Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
7 changes: 6 additions & 1 deletion src/azure-cli/azure/cli/command_modules/acs/_consts.py
Original file line number Diff line number Diff line change
Expand Up @@ -31,13 +31,18 @@
CONST_INGRESS_APPGW_SUBNET_CIDR = "subnetCIDR"
CONST_INGRESS_APPGW_WATCH_NAMESPACE = "watchNamespace"

# confcom addon keys
CONST_CONFCOM_ADDON_NAME = "ACCSGXDevicePlugin"
CONST_ACC_SGX_QUOTE_HELPER_ENABLED = "ACCSGXQuoteHelperEnabled"

ADDONS = {
'http_application_routing': CONST_HTTP_APPLICATION_ROUTING_ADDON_NAME,
'monitoring': CONST_MONITORING_ADDON_NAME,
'virtual-node': CONST_VIRTUAL_NODE_ADDON_NAME,
'kube-dashboard': CONST_KUBE_DASHBOARD_ADDON_NAME,
'azure-policy': CONST_AZURE_POLICY_ADDON_NAME,
'ingress-appgw': CONST_INGRESS_APPGW_ADDON_NAME
'ingress-appgw': CONST_INGRESS_APPGW_ADDON_NAME,
"confcom": CONST_CONFCOM_ADDON_NAME
}

CONST_CANIPULL_IMAGE = "mcr.microsoft.com/aks/canipull:0.0.2-alpha"
7 changes: 7 additions & 0 deletions src/azure-cli/azure/cli/command_modules/acs/_help.py
Original file line number Diff line number Diff line change
Expand Up @@ -321,6 +321,7 @@
virtual-node - enable AKS Virtual Node.
Requires --aci-subnet-name to provide the name of an existing subnet for the Virtual Node to use.
aci-subnet-name must be in the same vnet which is specified by --vnet-subnet-id (required as well).
confcom - enable confcom addon, this will enable SGX device plugin by default.
- name: --disable-rbac
type: bool
short-summary: Disable Kubernetes Role-Based Access Control.
Expand Down Expand Up @@ -405,6 +406,9 @@
- name: --appgw-watch-namespace
type: string
short-summary: Specify the namespace, which AGIC should watch. This could be a single string value, or a comma-separated list of namespaces.
- name: --enable-sgxquotehelper
type: bool
short-summary: Enable SGX quote helper for confcom addon.
examples:
- name: Create a Kubernetes cluster with an existing SSH public key.
text: az aks create -g MyResourceGroup -n MyManagedCluster --ssh-key-value /path/to/publickey
Expand Down Expand Up @@ -593,6 +597,9 @@
- name: --appgw-watch-namespace
type: string
short-summary: Specify the namespace, which AGIC should watch. This could be a single string value, or a comma-separated list of namespaces.
- name: --enable-sgxquotehelper
type: bool
short-summary: Enable SGX quote helper for confcom addon.
examples:
- name: Enable Kubernetes addons. (autogenerated)
text: az aks enable-addons --addons virtual-node --name MyManagedCluster --resource-group MyResourceGroup --subnet MySubnetName
Expand Down
2 changes: 2 additions & 0 deletions src/azure-cli/azure/cli/command_modules/acs/_params.py
Original file line number Diff line number Diff line change
Expand Up @@ -223,6 +223,7 @@ def load_arguments(self, _):
c.argument('appgw_subnet_id', options_list=['--appgw-subnet-id'], arg_group='Application Gateway')
c.argument('appgw_watch_namespace', options_list=['--appgw-watch-namespace'], arg_group='Application Gateway')
c.argument('yes', options_list=['--yes', '-y'], help='Do not prompt for confirmation.', action='store_true')
c.argument('enable_sgxquotehelper', action='store_true')

with self.argument_context('aks update') as c:
c.argument('attach_acr', acr_arg_type, validator=validate_acr)
Expand Down Expand Up @@ -256,6 +257,7 @@ def load_arguments(self, _):
c.argument('appgw_id', options_list=['--appgw-id'], arg_group='Application Gateway')
c.argument('appgw_subnet_id', options_list=['--appgw-subnet-id'], arg_group='Application Gateway')
c.argument('appgw_watch_namespace', options_list=['--appgw-watch-namespace'], arg_group='Application Gateway')
c.argument('enable_sgxquotehelper', action='store_true')

with self.argument_context('aks get-credentials') as c:
c.argument('admin', options_list=['--admin', '-a'], default=False)
Expand Down
25 changes: 24 additions & 1 deletion src/azure-cli/azure/cli/command_modules/acs/custom.py
Original file line number Diff line number Diff line change
Expand Up @@ -117,6 +117,7 @@
from ._consts import CONST_INGRESS_APPGW_APPLICATION_GATEWAY_ID, CONST_INGRESS_APPGW_APPLICATION_GATEWAY_NAME
from ._consts import CONST_INGRESS_APPGW_SUBNET_CIDR, CONST_INGRESS_APPGW_SUBNET_ID
from ._consts import CONST_INGRESS_APPGW_WATCH_NAMESPACE
from ._consts import CONST_CONFCOM_ADDON_NAME, CONST_ACC_SGX_QUOTE_HELPER_ENABLED
from ._consts import ADDONS
from ._consts import CONST_CANIPULL_IMAGE

