Azure
diff --git a/‎.gitignore‎
Lines changed: 29 additions & 36 deletions b/‎.gitignore‎
Lines changed: 29 additions & 36 deletions
diff --git a/‎commands.go‎
Lines changed: 66 additions & 102 deletions b/‎commands.go‎
Lines changed: 66 additions & 102 deletions
diff --git a/‎main.go‎
Lines changed: 2 additions & 4 deletions b/‎main.go‎
Lines changed: 2 additions & 4 deletions
diff --git a/‎pkg/config/structs.go‎
Lines changed: 1 addition & 0 deletions b/‎pkg/config/structs.go‎
Lines changed: 1 addition & 0 deletions
@@ -1,48 +1,41 @@
 # Binaries for programs and plugins
-*.exe
-*.exe~
+# Build artifacts
+# Config files with sensitive data (keep sample config)
+# Go workspace file
+# IDE and editor files
+# Log files
+# OS generated files
+# Output of the go coverage tool, specifically when used with LiteIDE
+# Test binary, built with `go test -c`
+# Test coverage reports
 *.dll
-*.so
 *.dylib
-aks-flex-node
-
-# Test binary, built with `go test -c`
-*.test
-
-# Output of the go coverage tool, specifically when used with LiteIDE
+*.exe
+*.exe~
+*.log
 *.out
-
-# Test coverage reports
-coverage.out
-coverage.html
-coverage.xml
-
-# Go workspace file
-go.work
-
-# IDE and editor files
-.vscode/
-.idea/
-*.swp
+*.so
 *.swo
+*.swp
+*.test
 *~
-
-# OS generated files
 .DS_Store
 .DS_Store?
-._*
 .Spotlight-V100
 .Trashes
-ehthumbs.db
-Thumbs.db
-
-# Log files
-*.log
+._*
+.idea/
+.vscode/
+/build/
+/dist/AKSFlexNode
 /var/log/
-
-# Config files with sensitive data (keep sample config)
+AKSFlexNode
+Standard_D8pds_v6_sku.json
+Thumbs.db
+aks-flex-node
 config.json
-
-# Build artifacts
-/build/
-/dist/
+coverage.html
+coverage.out
+coverage.xml
+ehthumbs.db
+go.work
@@ -25,6 +25,9 @@ var (
 	BuildTime = "unknown"
 )
 
+// Unbootstrap command flags
+var cleanupMode string
+
 // NewAgentCommand creates a new agent command
 func NewAgentCommand() *cobra.Command {
 	cmd := &cobra.Command{
@@ -44,12 +47,19 @@ func NewUnbootstrapCommand() *cobra.Command {
 	cmd := &cobra.Command{
 		Use:   "unbootstrap",
 		Short: "Remove AKS node configuration and Arc connection",
-		Long:  "Clean up and remove all AKS node components and Arc registration from this machine",
+		Long: `Clean up and remove all AKS node components and Arc registration from this machine.
+
+For private clusters (config has private: true), this also handles VPN cleanup:
+  --cleanup-mode=local  Remove node and local VPN config, keep Gateway (default)
+  --cleanup-mode=full   Remove everything including Gateway VM and Azure resources`,
 		RunE: func(cmd *cobra.Command, args []string) error {
 			return runUnbootstrap(cmd.Context())
 		},
 	}
 
+	cmd.Flags().StringVar(&cleanupMode, "cleanup-mode", "local",
+		"Private cluster cleanup mode: 'local' (keep Gateway) or 'full' (remove all Azure resources)")
+
 	return cmd
 }
 
@@ -76,6 +86,19 @@ func runAgent(ctx context.Context) error {
 		return fmt.Errorf("failed to load config from %s: %w", configPath, err)
 	}
 
+	// For private clusters, run Gateway/VPN setup before bootstrap
+	if cfg.Azure.TargetCluster != nil && cfg.Azure.TargetCluster.Private {
+		logger.Info("Private cluster detected, running Gateway/VPN setup...")
+		if os.Getuid() != 0 {
+			return fmt.Errorf("private cluster setup requires root privileges, please run with 'sudo'")
+		}
+		runner := privatecluster.NewScriptRunner("")
+		if err := runner.RunPrivateInstall(ctx, cfg.Azure.TargetCluster.ResourceID); err != nil {
+			return fmt.Errorf("private cluster setup failed: %w", err)
+		}
+		logger.Info("Private cluster setup completed")
+	}
+
 	bootstrapExecutor := bootstrapper.New(cfg, logger)
 	result, err := bootstrapExecutor.Bootstrap(ctx)
 	if err != nil {
@@ -101,14 +124,55 @@ func runUnbootstrap(ctx context.Context) error {
 		return fmt.Errorf("failed to load config from %s: %w", configPath, err)
 	}
 
