Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[AKS] az aks create/update: Add --network-policy none option to command #29420

Merged
merged 5 commits into from
Jul 29, 2024
Merged

[AKS] az aks create/update: Add --network-policy none option to command #29420

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
c9df82f
feat: add --network-policy=none to "az aks update" command
robogatikov Jul 17, 2024
0eff60d
fix: remove preserve_default_location
robogatikov Jul 22, 2024
28ef6bf
Trigger Build
robogatikov Jul 22, 2024
08b4daf
test: regen recording files
robogatikov Jul 26, 2024
796f829
Trigger Build
robogatikov Jul 29, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
21 changes: 14 additions & 7 deletions src/azure-cli/azure/cli/command_modules/acs/_help.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -256,11 +256,14 @@
--network-plugin=azure will use an overlay network (non-VNET IPs) for pods in the cluster.
- name: --network-policy
type: string
short-summary: The Kubernetes network policy to use.
short-summary: Network Policy Engine to use.
long-summary: |
Using together with "azure" network plugin.
Specify "azure" for Azure network policy manager, "calico" for calico network policy controller, "cilium" for Azure CNI powered by Cilium.
Defaults to "" (network policy disabled).
Azure provides three Network Policy Engines for enforcing network policies that can be used together with "azure" network plugin. The following values can be specified:
- "azure" for Azure Network Policy Manager,
- "cilium" for Azure CNI Powered by Cilium,
- "calico" for open-source network and network security solution founded by Tigera,
- "none" when no Network Policy Engine is installed (default value).
Defaults to "none" (network policy disabled).
- name: --network-dataplane
type: string
short-summary: The network dataplane to use.
Expand Down Expand Up @@ -665,10 +668,14 @@
short-summary: Update the mode of a network plugin to migrate to a different pod networking setup.
- name: --network-policy
type: string
short-summary: Update the mode of a network policy.
short-summary: Update Network Policy Engine.
long-summary: |
Specify "azure" for Azure network policy manager, "cilium" for Azure CNI powered by Cilium.
Defaults to "" (network policy disabled).
Azure provides three Network Policy Engines for enforcing network policies. The following values can be specified:
- "azure" for Azure Network Policy Manager,
- "cilium" for Azure CNI Powered by Cilium,
- "calico" for open-source network and network security solution founded by Tigera,
- "none" to uninstall Network Policy Engine (Azure Network Policy Manager or Calico).
Defaults to "none" (network policy disabled).
- name: --pod-cidr
type: string
short-summary: Update the pod CIDR for a cluster. Used when updating a cluster from Azure CNI to Azure CNI Overlay.
Expand Down
2 changes: 1 addition & 1 deletion src/azure-cli/azure/cli/command_modules/acs/_params.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -482,7 +482,7 @@ def load_arguments(self, _):
c.argument('nat_gateway_idle_timeout', type=int, validator=validate_nat_gateway_idle_timeout)
c.argument('network_dataplane', arg_type=get_enum_type(network_dataplanes))
c.argument('network_plugin', arg_type=get_enum_type(network_plugins))
c.argument('network_policy')
c.argument('network_policy', arg_type=get_enum_type(network_policies))
c.argument('outbound_type', arg_type=get_enum_type(outbound_types))
c.argument('auto_upgrade_channel', arg_type=get_enum_type(auto_upgrade_channels))
c.argument('cluster_autoscaler_profile', nargs='+', options_list=["--cluster-autoscaler-profile", "--ca-profile"],
Expand Down
2,165 changes: 2,165 additions & 0 deletions ...cli/azure/cli/command_modules/acs/tests/latest/recordings/test_aks_install_azure_npm.yaml
View file
Open in desktop

Large diffs are not rendered by default.

2,300 changes: 2,300 additions & 0 deletions ...li/azure/cli/command_modules/acs/tests/latest/recordings/test_aks_install_calico_npm.yaml
View file
Open in desktop

Large diffs are not rendered by default.

2,120 changes: 2,120 additions & 0 deletions ...i/azure/cli/command_modules/acs/tests/latest/recordings/test_aks_uninstall_azure_npm.yaml
View file
Open in desktop

Large diffs are not rendered by default.

2,435 changes: 2,435 additions & 0 deletions .../azure/cli/command_modules/acs/tests/latest/recordings/test_aks_uninstall_calico_npm.yaml
View file
Open in desktop

Large diffs are not rendered by default.