Expand Down Expand Up @@ -1892,6 +1893,7 @@ def aks_create(cmd, client, resource_group_name, name, ssh_key_value, # pylint:
appgw_id=None,
appgw_subnet_id=None,
appgw_watch_namespace=None,
enable_sgxquotehelper=False,
Comment thread
Pengpeng-Microsoft marked this conversation as resolved.
no_wait=False,
yes=False):
_validate_ssh_key(no_ssh_key, ssh_key_value)
Expand Down Expand Up @@ -2085,6 +2087,7 @@ def aks_create(cmd, client, resource_group_name, name, ssh_key_value, # pylint:
appgw_id,
appgw_subnet_id,
appgw_watch_namespace,
enable_sgxquotehelper
)
monitoring = False
if CONST_MONITORING_ADDON_NAME in addon_profiles:
Expand Down Expand Up @@ -2280,6 +2283,7 @@ def aks_enable_addons(cmd, client, resource_group_name, name, addons,
appgw_id=None,
appgw_subnet_id=None,
appgw_watch_namespace=None,
enable_sgxquotehelper=False,
no_wait=False):
instance = client.get(resource_group_name, name)
subscription_id = get_subscription_id(cmd.cli_ctx)
Expand All @@ -2292,6 +2296,7 @@ def aks_enable_addons(cmd, client, resource_group_name, name, addons,
appgw_id=appgw_id,
appgw_subnet_id=appgw_subnet_id,
appgw_watch_namespace=appgw_watch_namespace,
enable_sgxquotehelper=enable_sgxquotehelper,
no_wait=no_wait)

enable_monitoring = CONST_MONITORING_ADDON_NAME in instance.addon_profiles \
Expand Down Expand Up @@ -2767,6 +2772,7 @@ def _update_addons(cmd, instance, subscription_id, resource_group_name, name, ad
appgw_id=None,
appgw_subnet_id=None,
appgw_watch_namespace=None,
enable_sgxquotehelper=False,
no_wait=False):
# parse the comma-separated addons argument
addon_args = addons.split(',')
Expand Down Expand Up @@ -2835,6 +2841,16 @@ def _update_addons(cmd, instance, subscription_id, resource_group_name, name, ad
addon_profile.config[CONST_INGRESS_APPGW_SUBNET_ID] = appgw_subnet_id
if appgw_watch_namespace is not None:
addon_profile.config[CONST_INGRESS_APPGW_WATCH_NAMESPACE] = appgw_watch_namespace
elif addon == CONST_CONFCOM_ADDON_NAME:
if addon_profile.enabled:
raise ValidationError('The confcom addon is already enabled for this managed cluster.',
recommendation='To change confcom configuration, run '
f'"az aks disable-addons -a confcom -n {name} -g {resource_group_name}" '
'before enabling it again.')
addon_profile = ManagedClusterAddonProfile(
enabled=True, config={CONST_ACC_SGX_QUOTE_HELPER_ENABLED: "false"})
if enable_sgxquotehelper:
addon_profile.config[CONST_ACC_SGX_QUOTE_HELPER_ENABLED] = "true"
addon_profiles[addon] = addon_profile
else:
if addon not in addon_profiles:
Expand Down Expand Up @@ -2875,7 +2891,8 @@ def _handle_addons_args(cmd, addons_str, subscription_id, resource_group_name, a
appgw_subnet_cidr=None,
appgw_id=None,
appgw_subnet_id=None,
appgw_watch_namespace=None):
appgw_watch_namespace=None,
enable_sgxquotehelper=False):
if not addon_profiles:
addon_profiles = {}
addons = addons_str.split(',') if addons_str else []
Expand Down Expand Up @@ -2930,6 +2947,12 @@ def _handle_addons_args(cmd, addons_str, subscription_id, resource_group_name, a
addon_profile.config[CONST_INGRESS_APPGW_WATCH_NAMESPACE] = appgw_watch_namespace
addon_profiles[CONST_INGRESS_APPGW_ADDON_NAME] = addon_profile
addons.remove('ingress-appgw')
if 'confcom' in addons:
addon_profile = ManagedClusterAddonProfile(enabled=True, config={CONST_ACC_SGX_QUOTE_HELPER_ENABLED: "false"})
if enable_sgxquotehelper:
addon_profile.config[CONST_ACC_SGX_QUOTE_HELPER_ENABLED] = "true"
addon_profiles[CONST_CONFCOM_ADDON_NAME] = addon_profile
addons.remove('confcom')
# error out if any (unrecognized) addons remain
if addons:
raise CLIError('"{}" {} not recognized by the --enable-addons argument.'.format(
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -4,9 +4,15 @@ aks create:
appgw_watch_namespace:
rule_exclusions:
- option_length_too_long
enable_sgxquotehelper:
rule_exclusions:
- option_length_too_long
aks enable-addons:
parameters:
appgw_watch_namespace:
rule_exclusions:
- option_length_too_long
enable_sgxquotehelper:
rule_exclusions:
- option_length_too_long
...
Loading