Skip to content

[AKS] Add arguments --asg-ids and --allowed-host-ports for az aks create | az aks nodepool add | az aks nodepool update #27900

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
yanzhudd merged 7 commits into from
Nov 27, 2023
Merged

[AKS] Add arguments --asg-ids and --allowed-host-ports for az aks create | az aks nodepool add | az aks nodepool update #27900

yanzhudd merged 7 commits into from
Nov 27, 2023

Conversation

@clnv
Copy link
Contributor

@clnv clnv commented Nov 22, 2023
edited
Loading

Related command

az aks create \
  --name ${CLUSTER_NAME} \
  --nodepool-asg-ids "${ASG_0_ID} ${ASG_1_ID}" \
  --nodepool-allowed-host-ports "80/tcp 53/udp 4000-5000/tcp"

az aks nodepool add \
  --name ${AGENTPOOL_NAME} \
  --asg-ids "${ASG_0_ID} ${ASG_1_ID}" \
  --allowed-host-ports "80/tcp 53/udp 4000-5000/tcp"

az aks nodepool update \
  --name ${AGENTPOOL_NAME} \
  --asg-ids "${ASG_0_ID} ${ASG_1_ID}" \
  --allowed-host-ports "80/tcp 53/udp 4000-5000/tcp"

Description

Preview PR: Azure/azure-cli-extensions#5467

Testing Guide

Create cluster with managed ASG:

az aks create \
  --name ${CLUSTER_NAME} \
  --nodepool-allowed-host-ports 80/tcp,53/udp,4000-5000/tcp

Create cluster with custom ASGs:

az aks create \
  --name ${CLUSTER_NAME} \
  --nodepool-asg-ids ${ASG_0_ID},${ASG_1_ID} \
  --nodepool-allowed-host-ports 80/tcp,53/udp,4000-5000/tcp

Add nodepool with custom ASGs:

az aks nodepool add \
  --name ${AGENTPOOL_NAME} \
  --asg-ids ${ASG_0_ID},${ASG_1_ID} \
  --allowed-host-ports 80/tcp,53/udp,4000-5000/tcp

Add nodepool with managed ASGs:

az aks nodepool add \
  --name ${AGENTPOOL_NAME} \
  --allowed-host-ports 80/tcp,53/udp,4000-5000/tcp

Update nodepool ASG and allowed host ports:

az aks nodepool update \
  --name ${AGENTPOOL_NAME} \
  --asg-ids ${ASG_0_ID},${ASG_1_ID} \
  --allowed-host-ports 80/tcp,53/udp,4000-5000/tcp

History Notes

  • [AKS] az aks nodepool add: Add NSG Control arguments --asg-ids and --allowed-host-ports
  • [AKS] az aks nodepool update: Add NSG Control arguments --asg-ids and --allowed-host-ports
  • [AKS] az aks create: Add NSG Control arguments --nodepool-asg-ids and --nodepool-allowed-host-ports

This checklist is used to make sure that common guidelines for a pull request are followed.

