chore: remove deprecated AKS code paths

cmd/deploy.go

@@ -193,6 +193,10 @@ func (dc *deployCmd) loadAPIModel() error {
 		return errors.Wrap(err, "error parsing the api model")
 	}
 
+	if dc.containerService.Properties.MasterProfile == nil {
+		return errors.New("MasterProfile can't be nil")
+	}
+
 	// consume dc.caCertificatePath and dc.caPrivateKeyPath
 	if (dc.caCertificatePath != "" && dc.caPrivateKeyPath == "") || (dc.caCertificatePath == "" && dc.caPrivateKeyPath != "") {
 		return errors.New("--ca-certificate-path and --ca-private-key-path must be specified together")
@@ -255,7 +259,6 @@ func (dc *deployCmd) loadAPIModel() error {
 }
 
 func autofillApimodel(dc *deployCmd) error {
-
 	if dc.containerService.Properties.LinuxProfile != nil {
 		if dc.containerService.Properties.LinuxProfile.AdminUsername == "" {
 			log.Warnf("apimodel: no linuxProfile.adminUsername was specified. Will use 'azureuser'.")
@@ -280,11 +283,7 @@ func autofillApimodel(dc *deployCmd) error {
 	}
 
 	if dc.outputDirectory == "" {
-		if dc.containerService.Properties.MasterProfile != nil {
-			dc.outputDirectory = path.Join("_output", dc.containerService.Properties.MasterProfile.DNSPrefix)
-		} else {
-			dc.outputDirectory = path.Join("_output", dc.containerService.Properties.HostedMasterProfile.DNSPrefix)
-		}
+		dc.outputDirectory = path.Join("_output", dc.containerService.Properties.MasterProfile.DNSPrefix)
 	}
 
 	if _, err := os.Stat(dc.outputDirectory); !dc.forceOverwrite && err == nil {

cmd/deploy_test.go

@@ -669,6 +669,31 @@ func TestDeployCmdRun(t *testing.T) {
 	}
 }
 
+func TestDeployCmdWithoutMasterProfile(t *testing.T) {
+	t.Parallel()
+
+	outdir, del := makeTmpDir(t)
+	defer del()
+
+	d := &deployCmd{
+		client: &armhelpers.MockAKSEngineClient{},
+		authProvider: &mockAuthProvider{
+			authArgs:      &authArgs{},
+			getClientMock: &armhelpers.MockAKSEngineClient{},
+		},
+		apimodelPath:    "../pkg/engine/testdata/simple/kubernetes.json",
+		outputDirectory: outdir,
+		forceOverwrite:  true,
+		location:        "westus",
+	}
+	d.set = []string{"masterProfile=nil"}
+
+	err := d.loadAPIModel()
+	if err == nil {
+		t.Fatalf("expected error loading api model without MasterProfile: %s", err.Error())
+	}
+}
+
 func TestLoadApiModelOnCustomCloud(t *testing.T) {
 	t.Parallel()
 

cmd/generate.go

@@ -154,12 +154,12 @@ func (gc *generateCmd) loadAPIModel() error {
 		return errors.Wrap(err, "error parsing the api model")
 	}
 
+	if gc.containerService.Properties.MasterProfile == nil {
+		return errors.New("MasterProfile can't be nil")
+	}
+
 	if gc.outputDirectory == "" {
-		if gc.containerService.Properties.MasterProfile != nil {
-			gc.outputDirectory = path.Join("_output", gc.containerService.Properties.MasterProfile.DNSPrefix)
-		} else {
-			gc.outputDirectory = path.Join("_output", gc.containerService.Properties.HostedMasterProfile.DNSPrefix)
-		}
+		gc.outputDirectory = path.Join("_output", gc.containerService.Properties.MasterProfile.DNSPrefix)
 	}
 