+	// For private clusters, run VPN/Gateway cleanup first
+	if cfg.Azure.TargetCluster != nil && cfg.Azure.TargetCluster.Private {
+		logger.Info("Private cluster detected, running VPN/Gateway cleanup...")
+
+		// Validate cleanup mode
+		var mode privatecluster.CleanupMode
+		switch cleanupMode {
+		case "local":
+			mode = privatecluster.CleanupModeLocal
+		case "full":
+			mode = privatecluster.CleanupModeFull
+		default:
+			return fmt.Errorf("invalid cleanup mode: %s (use 'local' or 'full')", cleanupMode)
+		}
+
+		// Check root privileges for private cluster cleanup
+		if os.Getuid() != 0 {
+			return fmt.Errorf("private cluster cleanup requires root privileges, please run with 'sudo'")
+		}
+
+		options := privatecluster.UninstallOptions{
+			Mode:          mode,
+			AKSResourceID: cfg.Azure.TargetCluster.ResourceID,
+		}
+		uninstaller := privatecluster.NewUninstaller(options)
+		if err := uninstaller.Uninstall(ctx); err != nil {
+			logger.Warnf("Private cluster cleanup had errors: %v", err)
+			// Continue with normal unbootstrap even if private cleanup has issues
+		}
+		logger.Info("Private cluster cleanup completed")
+	}
+
+	// Run normal unbootstrap
 	bootstrapExecutor := bootstrapper.New(cfg, logger)
 	result, err := bootstrapExecutor.Unbootstrap(ctx)
 	if err != nil {
 		return err
 	}
 
 	// Handle and log the result (unbootstrap is more lenient with failures)
-	return handleExecutionResult(result, "unbootstrap", logger)
+	if err := handleExecutionResult(result, "unbootstrap", logger); err != nil {
+		return err
+	}
+
+	// Print final success message
+	fmt.Println()
+	fmt.Println("\033[0;32mSUCCESS:\033[0m Unbootstrap completed successfully!")
+
+	return nil
 }
 
 // runVersion displays version information
@@ -119,106 +183,6 @@ func runVersion() {
 	fmt.Printf("Build Time: %s\n", BuildTime)
 }
 
