-
Notifications
You must be signed in to change notification settings - Fork 1.6k
{AKS} az aks update: Add --network-policy to support updating the mode of a network policy
#6809
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Changes from 1 commit
14cb218
896d8f9
8a5b7fb
522a456
80aa27a
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -567,6 +567,13 @@ def get_network_plugin_mode(self) -> Union[str, None]: | |
| # this parameter does not need validation | ||
| return network_plugin_mode | ||
|
|
||
| def get_network_policy(self) -> Union[str, None]: | ||
| """Get the value of network_dataplane. | ||
|
|
||
| :return: str or None | ||
| """ | ||
| return self.raw_param.get("network_policy") | ||
|
|
||
| def get_network_dataplane(self) -> Union[str, None]: | ||
| """Get the value of network_dataplane. | ||
|
|
||
|
|
@@ -3151,6 +3158,11 @@ def update_network_plugin_settings(self, mc: ManagedCluster) -> ManagedCluster: | |
| pod_cidr = self.context.get_pod_cidr() | ||
| if pod_cidr: | ||
| mc.network_profile.pod_cidr = pod_cidr | ||
|
|
||
| network_policy = self.context.get_network_policy() | ||
| if network_policy: | ||
| mc.network_profile.network_policy = network_policy | ||
|
Contributor
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. in addition to the live test you added, should we have a unit test in test_managed_cluster_decorator.py? Maybe add something to
Contributor
Author
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Added a test case to update network-policy from empty string to "azure"
Member
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Python implicitly converts |
||
|
|
||
| return mc | ||
|
|
||
| def update_enable_network_observability_in_network_profile(self, mc: ManagedCluster) -> ManagedCluster: | ||
|
|
||
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -4460,6 +4460,7 @@ def test_aks_migrate_cluster_to_cilium_dataplane(self, resource_group, resource_ | |
| create_cmd = 'aks create --resource-group={resource_group} --name={name} --location={location} ' \ | ||
| '--network-plugin azure --ssh-key-value={ssh_key_value} --kubernetes-version {k8s_version} ' \ | ||
| '--network-plugin-mode=overlay' | ||
|
|
||
| self.cmd(create_cmd, checks=[ | ||
| self.check('provisioningState', 'Succeeded'), | ||
| self.check('networkProfile.networkPlugin', 'azure'), | ||
|
|
@@ -4468,7 +4469,7 @@ def test_aks_migrate_cluster_to_cilium_dataplane(self, resource_group, resource_ | |
| ]) | ||
|
|
||
| # update to enable cilium dataplane | ||
| update_cmd = 'aks update -g {resource_group} -n {name} --network-dataplane=cilium' | ||
| update_cmd = 'aks update -g {resource_group} -n {name} --network-dataplane=cilium --network-policy=cilium' | ||
|
|
||
|
Contributor
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. do we need to update the test fixtures after running the live test? I would have expected this to change the PUT MC request, but don't see any changes in
Contributor
Author
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. I am not sure about test fixtures, probably @FumingZhang or @zhoxing-ms can help clarify
Member
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Queued live test to validate the change. If test passed, the recording file would be published as pipeline artifact, could download and commit it.
Member
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. The test failed due to
To test the feature, need a feature flag or specific sub?
Contributor
Author
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Thanks @FumingZhang. The test failed because the change that would allow updating network policy to "cilium" has not been rolled out to eastus yet. We should wait a few days for it to reach eastus I suppose unless there is some other option. |
||
| self.cmd(update_cmd, checks=[ | ||
| self.check('provisioningState', 'Succeeded'), | ||
|
|
||
Uh oh!
There was an error while loading. Please reload this page.