 	// consume gc.caCertificatePath and gc.caPrivateKeyPath

cmd/generate_test.go

@@ -173,6 +173,27 @@ func TestGenerateCmdMLoadAPIModel(t *testing.T) {
 	}
 }
 
+func TestGenerateCmdMLoadAPIModelWithoutMasterProfile(t *testing.T) {
+	g := &generateCmd{}
+	r := &cobra.Command{}
+
+	g.apimodelPath = "../pkg/engine/testdata/simple/kubernetes.json"
+	g.set = []string{"masterProfile=nil"}
+
+	err := g.validate(r, []string{"../pkg/engine/testdata/simple/kubernetes.json"})
+	if err != nil {
+		t.Fatalf("unexpected error validating api model: %s", err.Error())
+	}
+	err = g.mergeAPIModel()
+	if err != nil {
+		t.Fatalf("unexpected error merging api model: %s", err.Error())
+	}
+	err = g.loadAPIModel()
+	if err == nil {
+		t.Fatalf("expected error loading api model without MasterProfile: %s", err.Error())
+	}
+}
+
 func TestAPIModelWithoutServicePrincipalProfileAndClientIdAndSecretInGenerateCmd(t *testing.T) {
 	t.Parallel()
 

cmd/rotate_certs.go

@@ -136,7 +136,7 @@ func (rcc *rotateCertsCmd) run(cmd *cobra.Command, args []string) error {
 		if rcc.containerService.Properties.MasterProfile != nil {
 			rcc.outputDirectory = path.Join("_output", rcc.containerService.Properties.MasterProfile.DNSPrefix)
 		} else {
-			rcc.outputDirectory = path.Join("_output", rcc.containerService.Properties.HostedMasterProfile.DNSPrefix)
+			return errors.New("can't determine output directory from nil MasterProfile")
 		}
 	}
 

docs/topics/architecture.md

@@ -100,48 +100,7 @@ Once the input is validated, the template generator is invoked which will conver
         {{end}}
       {{end}}
     {{end}}
-    {{if not IsHostedMaster}}
       ,{{template "k8s/kubernetesmasterresources.t" .}}
-    {{else}}
-      {{if not IsCustomVNET}}
-      ,{
-        "apiVersion": "[variables('apiVersionDefault')]",
-        "dependsOn": [
-          "[concat('Microsoft.Network/networkSecurityGroups/', variables('nsgName'))]"
-      {{if not IsAzureCNI}}
-          ,
-          "[concat('Microsoft.Network/routeTables/', variables('routeTableName'))]"
-      {{end}}
-        ],
-        "location": "[variables('location')]",
-        "name": "[variables('virtualNetworkName')]",
-        "properties": {
-          "addressSpace": {
-            "addressPrefixes": [
-              "[parameters('vnetCidr')]"
-            ]
-          },
-          "subnets": [
-            {
-              "name": "[variables('subnetName')]",
-              "properties": {
-                "addressPrefix": "[parameters('masterSubnet')]",
-                "networkSecurityGroup": {
-                  "id": "[variables('nsgID')]"
-                }
-      {{if not IsAzureCNI}}
-                ,
-                "routeTable": {
-                  "id": "[variables('routeTableID')]"
-                }
-      {{end}}
-              }
-            }
-          ]
-        },
-        "type": "Microsoft.Network/virtualNetworks"
-      }
-    {{end}}
     {{if not IsAzureCNI}}
     ,{
       "apiVersion": "[variables('apiVersionDefault')]",
@@ -209,9 +168,7 @@ Once the input is validated, the template generator is invoked which will conver
   "outputs": {
     {{range .AgentPoolProfiles}}{{template "agentoutputs.t" .}}
     {{end}}
-    {{if not IsHostedMaster}}
-      {{template "masteroutputs.t" .}} ,
-    {{end}}
+    {{template "masteroutputs.t" .}} ,
     {{template "iaasoutputs.t" .}}
 
   }

parts/k8s/cloud-init/artifacts/cse_config.sh

@@ -110,9 +110,6 @@ configureEtcd() {
 ensureNTP() {
   systemctlEnableAndStart ntp || exit {{GetCSEErrorCode "ERR_SYSTEMCTL_START_FAIL"}}
 }
-configPrivateClusterHosts() {
-  systemctlEnableAndStart reconcile-private-hosts || exit {{GetCSEErrorCode "ERR_SYSTEMCTL_START_FAIL"}}
-}
 
