Skip to content

[AKS] az aks update: Add --network-policy to support updating the mode of a network policy #27466

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
zhoxing-ms merged 11 commits into from
Nov 7, 2023
Merged

[AKS] az aks update: Add --network-policy to support updating the mode of a network policy #27466

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
11 commits
Select commit Hold shift + click to select a range
6964548
add --network-policy to az aks update
Sep 25, 2023
8ada376
add aks update help
Sep 25, 2023
a075374
Merge branch 'Azure:dev' into aks-update-network-policy
robogatikov Oct 12, 2023
9ad85d9
use CONST_NETWORK_POLICY_CILIUM,
Oct 12, 2023
e0471ac
fix to read "Azure CNI powered by Cilium"
Oct 12, 2023
a35c193
remove comma
Oct 12, 2023
01eef72
add recording file
Oct 17, 2023
b7ef98d
Merge branch 'dev' into aks-update-network-policy
Oct 24, 2023
1f5f8e8
Merge branch 'dev' into aks-update-network-policy
Oct 31, 2023
4262ba8
Merge branch 'dev' into aks-update-network-policy
Nov 2, 2023
047368d
Merge branch 'dev' into aks-update-network-policy
Nov 6, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 6 additions & 0 deletions src/azure-cli/azure/cli/command_modules/acs/_consts.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -103,6 +103,12 @@
CONST_NETWORK_DATAPLANE_AZURE = "azure"
CONST_NETWORK_DATAPLANE_CILIUM = "cilium"

# network policy
CONST_NETWORK_POLICY_AZURE = "azure"
CONST_NETWORK_POLICY_CILIUM = "cilium"
CONST_NETWORK_POLICY_CALICO = "calico"
CONST_NETWORK_POLICY_NONE = "none"

# consts for addons
# http application routing
CONST_HTTP_APPLICATION_ROUTING_ADDON_NAME = "httpApplicationRouting"
Expand Down
8 changes: 7 additions & 1 deletion src/azure-cli/azure/cli/command_modules/acs/_help.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -253,7 +253,7 @@
short-summary: The Kubernetes network policy to use.
long-summary: |
Using together with "azure" network plugin.
Specify "azure" for Azure network policy manager and "calico" for calico network policy controller.
Specify "azure" for Azure network policy manager, "calico" for calico network policy controller, "cilium" for Azure CNI powered by Cilium.
Defaults to "" (network policy disabled).
- name: --network-dataplane
type: string
Expand Down Expand Up @@ -619,6 +619,12 @@
- name: --network-plugin-mode
type: string
short-summary: Update the mode of a network plugin to migrate to a different pod networking setup.
- name: --network-policy
type: string
short-summary: Update the mode of a network policy.
long-summary: |
Specify "azure" for Azure network policy manager, "cilium" for Azure CNI powered by Cilium.
Defaults to "" (network policy disabled).
- name: --pod-cidr
type: string
short-summary: Update the pod CIDR for a cluster. Used when updating a cluster from Azure CNI to Azure CNI Overlay.
Expand Down
3 changes: 3 additions & 0 deletions src/azure-cli/azure/cli/command_modules/acs/_params.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,7 @@
CONST_LOAD_BALANCER_SKU_STANDARD, CONST_MANAGED_CLUSTER_SKU_TIER_FREE,
CONST_MANAGED_CLUSTER_SKU_TIER_STANDARD, CONST_MANAGED_CLUSTER_SKU_TIER_PREMIUM,
CONST_NETWORK_DATAPLANE_AZURE, CONST_NETWORK_DATAPLANE_CILIUM,
CONST_NETWORK_POLICY_AZURE, CONST_NETWORK_POLICY_CALICO, CONST_NETWORK_POLICY_CILIUM, CONST_NETWORK_POLICY_NONE,
CONST_NETWORK_PLUGIN_AZURE, CONST_NETWORK_PLUGIN_KUBENET,
CONST_NETWORK_PLUGIN_MODE_OVERLAY, CONST_NETWORK_PLUGIN_NONE,
CONST_NODE_IMAGE_UPGRADE_CHANNEL, CONST_NONE_UPGRADE_CHANNEL,
Expand Down Expand Up @@ -125,6 +126,7 @@
network_plugins = [CONST_NETWORK_PLUGIN_KUBENET, CONST_NETWORK_PLUGIN_AZURE, CONST_NETWORK_PLUGIN_NONE]
network_plugin_modes = [CONST_NETWORK_PLUGIN_MODE_OVERLAY]
network_dataplanes = [CONST_NETWORK_DATAPLANE_AZURE, CONST_NETWORK_DATAPLANE_CILIUM]
network_policies = [CONST_NETWORK_POLICY_AZURE, CONST_NETWORK_POLICY_CALICO, CONST_NETWORK_POLICY_CILIUM, CONST_NETWORK_POLICY_NONE]
outbound_types = [CONST_OUTBOUND_TYPE_LOAD_BALANCER, CONST_OUTBOUND_TYPE_USER_DEFINED_ROUTING, CONST_OUTBOUND_TYPE_MANAGED_NAT_GATEWAY, CONST_OUTBOUND_TYPE_USER_ASSIGNED_NAT_GATEWAY]
auto_upgrade_channels = [
CONST_RAPID_UPGRADE_CHANNEL,
Expand Down Expand Up @@ -341,6 +343,7 @@ def load_arguments(self, _):
c.argument('nat_gateway_managed_outbound_ip_count', type=int, validator=validate_nat_gateway_managed_outbound_ip_count)
c.argument('nat_gateway_idle_timeout', type=int, validator=validate_nat_gateway_idle_timeout)
c.argument('network_dataplane', arg_type=get_enum_type(network_dataplanes))
c.argument('network_policy')
Copy link
Contributor

@yanzhudd yanzhudd Oct 13, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is the value of this param enumerable? If so, please add arg_type=get_enum_type to the param.

