~$dZddlmZddlmZddlmZddlZddlmZddlm Z ddl m Z dd l mZdd l mZdd l mZdd lmZdd lmZddlmZddlmZddlmZdd lmZddlmZddlmZddlmZddlmZddl m!Z!ddl"Z"dZ#e jHe jJjLe jJjNe jPGdde jRZ*y)zCommand to register an Attached cluster with the fleet. This command performs the full end-to-end steps required to attach a cluster. )absolute_import)division)unicode_literalsN)attached) locations)base) cluster_util)flags) resource_args) kube_util) command_util) constants) endpoint_util)errors) exceptions) pretty_print) console_io)retryaD Register a cluster to a fleet. To register a cluster with a private OIDC issuer, run: $ {command} my-cluster --location=us-west1 --platform-version=PLATFORM_VERSION --fleet-project=FLEET_PROJECT_NUM --distribution=DISTRIBUTION --context=CLUSTER_CONTEXT --has-private-issuer To register a cluster with a public OIDC issuer, run: $ {command} my-cluster --location=us-west1 --platform-version=PLATFORM_VERSION --fleet-project=FLEET_PROJECT_NUM --distribution=DISTRIBUTION --context=CLUSTER_CONTEXT --issuer-url=https://ISSUER_URL To specify a kubeconfig file, run: $ {command} my-cluster --location=us-west1 --platform-version=PLATFORM_VERSION --fleet-project=FLEET_PROJECT_NUM --distribution=DISTRIBUTION --context=CLUSTER_CONTEXT --has-private-issuer --kubeconfig=KUBECONFIG_PATH To register and set cluster admin users, run: $ {command} my-cluster --location=us-west1 --platform-version=PLATFORM_VERSION --fleet-project=FLEET_PROJECT_NUM --distribution=DISTRIBUTION --context=CLUSTER_CONTEXT --issuer-url=https://ISSUER_URL --admin-users=USER1,USER2 To specify custom tolerations and labels for system component pods, run: $ {command} my-cluster --location=us-west1 --platform-version=PLATFORM_VERSION --fleet-project=FLEET_PROJECT_NUM --distribution=DISTRIBUTION --context=CLUSTER_CONTEXT --system-component-tolerations=TOLERATIONS --system-component-labels=LABELS where TOLERATIONS have the format: key=value:Effect:NoSchedule (examples: key1=value1:Equal:NoSchedule,key2:Exists:PreferNoSchedule, :Exists:NoExecute) and LABELS have the format: key=value (examples: key1=value1,key2="") cFeZdZdZdeiZedZdZdZ dZ dZ dZ y ) RegisterzRegister an Attached cluster.EXAMPLESctj|dtj|tj|tj |dtj |tj|tj|tj|tj|tj|tj|tj|dtj|tj |tj"|dtj$|ddtj&|tj(|tj*|tj,||j.j1t2j4y)z!Registers flags for this command.z to registerT)requiredzcluster to createN)r AddAttachedClusterResourceArgattached_flagsAddPlatformVersionAddRegisterOidcConfigAddDistribution AddAdminUsers AddKubectlAddProxyConfigAddSkipClusterAdminCheckAddSystemComponentTolerationsAddSystemComponentLabelsr AddAnnotationsAddValidateOnlyAddFleetProjectAddDescription AddLoggingAddMonitoringConfigAddBinauthzEvaluationModeAddAdminGroups AddWorkloadVulnerabilityScanningAddTagBindings display_info AddFormatrATTACHED_CLUSTERS_FORMAT)parsers 3lib/surface/container/attached/clusters/register.pyArgsz Register.ArgsRsC// F%%f-((0""6D9  (f%!!&)++F3008++F3   &"56 &!   VT" fdD1 ##F+   **62   !!)"D"DEc btj|j}tj|r-tj |dk(rt jdtj|tj|5tj|}|j||}tjtj|tj|d5}tj |s|j#tj|rCt%j&d|j)|\}}t+|d|t+|d| t-j.