-// Private cluster command variables
-var (
-	aksResourceID   string
-	cleanupModeFlag string
-)
-
-// NewPrivateJoinCommand creates a new private-join command
-func NewPrivateJoinCommand() *cobra.Command {
-	cmd := &cobra.Command{
-		Use:   "private-join",
-		Short: "Join a Private AKS cluster (requires sudo)",
-		Long: `Join a Private AKS cluster.
-
-Prerequisites:
-  1. A Private AKS cluster must exist with AAD and Azure RBAC enabled
-     See: pkg/privatecluster/create_private_cluster.md
-
-  2. Current user must have the following roles on the cluster:
-     - Azure Kubernetes Service Cluster Admin Role
-     - Azure Kubernetes Service RBAC Cluster Admin
-
-  3. Current user must be logged in via 'sudo az login'
-
-The full resource ID of the Private AKS cluster is required as the --aks-resource-id parameter.
-This same resource ID can be used later with the private-leave command.`,
-		RunE: func(cmd *cobra.Command, args []string) error {
-			return runPrivateJoin(cmd.Context())
-		},
-	}
-
-	cmd.Flags().StringVar(&aksResourceID, "aks-resource-id", "", "AKS cluster resource ID (required)")
-	cmd.MarkFlagRequired("aks-resource-id")
-
-	return cmd
-}
-
-// NewPrivateLeaveCommand creates a new private-leave command
-func NewPrivateLeaveCommand() *cobra.Command {
-	cmd := &cobra.Command{
-		Use:   "private-leave",
-		Short: "Leave a Private AKS cluster (--mode=local|full, requires sudo)",
-		Long: `Remove this edge node from a Private AKS cluster.
-
-Cleanup modes:
-  --local  Local cleanup only (default):
-           - Remove node from AKS cluster
-           - Run aks-flex-node unbootstrap
-           - Remove Arc Agent
-           - Stop VPN and remove client config
-           - Keep Gateway for other nodes
-
-  --full   Full cleanup (requires --aks-resource-id):
-           - All local cleanup steps
-           - Delete Gateway VM
-           - Delete Gateway subnet, NSG, Public IP
-           - Delete SSH keys
-
-This command requires the current user to be logged in via 'sudo az login'.`,
-		RunE: func(cmd *cobra.Command, args []string) error {
-			return runPrivateLeave(cmd.Context())
-		},
-	}
-
-	cmd.Flags().StringVar(&cleanupModeFlag, "mode", "local", "Cleanup mode: 'local' (keep Gateway) or 'full' (remove all Azure resources)")
-	cmd.Flags().StringVar(&aksResourceID, "aks-resource-id", "", "AKS cluster resource ID (required for --mode=full)")
-
-	return cmd
-}
-
-// runPrivateJoin executes the private cluster join process
-func runPrivateJoin(ctx context.Context) error {
-	if os.Getuid() != 0 {
-		return fmt.Errorf("this command requires root privileges, please run with 'sudo'")
-	}
-	runner := privatecluster.NewScriptRunner("")
-	return runner.RunPrivateInstall(ctx, aksResourceID)
-}
-
-// runPrivateLeave executes the private cluster leave process
-func runPrivateLeave(ctx context.Context) error {
-	if os.Getuid() != 0 {
-		return fmt.Errorf("this command requires root privileges, please run with 'sudo'")
-	}
-	// Validate cleanup mode
-	var mode privatecluster.CleanupMode
-	switch cleanupModeFlag {
-	case "local":
-		mode = privatecluster.CleanupModeLocal
-	case "full":
-		mode = privatecluster.CleanupModeFull
-		if aksResourceID == "" {
-			return fmt.Errorf("--aks-resource-id is required for full cleanup mode")
-		}
-	default:
-		return fmt.Errorf("invalid cleanup mode: %s (use 'local' or 'full')", cleanupModeFlag)
-	}
-
-	runner := privatecluster.NewScriptRunner("")
-	return runner.RunPrivateUninstall(ctx, mode, aksResourceID)
-}
 
 // runDaemonLoop runs the periodic status collection and bootstrap monitoring daemon
 func runDaemonLoop(ctx context.Context, cfg *config.Config) error {
 
@@ -26,15 +26,13 @@ func main() {
 
 	// Add global flags for configuration
 	rootCmd.PersistentFlags().StringVar(&configPath, "config", "", "Path to configuration JSON file (required for agent/unbootstrap)")
-	rootCmd.PersistentFlags().MarkHidden("config") // Hide from global help, shown in agent/unbootstrap help
+	_ = rootCmd.PersistentFlags().MarkHidden("config")
 	// Don't mark as required globally - we'll check in PersistentPreRunE for commands that need it
 
 	// Add commands
 	rootCmd.AddCommand(NewAgentCommand())
 	rootCmd.AddCommand(NewUnbootstrapCommand())
 	rootCmd.AddCommand(NewVersionCommand())
-	rootCmd.AddCommand(NewPrivateJoinCommand())
-	rootCmd.AddCommand(NewPrivateLeaveCommand())
 
 	// Set up context with signal handling
 	ctx, cancel := context.WithCancel(context.Background())
@@ -54,7 +52,7 @@ func main() {
 	rootCmd.PersistentPreRunE = func(cmd *cobra.Command, args []string) error {
 		// Skip config loading for commands that don't need it
 		switch cmd.Name() {
-		case "version", "private-join", "private-leave":
+		case "version":
 			return nil
 		}
 
 
@@ -39,6 +39,7 @@ type ServicePrincipalConfig struct {
 type TargetClusterConfig struct {
 	ResourceID        string `json:"resourceId"` // Full resource ID of the target AKS cluster
 	Location          string `json:"location"`   // Azure region of the cluster (e.g., "eastus", "westus2")
+	Private           bool   `json:"private"`    // Whether this is a private AKS cluster (requires Gateway/VPN setup)
 	Name              string // will be populated from ResourceID
 	ResourceGroup     string // will be populated from ResourceID
 	SubscriptionID    string // will be populated from ResourceID