Copy link
Contributor Author

@robogatikov robogatikov Oct 13, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We want to avoid referencing 'none' (that was introduced in API version 2023-08-02-preview) until it is ready. See comment: Azure/azure-cli-extensions#6809 (comment)

c.argument('outbound_type', arg_type=get_enum_type(outbound_types))
c.argument('auto_upgrade_channel', arg_type=get_enum_type(auto_upgrade_channels))
c.argument('cluster_autoscaler_profile', nargs='+', options_list=["--cluster-autoscaler-profile", "--ca-profile"],
Expand Down
1 change: 1 addition & 0 deletions src/azure-cli/azure/cli/command_modules/acs/custom.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -655,6 +655,7 @@ def aks_update(
enable_local_accounts=False,
network_plugin_mode=None,
network_dataplane=None,
network_policy=None,
pod_cidr=None,
load_balancer_managed_outbound_ip_count=None,
load_balancer_managed_outbound_ipv6_count=None,
Expand Down
11 changes: 11 additions & 0 deletions src/azure-cli/azure/cli/command_modules/acs/managed_cluster_decorator.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2206,6 +2206,12 @@ def get_network_plugin(self) -> Union[str, None]:

return self._get_network_plugin(enable_validation=True)

def get_network_policy(self) -> Union[str, None]:
"""Get the value of network_dataplane.
:return: str or None
"""
return self.raw_param.get("network_policy")

def get_network_dataplane(self) -> Union[str, None]:
"""Get the value of network_dataplane.

Expand Down Expand Up @@ -6793,6 +6799,11 @@ def update_network_plugin_settings(self, mc: ManagedCluster) -> ManagedCluster:

if pod_cidr:
mc.network_profile.pod_cidr = pod_cidr

network_policy = self.context.get_network_policy()
if network_policy:
mc.network_profile.network_policy = network_policy

return mc

def update_http_proxy_config(self, mc: ManagedCluster) -> ManagedCluster:
Expand Down
2,303 changes: 1,840 additions & 463 deletions ...and_modules/acs/tests/latest/recordings/test_aks_migrate_cluster_to_cilium_dataplane.yaml
View file
Open in desktop

Large diffs are not rendered by default.

2 changes: 1 addition & 1 deletion src/azure-cli/azure/cli/command_modules/acs/tests/latest/test_aks_commands.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7900,7 +7900,7 @@ def test_aks_migrate_cluster_to_cilium_dataplane(self, resource_group, resource_
])

# update to enable cilium dataplane
update_cmd = 'aks update -g {resource_group} -n {name} --network-dataplane=cilium'
update_cmd = 'aks update -g {resource_group} -n {name} --network-dataplane=cilium --network-policy=cilium'
Copy link
Member

@FumingZhang FumingZhang Oct 13, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Queued live test to validate the change.

Copy link
Contributor

@yanzhudd yanzhudd Oct 13, 2023
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please add check for this new added param and update the recording file.

Copy link
Contributor Author

@robogatikov robogatikov Oct 13, 2023
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We want to keep the argument consistent between az aks create and az aks update. We will add the enum check in a follow-up pr.
Also see the comment below:
We want to avoid referencing 'none' (that was introduced in API version 2023-08-02-preview) until it is ready. See comment: Azure/azure-cli-extensions#6809 (comment)

Copy link
Contributor

@yanzhudd yanzhudd Oct 16, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is the live test passed? Please upload the recoding file.

Copy link
Contributor Author

@robogatikov robogatikov Oct 17, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

uploaded the recording file and attached to the description


self.cmd(update_cmd, checks=[
self.check('provisioningState', 'Succeeded'),
Expand Down
33 changes: 33 additions & 0 deletions src/azure-cli/azure/cli/command_modules/acs/tests/latest/test_managed_cluster_decorator.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10157,6 +10157,39 @@ def test_update_network_plugin_settings(self):

self.assertEqual(dec_mc_5, ground_truth_mc_5)

# test update network policy
dec_6 = AKSManagedClusterUpdateDecorator(
self.cmd,
self.client,
{
"network_policy": "azure",
},
ResourceType.MGMT_CONTAINERSERVICE,
)
mc_6 = self.models.ManagedCluster(
location="test_location",
network_profile=self.models.ContainerServiceNetworkProfile(
network_plugin="azure",
network_policy="",
),
)

dec_6.context.attach_mc(mc_6)
# fail on passing the wrong mc object
with self.assertRaises(CLIInternalError):
dec_6.update_network_plugin_settings(None)
dec_mc_6 = dec_6.update_network_plugin_settings(mc_6)

ground_truth_mc_6 = self.models.ManagedCluster(
location="test_location",
network_profile=self.models.ContainerServiceNetworkProfile(
network_plugin="azure",
network_policy="azure",
),
)

self.assertEqual(dec_mc_6, ground_truth_mc_6)

def test_update_mc_profile_default(self):
import inspect

Expand Down