@azure-client-tools-bot-prd
Copy link

azure-client-tools-bot-prd bot commented Nov 22, 2023
edited
Loading

️✔️AzureCLI-FullTest
️✔️acr
️✔️2020-09-01-hybrid
️✔️3.11
️✔️3.9
️✔️latest
️✔️3.11
️✔️3.9
️✔️acs
️✔️2020-09-01-hybrid
️✔️3.11
️✔️3.9
️✔️latest
️✔️3.11
️✔️3.9
️✔️advisor
️✔️latest
️✔️3.11
️✔️3.9
️✔️ams
️✔️latest
️✔️3.11
️✔️3.9
️✔️apim
️✔️latest
️✔️3.11
️✔️3.9
️✔️appconfig
️✔️latest
️✔️3.11
️✔️3.9
️✔️appservice
️✔️latest
️✔️3.11
️✔️3.9
️✔️aro
️✔️latest
️✔️3.11
️✔️3.9
️✔️backup
️✔️latest
️✔️3.11
️✔️3.9
️✔️batch
️✔️latest
️✔️3.11
️✔️3.9
️✔️batchai
️✔️latest
️✔️3.11
️✔️3.9
️✔️billing
️✔️latest
️✔️3.11
️✔️3.9
️✔️botservice
️✔️latest
️✔️3.11
️✔️3.9
️✔️cdn
️✔️latest
️✔️3.11
️✔️3.9
️✔️cloud
️✔️latest
️✔️3.11
️✔️3.9
️✔️cognitiveservices
️✔️latest
️✔️3.11
️✔️3.9
️✔️config
️✔️latest
️✔️3.11
️✔️3.9
️✔️configure
️✔️latest
️✔️3.11
️✔️3.9
️✔️consumption
️✔️latest
️✔️3.11
️✔️3.9
️✔️container
️✔️latest
️✔️3.11
️✔️3.9
️✔️containerapp
️✔️latest
️✔️3.11
️✔️3.9
️✔️core
️✔️2018-03-01-hybrid
️✔️3.11
️✔️3.9
️✔️2019-03-01-hybrid
️✔️3.11
️✔️3.9
️✔️2020-09-01-hybrid
️✔️3.11
️✔️3.9
️✔️latest
️✔️3.11
️✔️3.9
️✔️cosmosdb
️✔️latest
️✔️3.11
️✔️3.9
️✔️databoxedge
️✔️2019-03-01-hybrid
️✔️3.11
️✔️3.9
️✔️2020-09-01-hybrid
️✔️3.11
️✔️3.9
️✔️latest
️✔️3.11
️✔️3.9
️✔️dla
️✔️latest
️✔️3.11
️✔️3.9
️✔️dls
️✔️latest
️✔️3.11
️✔️3.9
️✔️dms
️✔️latest
️✔️3.11
️✔️3.9
️✔️eventgrid
️✔️latest
️✔️3.11
️✔️3.9
️✔️eventhubs
️✔️latest
️✔️3.11
️✔️3.9
️✔️feedback
️✔️latest
️✔️3.11
️✔️3.9
️✔️find
️✔️latest
️✔️3.11
️✔️3.9
️✔️hdinsight
️✔️latest
️✔️3.11
️✔️3.9
️✔️identity
️✔️latest
️✔️3.11
️✔️3.9
️✔️iot
️✔️2019-03-01-hybrid
️✔️3.11
️✔️3.9
️✔️2020-09-01-hybrid
️✔️3.11
️✔️3.9
️✔️latest
️✔️3.11
️✔️3.9
️✔️keyvault
️✔️2018-03-01-hybrid
️✔️3.11
️✔️3.9
️✔️2020-09-01-hybrid
️✔️3.11
️✔️3.9
️✔️latest
️✔️3.11
️✔️3.9
️✔️kusto
️✔️latest
️✔️3.11
️✔️3.9
️✔️lab
️✔️latest
️✔️3.11
️✔️3.9
️✔️managedservices
️✔️latest
️✔️3.11
️✔️3.9
️✔️maps
️✔️latest
️✔️3.11
️✔️3.9
️✔️marketplaceordering
️✔️latest
️✔️3.11
️✔️3.9
️✔️monitor
️✔️latest
️✔️3.11
️✔️3.9
️✔️mysql
️✔️latest
️✔️3.11
️✔️3.9
️✔️netappfiles
️✔️latest
️✔️3.11
️✔️3.9
️✔️network
️✔️2018-03-01-hybrid
️✔️3.11
️✔️3.9
️✔️latest
️✔️3.11
️✔️3.9
️✔️policyinsights
️✔️latest
️✔️3.11
️✔️3.9
️✔️privatedns
️✔️latest
️✔️3.11
️✔️3.9
️✔️profile
️✔️latest
️✔️3.11
️✔️3.9
️✔️rdbms
️✔️latest
️✔️3.11
️✔️3.9
️✔️redis
️✔️latest
️✔️3.11
️✔️3.9
️✔️relay
️✔️latest
️✔️3.11
️✔️3.9
️✔️resource
️✔️2018-03-01-hybrid
️✔️3.11
️✔️3.9
️✔️2019-03-01-hybrid
️✔️3.11
️✔️3.9
️✔️latest
️✔️3.11
️✔️3.9
️✔️role
️✔️latest
️✔️3.11
️✔️3.9
️✔️search
️✔️latest
️✔️3.11
️✔️3.9
️✔️security
️✔️latest
️✔️3.11
️✔️3.9
️✔️servicebus
️✔️latest
️✔️3.11
️✔️3.9
️✔️serviceconnector
️✔️latest
️✔️3.11
️✔️3.9
️✔️servicefabric
️✔️latest
️✔️3.11
️✔️3.9
️✔️signalr
️✔️latest
️✔️3.11
️✔️3.9
️✔️sql
️✔️latest
️✔️3.11
️✔️3.9
️✔️sqlvm
️✔️latest
️✔️3.11
️✔️3.9
️✔️storage
️✔️2018-03-01-hybrid
️✔️3.11
️✔️3.9
️✔️2019-03-01-hybrid
️✔️3.11
️✔️3.9
️✔️2020-09-01-hybrid
️✔️3.11
️✔️3.9
️✔️latest
️✔️3.11
️✔️3.9
️✔️synapse
️✔️latest
️✔️3.11
️✔️3.9
️✔️telemetry
️✔️2018-03-01-hybrid
️✔️3.11
️✔️3.9
️✔️2019-03-01-hybrid
️✔️3.11
️✔️3.9
️✔️2020-09-01-hybrid
️✔️3.11
️✔️3.9
️✔️latest
️✔️3.11
️✔️3.9
️✔️util
️✔️latest
️✔️3.11
️✔️3.9
️✔️vm
️✔️2018-03-01-hybrid
️✔️3.11
️✔️3.9
️✔️2019-03-01-hybrid
️✔️3.11
️✔️3.9
️✔️2020-09-01-hybrid
️✔️3.11
️✔️3.9
️✔️latest
️✔️3.11
️✔️3.9