 ensureRPC() {
   systemctlEnableAndStart rpcbind || exit {{GetCSEErrorCode "ERR_SYSTEMCTL_START_FAIL"}}
@@ -663,11 +660,9 @@ cleanUpContainerImages() {
   docker rmi $(docker images --format '{{OpenBraces}}.Repository{{CloseBraces}}:{{OpenBraces}}.Tag{{CloseBraces}}' | grep -vE "${KUBERNETES_VERSION}$|${KUBERNETES_VERSION}-|${KUBERNETES_VERSION}_" | grep 'hyperkube') &
   docker rmi $(docker images --format '{{OpenBraces}}.Repository{{CloseBraces}}:{{OpenBraces}}.Tag{{CloseBraces}}' | grep -vE "${KUBERNETES_VERSION}$|${KUBERNETES_VERSION}-|${KUBERNETES_VERSION}_" | grep 'cloud-controller-manager') &
   docker rmi $(docker images --format '{{OpenBraces}}.Repository{{CloseBraces}}:{{OpenBraces}}.Tag{{CloseBraces}}' | grep -vE "${ETCD_VERSION}$|${ETCD_VERSION}-|${ETCD_VERSION}_" | grep 'etcd') &
-  if [ "$IS_HOSTED_MASTER" = "false" ]; then
-    docker rmi $(docker images --format '{{OpenBraces}}.Repository{{CloseBraces}}:{{OpenBraces}}.Tag{{CloseBraces}}' | grep 'hcp-tunnel-front') &
-    docker rmi $(docker images --format '{{OpenBraces}}.Repository{{CloseBraces}}:{{OpenBraces}}.Tag{{CloseBraces}}' | grep 'kube-svc-redirect') &
-    docker rmi $(docker images --format '{{OpenBraces}}.Repository{{CloseBraces}}:{{OpenBraces}}.Tag{{CloseBraces}}' | grep 'nginx') &
-  fi
+  docker rmi $(docker images --format '{{OpenBraces}}.Repository{{CloseBraces}}:{{OpenBraces}}.Tag{{CloseBraces}}' | grep 'hcp-tunnel-front') &
+  docker rmi $(docker images --format '{{OpenBraces}}.Repository{{CloseBraces}}:{{OpenBraces}}.Tag{{CloseBraces}}' | grep 'kube-svc-redirect') &
+  docker rmi $(docker images --format '{{OpenBraces}}.Repository{{CloseBraces}}:{{OpenBraces}}.Tag{{CloseBraces}}' | grep 'nginx') &
 
   docker rmi registry:2.7.1 &
 }

parts/k8s/cloud-init/artifacts/cse_main.sh

@@ -205,10 +205,6 @@ fi
 time_metric "EnsureContainerd" ensureContainerd
 {{end}}
 
-{{- if and IsHostedMaster EnableHostsConfigAgent}}
-time_metric "ConfigPrivateClusterHosts" configPrivateClusterHosts
-{{end}}
-
 {{/* configure and enable dhcpv6 for ipv6 features */}}
 {{- if IsIPv6Enabled}}
 time_metric "EnsureDHCPv6" ensureDHCPv6
@@ -266,34 +262,6 @@ if [[ $OS == $UBUNTU_OS_NAME ]]; then
 fi
 {{end}}
 
-VALIDATION_ERR=0
-
-{{- if IsHostedMaster }}
-API_SERVER_DNS_RETRIES=20
-if [[ $API_SERVER_NAME == *.privatelink.* ]]; then
-  API_SERVER_DNS_RETRIES=200
-fi
-RES=$(retrycmd ${API_SERVER_DNS_RETRIES} 1 3 nslookup ${API_SERVER_NAME})
-STS=$?
-if [[ $STS != 0 ]]; then
-    if [[ $RES == *"168.63.129.16"*  ]]; then
-        VALIDATION_ERR={{GetCSEErrorCode "ERR_K8S_API_SERVER_AZURE_DNS_LOOKUP_FAIL"}}
-    else
-        VALIDATION_ERR={{GetCSEErrorCode "ERR_K8S_API_SERVER_DNS_LOOKUP_FAIL"}}
-    fi
-else
-    API_SERVER_CONN_RETRIES=50
-    if [[ $API_SERVER_NAME == *.privatelink.* ]]; then
-        API_SERVER_CONN_RETRIES=100
-    fi
-    retrycmd ${API_SERVER_CONN_RETRIES} 1 3 nc -vz ${API_SERVER_NAME} 443 &&
-    retrycmd ${API_SERVER_CONN_RETRIES} 1 3 nc -vz ${API_SERVER_NAME} 9000 &&
-    retrycmd ${API_SERVER_CONN_RETRIES} 1 3 nc -uvz ${API_SERVER_NAME} 1194 ||
-    VALIDATION_ERR={{GetCSEErrorCode "ERR_K8S_API_SERVER_CONN_FAIL"}}
-fi
-
-{{end}}
-
 if [ -f /var/run/reboot-required ]; then
   trace_info "RebootRequired" "reboot=true"
   /bin/bash -c "shutdown -r 1 &"
@@ -312,6 +280,6 @@ echo $(date),$(hostname), endcustomscript >>/opt/m
 mkdir -p /opt/azure/containers && touch /opt/azure/containers/provision.complete
 ps auxfww >/opt/azure/provision-ps.log &
 
