         disable_ingress_gateway=None,
         ingress_gateway_type=None,
         enable_egress_gateway=None,
-        egx_gtw_nodeselector=None,
         disable_egress_gateway=None,
         revision=None,
         mesh_upgrade_command=None,

diff --git a/src/aks-preview/azext_aks_preview/managed_cluster_decorator.py b/src/aks-preview/azext_aks_preview/managed_cluster_decorator.py
@@ -2201,19 +2201,13 @@ def _handle_egress_gateways_asm(self, new_profile: ServiceMeshProfile) -> Tuple[
         updated = False
         enable_egress_gateway = self.raw_param.get("enable_egress_gateway", False)
         disable_egress_gateway = self.raw_param.get("disable_egress_gateway", False)
-        egx_gtw_nodeselector = self.raw_param.get("egx_gtw_nodeselector", None)
 
         # deal with egress gateways
         if enable_egress_gateway and disable_egress_gateway:
             raise MutuallyExclusiveArgumentError(
                 "Cannot both enable and disable azure service mesh egress gateway at the same time.",
             )
 
-        if not enable_egress_gateway and egx_gtw_nodeselector:
-            raise MutuallyExclusiveArgumentError(
-                "Cannot set egress gateway nodeselector without enabling an egress gateway.",
-            )
-
         if enable_egress_gateway or disable_egress_gateway:
             # if a gateway is enabled, enable the mesh
             if enable_egress_gateway:
@@ -2234,26 +2228,17 @@ def _handle_egress_gateways_asm(self, new_profile: ServiceMeshProfile) -> Tuple[
             egress_gateway_exists = False
             for egress in new_profile.istio.components.egress_gateways:
                 egress.enabled = enable_egress_gateway
-                egress.node_selector = egx_gtw_nodeselector
                 egress_gateway_exists = True
                 updated = True
                 break
 
             # egress gateway doesn't exist, append
             if not egress_gateway_exists:
-                if egx_gtw_nodeselector:
-                    new_profile.istio.components.egress_gateways.append(
-                        self.models.IstioEgressGateway(  # pylint: disable=no-member
-                            enabled=enable_egress_gateway,
-                            node_selector=egx_gtw_nodeselector,
-                        )
-                    )
-                else:
-                    new_profile.istio.components.egress_gateways.append(
-                        self.models.IstioEgressGateway(  # pylint: disable=no-member
-                            enabled=enable_egress_gateway,
-                        )
+                new_profile.istio.components.egress_gateways.append(
+                    self.models.IstioEgressGateway(  # pylint: disable=no-member
+                        enabled=enable_egress_gateway,
                     )
+                )
                 updated = True
 
         return new_profile, updated