@azure-client-tools-bot-prd
Copy link

azure-client-tools-bot-prd bot commented Nov 22, 2023

Hi @lodrem,
Since the current milestone time is less than 7 days, this pr will be reviewed in the next milestone.

@azure-client-tools-bot-prd
Copy link

azure-client-tools-bot-prd bot commented Nov 22, 2023
edited
Loading

❌AzureCLI-BreakingChangeTest
❌acs
rule cmd_name rule_message suggest_message
1010 - ParaPropUpdate aks nodepool add cmd aks nodepool add update parameter spot_max_price: updated property default from nan to nan please change property default from nan to nan for parameter spot_max_price of cmd aks nodepool add
⚠️ 1006 - ParaAdd aks create cmd aks create added parameter nodepool_allowed_host_ports
⚠️ 1006 - ParaAdd aks create cmd aks create added parameter nodepool_asg_ids
⚠️ 1006 - ParaAdd aks nodepool add cmd aks nodepool add added parameter allowed_host_ports
⚠️ 1006 - ParaAdd aks nodepool add cmd aks nodepool add added parameter asg_ids
⚠️ 1006 - ParaAdd aks nodepool update cmd aks nodepool update added parameter allowed_host_ports
⚠️ 1006 - ParaAdd aks nodepool update cmd aks nodepool update added parameter asg_ids

@yonzhan
Copy link
Collaborator

yonzhan commented Nov 22, 2023

AKS

@microsoft-github-policy-service microsoft-github-policy-service bot added Auto-Assign Auto assign by bot AKS az aks/acs/openshift labels Nov 22, 2023
FumingZhang
FumingZhang reviewed Nov 22, 2023
View reviewed changes
src/azure-cli/azure/cli/command_modules/acs/agentpool_decorator.py
Comment on lines +1842 to +1847
if asg_ids or allowed_host_ports:
agentpool.network_profile = self.models.AgentPoolNetworkProfile()
if asg_ids is not None:
agentpool.network_profile.application_security_groups = asg_ids
if allowed_host_ports is not None:
agentpool.network_profile.allowed_host_ports = allowed_host_ports
Copy link
Member

@FumingZhang FumingZhang Nov 22, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Does this profile support partial update? For example, for an existing nodepool network profile, both application_security_groups and allowed_host_ports have been configured. Now the user only specifies application_security_groups when updating. Then the request body will be application_security_groups=new value, allowed_host_ports=null. Is this a valid scenario and the behavior expected?

Copy link
Contributor Author

@clnv clnv Nov 22, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Does this profile support partial update?

No. If this feature is turned on, you’ve got to set both values when updating the network profile. You can change ASGs from your own to a managed one if you don’t specify ‘–asg-ids’, and also the other way round.

FumingZhang
FumingZhang reviewed Nov 22, 2023
View reviewed changes
Copy link
Member

@FumingZhang FumingZhang left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Queued live test to validate the change, test passed!

FumingZhang
FumingZhang approved these changes Nov 23, 2023
View reviewed changes
Copy link
Member

@FumingZhang FumingZhang left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@zhoxing-ms
Copy link
Contributor

zhoxing-ms commented Nov 23, 2023

Please refer to this guideline Submitting Pull Requests to update the PR description

@clnv
Copy link
Contributor Author

clnv commented Nov 23, 2023

Please refer to this guideline Submitting Pull Requests to update the PR description

Updated. PTAL thanks

yanzhudd
yanzhudd reviewed Nov 23, 2023
View reviewed changes
src/azure-cli/azure/cli/command_modules/acs/_help.py Outdated
Comment on lines 515 to 517
- name: --nodepool-allowed-host-ports
type: string
short-summary: Expose host ports on the node pool. When specified, format should be a comma-separated list of ranges with protocol, eg. 80/TCP,443/TCP,4000-5000/TCP.
Copy link
Contributor

@yanzhudd yanzhudd Nov 23, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If the input is a list, it is a better way to define the parameter with nargs='+' and it is not necessary to manually separate the string. After defining with that, the input should be a space-separated list.

