From d8681f566006e2f1b2d52e03995346de9b2cfdfe Mon Sep 17 00:00:00 2001 From: Li Ma Date: Thu, 5 May 2022 14:48:12 +0800 Subject: [PATCH] aks-preview: feature support for apiserver vnet integration --- src/aks-preview/HISTORY.rst | 6 +- src/aks-preview/azext_aks_preview/_help.py | 12 + src/aks-preview/azext_aks_preview/_params.py | 5 + .../azext_aks_preview/_validators.py | 4 + src/aks-preview/azext_aks_preview/custom.py | 6 +- .../azext_aks_preview/decorator.py | 142 +++ ...reate_with_apiserver_vnet_integration.yaml | 930 ++++++++++++++++++ .../tests/latest/test_aks_commands.py | 30 + .../tests/latest/test_decorator.py | 243 +++++ src/aks-preview/linter_exclusions.yml | 6 + src/aks-preview/setup.py | 2 +- 11 files changed, 1382 insertions(+), 4 deletions(-) create mode 100644 src/aks-preview/azext_aks_preview/tests/latest/recordings/test_aks_create_with_apiserver_vnet_integration.yaml diff --git a/src/aks-preview/HISTORY.rst b/src/aks-preview/HISTORY.rst index f7ff2814607..95716f5f936 100644 --- a/src/aks-preview/HISTORY.rst +++ b/src/aks-preview/HISTORY.rst @@ -11,11 +11,13 @@ To release a new version, please select a new version number (usually plus 1 to Pending +++++++ -* Update to use 2022-04-02-preview api version. -0.5.67 (NOT RELEASED) + +0.5.67 +++++++++++++++++++++ * Add support for csi drivers extensibility. +* Update to use 2022-04-02-preview api version. +* Add support for apiserver vnet integration. 0.5.66 ++++++ diff --git a/src/aks-preview/azext_aks_preview/_help.py b/src/aks-preview/azext_aks_preview/_help.py index 0b840af2919..8aaad7a8792 100644 --- a/src/aks-preview/azext_aks_preview/_help.py +++ b/src/aks-preview/azext_aks_preview/_help.py @@ -280,6 +280,12 @@ - name: --attach-acr type: string short-summary: Grant the 'acrpull' role assignment to the ACR specified by name or resource ID. + - name: --enable-apiserver-vnet-integration + type: bool + short-summary: Enable integration of user vnet with control plane apiserver pods. + - name: --apiserver-subnet-id + type: string + short-summary: The ID of a subnet in an existing VNet into which to assign control plane apiserver pods(requires --enable-apiserver-vnet-integration) - name: --enable-private-cluster type: string short-summary: Enable private cluster. @@ -737,6 +743,12 @@ - name: --azure-keyvault-kms-key-id type: string short-summary: Identifier of Azure Key Vault key. + - name: --enable-apiserver-vnet-integration + type: bool + short-summary: Enable integration of user vnet with control plane apiserver pods. + - name: --apiserver-subnet-id + type: string + short-summary: The ID of a subnet in an existing VNet into which to assign control plane apiserver pods(requires --enable-apiserver-vnet-integration) examples: - name: Reconcile the cluster back to its current state. text: az aks update -g MyResourceGroup -n MyManagedCluster diff --git a/src/aks-preview/azext_aks_preview/_params.py b/src/aks-preview/azext_aks_preview/_params.py index 1347777d134..fd02a253b10 100644 --- a/src/aks-preview/azext_aks_preview/_params.py +++ b/src/aks-preview/azext_aks_preview/_params.py @@ -68,6 +68,7 @@ validate_acr, validate_addon, validate_addons, + validate_apiserver_subnet_id, validate_assign_identity, validate_assign_kubelet_identity, validate_azure_keyvault_kms_key_id, @@ -200,6 +201,8 @@ def load_arguments(self, _): c.argument('uptime_sla', action='store_true') c.argument('fqdn_subdomain') c.argument('api_server_authorized_ip_ranges', validator=validate_ip_ranges) + c.argument('enable_apiserver_vnet_integration', action='store_true', is_preview=True) + c.argument('apiserver_subnet_id', validator=validate_apiserver_subnet_id, is_preview=True) c.argument('enable_private_cluster', action='store_true') c.argument('private_dns_zone') c.argument('disable_public_fqdn', action='store_true') @@ -365,6 +368,8 @@ def