Skip to content
Merged
Show file tree
Hide file tree
Changes from 2 commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
7 changes: 6 additions & 1 deletion src/azure-cli/azure/cli/command_modules/acs/_consts.py
Original file line number Diff line number Diff line change
Expand Up @@ -31,13 +31,18 @@
CONST_INGRESS_APPGW_SUBNET_CIDR = "subnetCIDR"
CONST_INGRESS_APPGW_WATCH_NAMESPACE = "watchNamespace"

# confcom addon keys
CONST_CONFCOM_ADDON_NAME = "ACCSGXDevicePlugin"
CONST_ACC_SGX_QUOTE_HELPER_ENABLED = "ACCSGXQuoteHelperEnabled"

ADDONS = {
'http_application_routing': CONST_HTTP_APPLICATION_ROUTING_ADDON_NAME,
'monitoring': CONST_MONITORING_ADDON_NAME,
'virtual-node': CONST_VIRTUAL_NODE_ADDON_NAME,
'kube-dashboard': CONST_KUBE_DASHBOARD_ADDON_NAME,
'azure-policy': CONST_AZURE_POLICY_ADDON_NAME,
'ingress-appgw': CONST_INGRESS_APPGW_ADDON_NAME
'ingress-appgw': CONST_INGRESS_APPGW_ADDON_NAME,
"confcom": CONST_CONFCOM_ADDON_NAME
}

CONST_CANIPULL_IMAGE = "mcr.microsoft.com/aks/canipull:0.0.2-alpha"
7 changes: 7 additions & 0 deletions src/azure-cli/azure/cli/command_modules/acs/_help.py
Original file line number Diff line number Diff line change
Expand Up @@ -321,6 +321,7 @@
virtual-node - enable AKS Virtual Node.
Requires --aci-subnet-name to provide the name of an existing subnet for the Virtual Node to use.
aci-subnet-name must be in the same vnet which is specified by --vnet-subnet-id (required as well).
confcom - enable confcom addon, this will enable SGX device plugin by default.
- name: --disable-rbac
type: bool
short-summary: Disable Kubernetes Role-Based Access Control.
Expand Down Expand Up @@ -405,6 +406,9 @@
- name: --appgw-watch-namespace
type: string
short-summary: Specify the namespace, which AGIC should watch. This could be a single string value, or a comma-separated list of namespaces.
- name: --enable-sgxquotehelper
type: bool
short-summary: Enable SGX quote helper for confcom addon.
examples:
- name: Create a Kubernetes cluster with an existing SSH public key.
text: az aks create -g MyResourceGroup -n MyManagedCluster --ssh-key-value /path/to/publickey
Expand Down Expand Up @@ -510,6 +514,9 @@
- name: --disable-ahub
type: bool
short-summary: Disable Azure Hybrid User Benefits (AHUB) feature for cluster.
- name: --enable-sgxquotehelper
type: bool
short-summary: Enable SGX quote helper for confcom addon.
examples:
- name: Update a kubernetes cluster with standard SKU load balancer to use two AKS created IPs for the load balancer outbound connection usage.
text: az aks update -g MyResourceGroup -n MyManagedCluster --load-balancer-managed-outbound-ip-count 2
Expand Down
2 changes: 2 additions & 0 deletions src/azure-cli/azure/cli/command_modules/acs/_params.py
Original file line number Diff line number Diff line change
Expand Up @@ -223,6 +223,7 @@ def load_arguments(self, _):
c.argument('appgw_subnet_id', options_list=['--appgw-subnet-id'], arg_group='Application Gateway')
c.argument('appgw_watch_namespace', options_list=['--appgw-watch-namespace'], arg_group='Application Gateway')
c.argument('yes', options_list=['--yes', '-y'], help='Do not prompt for confirmation.', action='store_true')
c.argument('enable_sgxquotehelper', action='store_true')

with self.argument_context('aks update') as c:
c.argument('attach_acr', acr_arg_type, validator=validate_acr)
Expand Down Expand Up @@ -256,6 +257,7 @@ def load_arguments(self, _):
c.argument('appgw_id', options_list=['--appgw-id'], arg_group='Application Gateway')
c.argument('appgw_subnet_id', options_list=['--appgw-subnet-id'], arg_group='Application Gateway')
c.argument('appgw_watch_namespace', options_list=['--appgw-watch-namespace'], arg_group='Application Gateway')
c.argument('enable_sgxquotehelper', action='store_true')

with self.argument_context('aks get-credentials') as c:
c.argument('admin', options_list=['--admin', '-a'], default=False)
Expand Down
24 changes: 23 additions & 1 deletion src/azure-cli/azure/cli/command_modules/acs/custom.py
Original file line number Diff line number Diff line change
Expand Up @@ -117,6 +117,7 @@
from ._consts import CONST_INGRESS_APPGW_APPLICATION_GATEWAY_ID, CONST_INGRESS_APPGW_APPLICATION_GATEWAY_NAME
from ._consts import CONST_INGRESS_APPGW_SUBNET_CIDR, CONST_INGRESS_APPGW_SUBNET_ID
from ._consts import CONST_INGRESS_APPGW_WATCH_NAMESPACE
from ._consts import CONST_CONFCOM_ADDON_NAME, CONST_ACC_SGX_QUOTE_HELPER_ENABLED
from ._consts import ADDONS
from ._consts import CONST_CANIPULL_IMAGE

