Removing Private Key from helm values in CLI Onboarding (Including previous helm v4 changes)

[jmccormick7]

This PR adds a step in the onboarding flow for future agents to insert the onboardingPrivateKey directly as a kubernetes secret instead of relying on helm and the helm values. This secures the key appropriately without exposing the key to the helm values. As a result of e2e failures due to a broken urllib3 dependeny, this also adds a 6-line shim in azext_connectedk8s/init.py that, at extension load time, re-attaches HTTPResponse.getheaders (returning self.headers) only if it's missing. No-op on every urllib3 version that still has the alias; transparently fixes the broken 2.6.0 build and any future regression of the same shape.

---

This checklist is used to make sure that common guidelines for a pull request are followed.

Related command

General Guidelines

• Have you run azdev style <YOUR_EXT> locally? (pip install azdev required)
• Have you run python scripts/ci/test_index.py -q locally? (pip install wheel==0.30.0 required)
• My extension version conforms to the Extension version schema

For new extensions:

• My extension description/summary conforms to the Extension Summary Guidelines.

About Extension Publish

There is a pipeline to automatically build, upload and publish extension wheels.
Once your pull request is merged into main branch, a new pull request will be created to update src/index.json automatically.
You only need to update the version information in file setup.py and historical information in file HISTORY.rst in your PR but do not modify src/index.json.

[github-actions]

The git hooks are available for azure-cli and azure-cli-extensions repos. They could help you run required checks before creating the PR.

Please sync the latest code with latest dev branch (for azure-cli) or main branch (for azure-cli-extensions).
After that please run the following commands to enable git hooks:

pip install azdev --upgrade
azdev setup -c <your azure-cli repo path> -r <your azure-cli-extensions repo path>

[github-actions]

CodeGen Tools Feedback Collection

Thank you for using our CodeGen tool. We value your feedback, and we would like to know how we can improve our product. Please take a few minutes to fill our codegen survey

[jmccormick7]

Per-library findings on compatability between urllib3 and kubernetes

urllib3: does HTTPResponse define getheaders?

version	getheaders present
1.26.18	yes
2.0.7	yes
2.1.0	yes
2.2.3	yes
2.3.0	yes
2.4.0	yes
2.5.0	yes
2.6.0	NO
2.6.3	yes
2.7.0	yes

kubernetes: does ApiException.init call .getheaders()?

version	calls getheaders
18.20.0	yes
20.13.0	yes
22.6.0	yes
24.2.0	yes
26.1.0	yes
27.2.0	yes
28.1.0	yes
29.0.0	yes
30.1.0	yes
31.0.0	yes
32.0.1	yes

Compatibility matrix — X = crashes without shim

kubernetes \ urllib3	1.26.18	2.0.7	2.1.0	2.2.3	2.3.0	2.4.0	2.5.0	2.6.0	2.6.3	2.7.0
18.20.0	ok	ok	ok	ok	ok	ok	ok	X	ok	ok
20.13.0	ok	ok	ok	ok	ok	ok	ok	X	ok	ok
22.6.0	ok	ok	ok	ok	ok	ok	ok	X	ok	ok
24.2.0	ok	ok	ok	ok	ok	ok	ok	X	ok	ok
26.1.0	ok	ok	ok	ok	ok	ok	ok	X	ok	ok
27.2.0	ok	ok	ok	ok	ok	ok	ok	X	ok	ok
28.1.0	ok	ok	ok	ok	ok	ok	ok	X	ok	ok
29.0.0	ok	ok	ok	ok	ok	ok	ok	X	ok	ok
30.1.0	ok	ok	ok	ok	ok	ok	ok	X	ok	ok
31.0.0	ok	ok	ok	ok	ok	ok	ok	X	ok	ok
32.0.1	ok	ok	ok	ok	ok	ok	ok	X	ok	ok