load_arguments(self, _): c.argument('enable_oidc_issuer', action='store_true', is_preview=True) c.argument('enable_azure_keyvault_kms', action='store_true', is_preview=True) c.argument('azure_keyvault_kms_key_id', validator=validate_azure_keyvault_kms_key_id, is_preview=True) + c.argument('enable_apiserver_vnet_integration', action='store_true', is_preview=True) + c.argument('apiserver_subnet_id', validator=validate_apiserver_subnet_id, is_preview=True) with self.argument_context('aks scale') as c: c.argument('nodepool_name', diff --git a/src/aks-preview/azext_aks_preview/_validators.py b/src/aks-preview/azext_aks_preview/_validators.py index e0ff5bd00b0..4c72cdec92c 100644 --- a/src/aks-preview/azext_aks_preview/_validators.py +++ b/src/aks-preview/azext_aks_preview/_validators.py @@ -265,6 +265,10 @@ def validate_pod_subnet_id(namespace): _validate_subnet_id(namespace.pod_subnet_id, "--pod-subnet-id") +def validate_apiserver_subnet_id(namespace): + _validate_subnet_id(namespace.apiserver_subnet_id, "--apiserver-subnet-id") + + def _validate_subnet_id(subnet_id, name): if subnet_id is None or subnet_id == '': return diff --git a/src/aks-preview/azext_aks_preview/custom.py b/src/aks-preview/azext_aks_preview/custom.py index a7e4891e104..4e6d7c21d81 100644 --- a/src/aks-preview/azext_aks_preview/custom.py +++ b/src/aks-preview/azext_aks_preview/custom.py @@ -749,6 +749,8 @@ def aks_create(cmd, node_resource_group=None, uptime_sla=False, attach_acr=None, + enable_apiserver_vnet_integration=False, + apiserver_subnet_id=None, enable_private_cluster=False, private_dns_zone=None, enable_managed_identity=True, @@ -890,7 +892,9 @@ def aks_update(cmd, # pylint: disable=too-many-statements,too-many-branches, enable_oidc_issuer=False, http_proxy_config=None, enable_azure_keyvault_kms=False, - azure_keyvault_kms_key_id=None): + azure_keyvault_kms_key_id=None, + enable_apiserver_vnet_integration=False, + apiserver_subnet_id=None): # DO NOT MOVE: get all the original parameters and save them as a dictionary raw_parameters = locals() diff --git a/src/aks-preview/azext_aks_preview/decorator.py b/src/aks-preview/azext_aks_preview/decorator.py index 2f40be9ace4..072fd1d1603 100644 --- a/src/aks-preview/azext_aks_preview/decorator.py +++ b/src/aks-preview/azext_aks_preview/decorator.py @@ -91,6 +91,7 @@ ManagedClusterStorageProfileDiskCSIDriver = TypeVar('ManagedClusterStorageProfileDiskCSIDriver') ManagedClusterStorageProfileFileCSIDriver = TypeVar('ManagedClusterStorageProfileFileCSIDriver') ManagedClusterStorageProfileSnapshotController = TypeVar('ManagedClusterStorageProfileSnapshotController') +ManagedClusterAPIServerAccessProfile = TypeVar('ManagedClusterAPIServerAccessProfile') Snapshot = TypeVar("Snapshot") ManagedClusterSnapshot = TypeVar("ManagedClusterSnapshot") AzureKeyVaultKms = TypeVar('AzureKeyVaultKms') @@ -166,6 +167,11 @@ def __init__(self, cmd: AzCommandsLoader, resource_type: ResourceType): resource_type=self.resource_type, operation_group="managed_clusters", ) + self.ManagedClusterAPIServerAccessProfile = self.__cmd.get_models( + "ManagedClusterAPIServerAccessProfile", + resource_type=self.resource_type, + operation_group="managed_clusters", + ) # holder for nat gateway related models self.__nat_gateway_models = None # holder for pod identity related models @@ -1964,6 +1970,110 @@ def get_cluster_uaidentity_object_id(self) -> str: cluster_identity_resource_id = assigned_identity return self.get_identity_by_msi_client(cluster_identity_resource_id).principal_id + def _get_enable_apiserver_vnet_integration(self, enable_validation: bool = False) -> bool: + """Internal function to obtain the value of enable_apiserver_vnet_integration. + + This function supports the option of enable_validation. When enable_apiserver_vnet_integration is specified, + For CREATE: if enable-private-cluster is not used, raise an RequiredArgumentMissingError; + For UPDATE: if apiserver-subnet-id is not used, raise an RequiredArgumentMissingError; + + :return: bool + """ + # read