|s{t%j&d|j1|t3j4t6j8 }|j;t<j>|ft6j@ |jC||} |jG|||ddd cdddS#t2jD$r^} |jG|||| jHd r6tKjL| jHd d | jHd d d} ~ wtNjP$rGd jS|tjT||jV} t%j&| |jG|||xYw#1swYxYw#1swYyxYw)NekszEDistributions of type "eks" cannot use the `has-private-issuer` flag.T) kubeconfigcontextenable_workload_identityz!Fetching cluster OIDC information issuer_url oidc_jwksz!Creating in-cluster install agent) max_retrials)argssleep_mszTo manually clean up the in-cluster install agent, run: $ gcloud container attached clusters generate-install-manifest --location={} --platform-version={} --format="value(manifest)" {} | kubectl delete -f - AFTER the attach operation completes. ),r ParseAttachedClusterResourceArg locationsIdrGetHasPrivateIssuerGetDistributionrun_exceptions ArgumentErrorGetSystemComponentTolerationsrGkemulticloudEndpointOverride _get_manifestr KubernetesClient GetKubeconfig GetContextGetSkipClusterAdminCheckCheckClusterAdminPermissionsrInfo_get_authoritysetattrr GetValidateOnlyApplyrRetryerr%ATTACHED_INSTALL_AGENT_VERIFY_RETRIESRetryOnExceptionr verify_install_agent_deployed%ATTACHED_INSTALL_AGENT_VERIFY_WAIT_MS_create_attached_clusterRetryException_remove_manifest last_resultrreraiserOperationCancelledErrorformatGetPlatformVersionattachedClustersId) selfr>location cluster_refmanifest kube_clientr;jwksretryer create_respemsgs r3Runz Register.Runns<!AA$Gk##D+6h  % %#11$7 ++D1#'  66t<  2 2 4  - -d 3   ? @!00= *d $ j 1 $ T *& &&t,   A B   h 'mm&LLG  $ $::!^"HH %  55dKH+6 dK:m py ? >@##    k8 < ]]1    q}}Q/2AMM!4DQ4G H 11   F//5,,    C     k8 < i   ? >sM A&L%2A>L1B"H9L& L%9L AJ%%A1LLL" L%%L.chtj}|j||}|jS)N)r>)loc_utilLocationsClientGenerateInstallManifestrf)rcr>relocation_clientresps r3rJzRegister._get_manifests/..0O  2 2;T 2 JD ==r5c|tj|s'tjd|j |yy)Nz!Deleting in-cluster install agent)r rSrrPDelete)rcr>rgrfs r3r\zRegister._remove_manifests2   &;<" 'r5ctj|jd}tj|j d}|st j||j}||fS)Nzutf-8)encodingissuer) six ensure_strGetOpenIDConfigurationjsonloadsgetrMissingOIDCIssuerURLGetOpenIDKeyset)rcrgopenid_config_jsonr;rhs r3rQzRegister._get_authoritysi**,w./33H=J   ' '(: ;;  & & (D t r5ctj}tj|jdt j }tj||||t jS)NCreating)actionkind) resource_refresource_clientr>messager) api_utilClustersClientr ClusterMessagerbrATTACHEDCreateATTACHED_CLUSTER_KIND)rcr>recluster_clientrs r3rZz!Register._create_attached_clusters_,,.N))&&   G    &   , ,  r5N) __name__ __module__ __qualname____doc__ _EXAMPLES detailed_help staticmethodr4rmrJr\rQrZr5r3rrKs@&y)-FF6HT #  r5r)+r __future__rrrr|.googlecloudsdk.api_lib.container.gkemulticloudrrrrogooglecloudsdk.callioper-googlecloudsdk.command_lib.container.attachedr r rr *googlecloudsdk.command_lib.container.fleetr 2googlecloudsdk.command_lib.container.gkemulticloudr rrrgooglecloudsdk.command_lib.runrrFrgooglecloudsdk.coregooglecloudsdk.core.consolergooglecloudsdk.core.utilrryr ReleaseTracks ReleaseTrackALPHAGADefaultUniverseOnly CreateCommandrrr5r3rs'' OP(FQG@KHLEDG7*2*   <D%%++T->->-A-ABLt!!LCLr5