-exit $VALIDATION_ERR
+exit 0
 
 #EOF

parts/k8s/cloud-init/nodecustomdata.yml

@@ -317,71 +317,6 @@ write_files:
     {{CloudInitData "customSearchDomainsScript"}}
 {{end}}
 
-{{if and IsHostedMaster EnableHostsConfigAgent}}
-- path: /opt/azure/containers/reconcilePrivateHosts.sh
-  permissions: "0744"
-  owner: root
-  content: |
-    #!/usr/bin/env bash
-    set -o nounset
-    set -o pipefail
-
-    SLEEP_SECONDS=15
-    clusterFQDN={{WrapAsVariable "kubernetesAPIServerIP"}}
-    if [[ $clusterFQDN != *.privatelink.* ]]; then
-      echo "skip reconcile hosts for $clusterFQDN since it's not AKS private cluster"
-      exit 0
-    fi
-    echo "clusterFQDN: $clusterFQDN"
-
-    function get-apiserver-ip-from-tags() {
-      tags=$(curl -sSL -H "Metadata: true" "http://169.254.169.254/metadata/instance/compute/tags?api-version=2019-03-11&format=text")
-      if [ "$?" == "0" ]; then
-        IFS=";" read -ra tagList <<< "$tags"
-        for i in "${tagList[@]}"; do
-          tagKey=$(cut -d":" -f1 <<<$i)
-          tagValue=$(cut -d":" -f2 <<<$i)
-          if [ "$tagKey" == "aksAPIServerIPAddress" ]; then
-            echo -n "$tagValue"
-            return
-          fi
-        done
-      fi
-
-      echo -n ""
-    }
-
-    while true; do
-      clusterIP=$(get-apiserver-ip-from-tags)
-      if [ -z $clusterIP ]; then
-        sleep "${SLEEP_SECONDS}"
-        continue
-      fi
-
-      if grep "$clusterIP $clusterFQDN" /etc/hosts; then
-        echo "$clusterFQDN has already been set to $clusterIP"
-      else
-        sudo sed -i "/$clusterFQDN/d" /etc/hosts
-        sudo sed -i "\$a$clusterIP $clusterFQDN" /etc/hosts
-        echo "Updated $clusterFQDN to $clusterIP"
-      fi
-      sleep "${SLEEP_SECONDS}"
-    done
-
-- path: /etc/systemd/system/reconcile-private-hosts.service
-  permissions: "0644"
-  owner: root
-  content: |
-    [Unit]
-    Description=Reconcile /etc/hosts file for private cluster
-    [Service]
-    Type=simple
-    Restart=on-failure
-    ExecStart=/bin/bash /opt/azure/containers/reconcilePrivateHosts.sh
-    [Install]
-    WantedBy=multi-user.target
-{{end}}
-
 - path: /var/lib/kubelet/kubeconfig
   permissions: "0644"
   owner: root

parts/k8s/kubernetesparams.t

@@ -1,11 +1,3 @@
-{{if IsHostedMaster}}
-    "kubernetesEndpoint": {
-      "metadata": {
-        "description": "The Kubernetes API endpoint https://<kubernetesEndpoint>:443"
-      },
-      "type": "string"
-    },
-{{else}}
     "etcdServerCertificate": {
       "metadata": {
         "description": "The base 64 server certificate used on the master"
@@ -94,7 +86,6 @@
         },
       {{end}}
     {{end}}
-{{end}}
     "apiServerCertificate": {
       "metadata": {
         "description": "The base 64 server certificate used on the master"
@@ -375,19 +366,6 @@
       },
       "type": "securestring"
     },
-{{ else if and UseManagedIdentity IsHostedMaster}}
-    "servicePrincipalClientId": {
-      "metadata": {
-        "description": "Client ID (used by cloudprovider)"
-      },
-      "type": "securestring"
-    },
-    "servicePrincipalClientSecret": {
-      "metadata": {
-        "description": "The Service Principal Client Secret."
-      },
-      "type": "securestring"
-    },
 {{ end }}
     "masterOffset": {
       "defaultValue": 0,