236 changes: 236 additions & 0 deletions src/azure-cli/azure/cli/command_modules/acs/tests/latest/test_aks_commands.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8496,6 +8496,242 @@ def test_aks_migrate_cluster_to_cilium_dataplane(self, resource_group, resource_
self.cmd(
'aks delete -g {resource_group} -n {name} --yes --no-wait', checks=[self.is_empty()])

@AllowLargeResponse()
@AKSCustomResourceGroupPreparer(
random_name_length=17,
name_prefix="clitest",
location="eastus",
)
def test_aks_uninstall_azure_npm(
self, resource_group, resource_group_location
):
_, create_version = self._get_versions(resource_group_location)
aks_name = self.create_random_name("cliakstest", 16)
self.kwargs.update(
{
"resource_group": resource_group,
"name": aks_name,
"location": resource_group_location,
"k8s_version": create_version,
"ssh_key_value": self.generate_ssh_keys(),
}
)

# create with Azure CNI overlay
create_cmd = (
"aks create --resource-group={resource_group} --name={name} --location={location} "
"--network-plugin azure --ssh-key-value={ssh_key_value} --kubernetes-version {k8s_version} "
"--network-plugin-mode=overlay "
"--network-policy=azure"
)

self.cmd(
create_cmd,
checks=[
self.check("provisioningState", "Succeeded"),
self.check("networkProfile.networkPlugin", "azure"),
self.check("networkProfile.networkPluginMode", "overlay"),
self.check("networkProfile.networkDataplane", "azure"),
self.check("networkProfile.networkPolicy", "azure"),
],
)

# update to uninstall Azure NPM
update_cmd = "aks update -g {resource_group} -n {name} --network-policy=none"

self.cmd(
update_cmd,
checks=[
self.check("provisioningState", "Succeeded"),
self.check("networkProfile.networkPlugin", "azure"),
self.check("networkProfile.networkPluginMode", "overlay"),
self.check("networkProfile.networkPolicy", "none"),
],
)

# delete
self.cmd(
"aks delete -g {resource_group} -n {name} --yes --no-wait",
checks=[self.is_empty()],
)

@AllowLargeResponse()
@AKSCustomResourceGroupPreparer(
random_name_length=17,
name_prefix="clitest",
location="eastus",
)
def test_aks_install_azure_npm(
self, resource_group, resource_group_location
):
_, create_version = self._get_versions(resource_group_location)
aks_name = self.create_random_name("cliakstest", 16)
self.kwargs.update(
{
"resource_group": resource_group,
"name": aks_name,
"location": resource_group_location,
"k8s_version": create_version,
"ssh_key_value": self.generate_ssh_keys(),
}
)

# create with Azure CNI overlay
create_cmd = (
"aks create --resource-group={resource_group} --name={name} --location={location} "
"--network-plugin azure --ssh-key-value={ssh_key_value} --kubernetes-version {k8s_version} "
"--network-plugin-mode=overlay "
"--network-policy=none"
)

self.cmd(
create_cmd,
checks=[
self.check("provisioningState", "Succeeded"),
self.check("networkProfile.networkPlugin", "azure"),
self.check("networkProfile.networkPluginMode", "overlay"),
self.check("networkProfile.networkDataplane", "azure"),
self.check("networkProfile.networkPolicy", "none"),
],
)

# update to install Azure NPM
update_cmd = "aks update -g {resource_group} -n {name} --network-policy=azure"

self.cmd(
update_cmd,
checks=[
self.check("provisioningState", "Succeeded"),
self.check("networkProfile.networkPlugin", "azure"),
self.check("networkProfile.networkPluginMode", "overlay"),
self.check("networkProfile.networkPolicy", "azure"),
],
)

# delete
self.cmd(
"aks delete -g {resource_group} -n {name} --yes --no-wait",
checks=[self.is_empty()],
)

@AllowLargeResponse()
@AKSCustomResourceGroupPreparer(
random_name_length=17,
name_prefix="clitest",
location="eastus",
)
def test_aks_uninstall_calico_npm(
self, resource_group, resource_group_location
):
_, create_version = self._get_versions(resource_group_location)
aks_name = self.create_random_name("cliakstest", 16)
self.kwargs.update(
{
"resource_group": resource_group,
"name": aks_name,
"location": resource_group_location,
"k8s_version": create_version,
"ssh_key_value": self.generate_ssh_keys(),
}
)

# create with Azure CNI overlay
create_cmd = (
"aks create --resource-group={resource_group} --name={name} --location={location} "
"--network-plugin azure --ssh-key-value={ssh_key_value} --kubernetes-version {k8s_version} "
"--network-plugin-mode=overlay "
"--network-policy=calico"
)

self.cmd(
create_cmd,
checks=[
self.check("provisioningState", "Succeeded"),
self.check("networkProfile.networkPlugin", "azure"),
self.check("networkProfile.networkPluginMode", "overlay"),
self.check("networkProfile.networkDataplane", "azure"),
self.check("networkProfile.networkPolicy", "calico"),
],
)