Copy link
Contributor Author

@clnv clnv Nov 23, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

updated. TIL thanks

nilo19
nilo19 reviewed Nov 24, 2023
View reviewed changes
src/azure-cli/azure/cli/command_modules/acs/agentpool_decorator.py
asg_ids = self.context.get_asg_ids()
allowed_host_ports = self.context.get_allowed_host_ports()
if asg_ids or allowed_host_ports:
agentpool.network_profile = self.models.AgentPoolNetworkProfile()
Copy link
Member

@nilo19 nilo19 Nov 24, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This could overwrite existing fields in network_profile by creating a new one. I will fix it in a following PR.

@nilo19 nilo19 mentioned this pull request Nov 27, 2023
Merged
3 tasks
@yanzhudd
Copy link
Contributor

yanzhudd commented Nov 27, 2023

It is suggested to specify the related command in the header of the history notes, e.g.,
[AKS] az aks nodepool add: Add NSG Control arguments --asg-ids and --allowed-host-ports

The other two history notes are the same like this.

@clnv
Copy link
Contributor Author

clnv commented Nov 27, 2023

@yanzhudd updated.

@yanzhudd yanzhudd merged commit a13efde into Azure:dev Nov 27, 2023
@clnv clnv deleted the nsg-control branch November 27, 2023 05:55
FumingZhang
FumingZhang reviewed Nov 30, 2023
View reviewed changes
src/azure-cli/azure/cli/command_modules/acs/tests/latest/test_aks_commands.py
Comment on lines +9328 to +9329
'--nodepool-asg-ids={asg1_id} '
'--nodepool-asg-ids={asg2_id} '
Copy link
Member

@FumingZhang FumingZhang Nov 30, 2023
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is not a correct usage, arg parse would only take the latter option/value pair

FumingZhang
FumingZhang reviewed Nov 30, 2023
View reviewed changes
src/azure-cli/azure/cli/command_modules/acs/_help.py
- name: --nodepool-allowed-host-ports
type: string
short-summary: Expose host ports on the node pool. When specified, format should be a comma-separated list of ranges with protocol, eg. 80/TCP,443/TCP,4000-5000/TCP.
short-summary: Expose host ports on the node pool. When specified, format should be a space-separated list of ranges with protocol, eg. 80/TCP,443/TCP,4000-5000/TCP.
Copy link
Member

@FumingZhang FumingZhang Nov 30, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If this should be a space-separated list, the example should be 80/TCP 443/TCP 4000-5000/TCP instead of 80/TCP,443/TCP,4000-5000/TCP.

Copy link
Member

@FumingZhang FumingZhang Nov 30, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

And this is a behavior change compared to aks-preview, is this accepted by PM?

@clnv clnv mentioned this pull request Nov 30, 2023
Merged
3 tasks
albertofori pushed a commit to albertofori/azure-cli that referenced this pull request Dec 14, 2023
@clnv @albertofori
[AKS] Add arguments --asg-ids and --allowed-host-ports for `az ak…
729018e 
…s create` | `az aks nodepool add` | `az aks nodepool update` (Azure#27900)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@zhoxing-ms zhoxing-ms zhoxing-ms left review comments

@FumingZhang FumingZhang FumingZhang approved these changes

@yanzhudd yanzhudd yanzhudd approved these changes

@andyliuliming andyliuliming Awaiting requested review from andyliuliming

@jsntcy jsntcy Awaiting requested review from jsntcy jsntcy is a code owner

@yonzhan yonzhan Awaiting requested review from yonzhan

+1 more reviewer

@nilo19 nilo19 nilo19 left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

@zhoxing-ms zhoxing-ms

@yanzhudd yanzhudd

Labels

AKS az aks/acs/openshift Auto-Assign Auto assign by bot

Projects

None yet

Milestone

December 2023 (2024-01-09)

Development

Successfully merging this pull request may close these issues.

6 participants

@clnv @yonzhan @zhoxing-ms @yanzhudd @nilo19 @FumingZhang