3

I am fairly new to kubernetes - I have developed web UI/API that automates model deployment using Azure Machine Learning Services to Azure Kubernetes Services (AKS). As a hardening measure, I am tying to set up managed identity for deployed pods in AKS using this documentation. One of the step is to edit the deployment to add identity-feature label at /spec/template/metadata/labels for the deployment (see para starting like Edit the deployment to add ... in this section).

I wish to automate this step using python kubernetes client (https://github.com/kubernetes-client/python). Browsing the available API, I was wondering that perhaps patch_namespaced_deployment will allow me to edit deployment and add label at /spec/template/metadata/labels. I was looking for some example code using the python client for the same - any help to achieve above will be appreciated.

VinayC
  • 47,395
  • 5
  • 59
  • 72
  • would be creating a deployment from YAML manifest an option for you? – Anton Matsiuk May 25 '20 at 10:58
  • @AntonMatsiuk, deployment to AKS happen via Azure ML Services; so create deployment (and YAML manifest) is not in my control. Said that, approach such as get yaml and then edit it may work but that can be tedious i.e. finding insertion point and all that; hence I was looking for patch command. – VinayC May 25 '20 at 12:14
  • Is the AD auth in https://learn.microsoft.com/en-us/azure/machine-learning/how-to-deploy-azure-kubernetes-service#web-service-authentication to what you are looking for. – Ram May 26 '20 at 07:08
  • @Ram, I am not looking for web service authentication (we are using key based authentication). I am looking for ways how model code can access azure or any other resources. – VinayC May 26 '20 at 10:00
  • Are you looking for python code to see how patch can be applied to kubernetes cluster? – Atul May 26 '20 at 11:33

1 Answers1

5

Have a look at this example:

https://github.com/kubernetes-client/python/blob/master/examples/deployment_crud.py#L62-L70

def update_deployment(api_instance, deployment):
    # Update container image
    deployment.spec.template.spec.containers[0].image = "nginx:1.16.0"
    # Update the deployment
    api_response = api_instance.patch_namespaced_deployment(
        name=DEPLOYMENT_NAME,
        namespace="default",
        body=deployment)
    print("Deployment updated. status='%s'" % str(api_response.status))

The Labels are on the deployment object, from the App v1 API,

kind: Deployment
metadata:
  name: deployment-example
spec:
  replicas: 3
  revisionHistoryLimit: 10
  template:
    metadata:
      labels:
        app: nginx

which means you need to update the following:

deployment.spec.template.metadata.labels.app = "nginx"

Aurélien Gasser
  • 3,043
  • 1
  • 20
  • 25
djsly
  • 1,522
  • 11
  • 13
  • 1
    Yeah, I had seen that example - but how do I get deployment object? No example of query API to get deployment object given in those examples. I was hoping that the patch API needs only parts to be patched so I could probably build partial deployment object as input but I am clueless on how do that as of now.... any help will be appreciated – VinayC May 26 '20 at 13:35
  • 3
    you need to use the read_namespaced_deployment() object https://github.com/kubernetes-client/python/blob/7763e37b7d8ca6e966716ad82d54f82f3e341cd4/kubernetes/client/api/apps_v1_api.py#L5307 – djsly May 26 '20 at 16:58
  • this will give your the deployment object you can reused in the patch_namespaced_deployment call. by simply providing the name of the deployment and the namespace it exists under. – djsly May 26 '20 at 16:59
  • @VinayC let me know if this answer suits your need. – djsly May 27 '20 at 13:38
  • thanks for reply. I didn't find time to try out the solution . Will revert by next week. As of now, I am not clear why you have suggested to add deployment name and namespace in deployment object provided by `read_namespaced_deployment` call. – VinayC May 27 '20 at 14:51
  • 2
    you need to read the deployment content by specifying the name and namespace. the same as if you would do `kubectl get deployment -n -o yaml` – djsly May 27 '20 at 18:24
  • Just to update, I have used .NET Kubernetes client to achieve the same - this client doesn't support strategic merge patch as of now. So I have queried the deployment, got existing labels, add a new one to the set and created json patch to replace labels. Same approach would also work in Python client but I suspect that it will also support merge patch making the job even simpler. – VinayC Jun 05 '20 at 03:55