Expand Down Expand Up @@ -1892,6 +1893,7 @@ def aks_create(cmd, client, resource_group_name, name, ssh_key_value, # pylint:
appgw_id=None,
appgw_subnet_id=None,
appgw_watch_namespace=None,
enable_sgxquotehelper=False,
Comment thread
Pengpeng-Microsoft marked this conversation as resolved.
no_wait=False,
yes=False):
_validate_ssh_key(no_ssh_key, ssh_key_value)
Expand Down Expand Up @@ -2085,6 +2087,7 @@ def aks_create(cmd, client, resource_group_name, name, ssh_key_value, # pylint:
appgw_id,
appgw_subnet_id,
appgw_watch_namespace,
enable_sgxquotehelper
)
monitoring = False
if CONST_MONITORING_ADDON_NAME in addon_profiles:
Expand Down Expand Up @@ -2280,6 +2283,7 @@ def aks_enable_addons(cmd, client, resource_group_name, name, addons,
appgw_id=None,
appgw_subnet_id=None,
appgw_watch_namespace=None,
enable_sgxquotehelper=False,
no_wait=False):
instance = client.get(resource_group_name, name)
subscription_id = get_subscription_id(cmd.cli_ctx)
Expand All @@ -2292,6 +2296,7 @@ def aks_enable_addons(cmd, client, resource_group_name, name, addons,
appgw_id=appgw_id,
appgw_subnet_id=appgw_subnet_id,
appgw_watch_namespace=appgw_watch_namespace,
enable_sgxquotehelper=enable_sgxquotehelper,
no_wait=no_wait)

enable_monitoring = CONST_MONITORING_ADDON_NAME in instance.addon_profiles \
Expand Down Expand Up @@ -2767,6 +2772,7 @@ def _update_addons(cmd, instance, subscription_id, resource_group_name, name, ad
appgw_id=None,
appgw_subnet_id=None,
appgw_watch_namespace=None,
enable_sgxquotehelper=False,
no_wait=False):
# parse the comma-separated addons argument
addon_args = addons.split(',')
Expand Down Expand Up @@ -2835,6 +2841,15 @@ def _update_addons(cmd, instance, subscription_id, resource_group_name, name, ad
addon_profile.config[CONST_INGRESS_APPGW_SUBNET_ID] = appgw_subnet_id
if appgw_watch_namespace is not None:
addon_profile.config[CONST_INGRESS_APPGW_WATCH_NAMESPACE] = appgw_watch_namespace
elif addon == CONST_CONFCOM_ADDON_NAME:
if addon_profile.enabled:
raise CLIError('The confcom addon is already enabled for this managed cluster.\n'
'To change confcom configuration, run '
f'"az aks disable-addons -a confcom -n {name} -g {resource_group_name}" '
'before enabling it again.')
addon_profile = ManagedClusterAddonProfile(enabled=True, config={CONST_ACC_SGX_QUOTE_HELPER_ENABLED: "false"})
if enable_sgxquotehelper:
addon_profile.config[CONST_ACC_SGX_QUOTE_HELPER_ENABLED] = "true"
addon_profiles[addon] = addon_profile
else:
if addon not in addon_profiles:
Expand Down Expand Up @@ -2875,7 +2890,8 @@ def _handle_addons_args(cmd, addons_str, subscription_id, resource_group_name, a
appgw_subnet_cidr=None,
appgw_id=None,
appgw_subnet_id=None,
appgw_watch_namespace=None):
appgw_watch_namespace=None,
enable_sgxquotehelper=False):
if not addon_profiles:
addon_profiles = {}
addons = addons_str.split(',') if addons_str else []
Expand Down Expand Up @@ -2930,6 +2946,12 @@ def _handle_addons_args(cmd, addons_str, subscription_id, resource_group_name, a
addon_profile.config[CONST_INGRESS_APPGW_WATCH_NAMESPACE] = appgw_watch_namespace
addon_profiles[CONST_INGRESS_APPGW_ADDON_NAME] = addon_profile
addons.remove('ingress-appgw')
if 'confcom' in addons:
addon_profile = ManagedClusterAddonProfile(enabled=True, config={CONST_ACC_SGX_QUOTE_HELPER_ENABLED: "false"})
if enable_sgxquotehelper:
addon_profile.config[CONST_ACC_SGX_QUOTE_HELPER_ENABLED] = "true"
addon_profiles[CONST_CONFCOM_ADDON_NAME] = addon_profile
addons.remove('confcom')
# error out if any (unrecognized) addons remain
if addons:
raise CLIError('"{}" {} not recognized by the --enable-addons argument.'.format(
Expand Down
Loading