# update to uninstall Calico NPM
update_cmd = "aks update -g {resource_group} -n {name} --network-policy=none"

self.cmd(
update_cmd,
checks=[
self.check("provisioningState", "Succeeded"),
self.check("networkProfile.networkPlugin", "azure"),
self.check("networkProfile.networkPluginMode", "overlay"),
self.check("networkProfile.networkPolicy", "none"),
],
)

# delete
self.cmd(
"aks delete -g {resource_group} -n {name} --yes --no-wait",
checks=[self.is_empty()],
)

@AllowLargeResponse()
@AKSCustomResourceGroupPreparer(
random_name_length=17,
name_prefix="clitest",
location="eastus",
)
def test_aks_install_calico_npm(
self, resource_group, resource_group_location
):
_, create_version = self._get_versions(resource_group_location)
aks_name = self.create_random_name("cliakstest", 16)
self.kwargs.update(
{
"resource_group": resource_group,
"name": aks_name,
"location": resource_group_location,
"k8s_version": create_version,
"ssh_key_value": self.generate_ssh_keys(),
}
)

# create with Azure CNI overlay
create_cmd = (
"aks create --resource-group={resource_group} --name={name} --location={location} "
"--network-plugin azure --ssh-key-value={ssh_key_value} --kubernetes-version {k8s_version} "
"--network-plugin-mode=overlay "
"--network-policy=none"
)

self.cmd(
create_cmd,
checks=[
self.check("provisioningState", "Succeeded"),
self.check("networkProfile.networkPlugin", "azure"),
self.check("networkProfile.networkPluginMode", "overlay"),
self.check("networkProfile.networkDataplane", "azure"),
self.check("networkProfile.networkPolicy", "none"),
],
)

# update to install Calico NPM
update_cmd = "aks update -g {resource_group} -n {name} --network-policy=calico"

self.cmd(
update_cmd,
checks=[
self.check("provisioningState", "Succeeded"),
self.check("networkProfile.networkPlugin", "azure"),
self.check("networkProfile.networkPluginMode", "overlay"),
self.check("networkProfile.networkPolicy", "calico"),
],
)

# delete
self.cmd(
"aks delete -g {resource_group} -n {name} --yes --no-wait",
checks=[self.is_empty()],
)

@AllowLargeResponse()
@AKSCustomResourceGroupPreparer(random_name_length=17, name_prefix='clitest', location='westus2')
def test_aks_create_node_resource_group(self, resource_group, resource_group_location):
Expand Down
67 changes: 67 additions & 0 deletions src/azure-cli/azure/cli/command_modules/acs/tests/latest/test_managed_cluster_decorator.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10602,6 +10602,73 @@ def test_update_network_plugin_settings(self):

self.assertEqual(dec_mc_7, ground_truth_mc_7)

# (Uninstall NPM) test update network policy ("azure" => "none")
dec_8 = AKSManagedClusterUpdateDecorator(
self.cmd,
self.client,
{
"network_policy": "none",
},
ResourceType.MGMT_CONTAINERSERVICE,
)
mc_8 = self.models.ManagedCluster(
location="test_location",
network_profile=self.models.ContainerServiceNetworkProfile(
network_plugin="azure",
network_policy="azure",
),
)

dec_8.context.attach_mc(mc_8)
# fail on passing the wrong mc object
with self.assertRaises(CLIInternalError):
dec_8.update_network_plugin_settings(None)
dec_mc_8 = dec_8.update_network_plugin_settings(mc_8)

ground_truth_mc_8 = self.models.ManagedCluster(
location="test_location",
network_profile=self.models.ContainerServiceNetworkProfile(
network_plugin="azure",
network_policy="none",
),
)

self.assertEqual(dec_mc_8, ground_truth_mc_8)

# (Uninstall NPM) test update network policy ("calico" => "none")
dec_9 = AKSManagedClusterUpdateDecorator(
self.cmd,
self.client,
{
"network_policy": "none",
},
ResourceType.MGMT_CONTAINERSERVICE,
)
mc_9 = self.models.ManagedCluster(
location="test_location",
network_profile=self.models.ContainerServiceNetworkProfile(
network_plugin="azure",
network_policy="calico",
),
)

dec_9.context.attach_mc(mc_9)
# fail on passing the wrong mc object
with self.assertRaises(CLIInternalError):
dec_9.update_network_plugin_settings(None)
dec_mc_9 = dec_9.update_network_plugin_settings(mc_9)

ground_truth_mc_9 = self.models.ManagedCluster(
location="test_location",
network_profile=self.models.ContainerServiceNetworkProfile(
network_plugin="azure",
network_policy="none",
),
)

self.assertEqual(dec_mc_9, ground_truth_mc_9)


def _mock_get_keyvault_client(cli_ctx, subscription_id=None):
free_mock_client = mock.MagicMock()
return free_mock_client
Expand Down