the original value passed by the command + enable_apiserver_vnet_integration = self.raw_param.get("enable_apiserver_vnet_integration") + # In create mode, try to read the property value corresponding to the parameter from the `mc` object. + if self.decorator_mode == DecoratorMode.CREATE: + if ( + self.mc and + self.mc.api_server_access_profile and + self.mc.api_server_access_profile.enable_vnet_integration is not None + ): + enable_apiserver_vnet_integration = self.mc.api_server_access_profile.enable_vnet_integration + + # this parameter does not need dynamic completion + # validation + if enable_validation: + if self.decorator_mode == DecoratorMode.CREATE: + if enable_apiserver_vnet_integration: + # remove this validation after we support public cluster + if not self._get_enable_private_cluster(enable_validation=False): + raise RequiredArgumentMissingError( + "--apiserver-vnet-integration is only supported for private cluster right now. " + "Please use it together with --enable-private-cluster" + ) + if self.decorator_mode == DecoratorMode.UPDATE: + if enable_apiserver_vnet_integration: + if self._get_apiserver_subnet_id(enable_validation=False) is None: + raise RequiredArgumentMissingError( + "--apiserver-subnet-id is required for update with --apiserver-vnet-integration." + ) + + return enable_apiserver_vnet_integration + + def get_enable_apiserver_vnet_integration(self) -> bool: + """Obtain the value of enable_apiserver_vnet_integration. + + This function will verify the parameter by default. When enable_apiserver_vnet_integration is specified, + For CREATE: if enable-private-cluster is not used, raise an RequiredArgumentMissingError; + For UPDATE: if apiserver-subnet-id is not used, raise an RequiredArgumentMissingError + + :return: bool + """ + return self._get_enable_apiserver_vnet_integration(enable_validation=True) + + def _get_apiserver_subnet_id(self, enable_validation: bool = False) -> Union[str, None]: + """Internal function to obtain the value of apiserver_subnet_id. + + This function supports the option of enable_validation. When apiserver_subnet_id is specified, + if enable_apiserver_vnet_integration is not used, raise an RequiredArgumentMissingError; + For CREATE: if vnet_subnet_id is not used, raise an RequiredArgumentMissingError; + + :return: bool + """ + # read the original value passed by the command + apiserver_subnet_id = self.raw_param.get("apiserver_subnet_id") + # try to read the property value corresponding to the parameter from the `mc` object + if self.decorator_mode == DecoratorMode.CREATE: + if ( + self.mc and + self.mc.api_server_access_profile and + self.mc.api_server_access_profile.subnet_id is not None + ): + apiserver_subnet_id = self.mc.api_server_access_profile.subnet_id + + # this parameter does not need dynamic completion + # validation + if enable_validation: + if self.decorator_mode == DecoratorMode.CREATE: + vnet_subnet_id = self.get_vnet_subnet_id() + if apiserver_subnet_id and vnet_subnet_id is None: + raise RequiredArgumentMissingError( + '"--apiserver-subnet-id" requires "--vnet-subnet-id".') + + enable_apiserver_vnet_integration = self._get_enable_apiserver_vnet_integration( + enable_validation=False) + if ( + apiserver_subnet_id and + ( + enable_apiserver_vnet_integration is None or + enable_apiserver_vnet_integration is False + ) + ): + raise RequiredArgumentMissingError( + '"--apiserver-subnet-id" requires "--enable-apiserver-vnet-integration".') + + return apiserver_subnet_id + + def get_apiserver_subnet_id(self) -> Union[str, None]: + """Obtain the value of apiserver_subnet_id. + + This function will verify the parameter by default. When apiserver_subnet_id is specified, + if enable_apiserver_vnet_integration is not specified, raise an RequiredArgumentMissingError; + + :return: bool + """ + return self._get_apiserver_subnet_id(enable_validation=True) + class AKSPreviewCreateDecorator(AKSCreateDecorator): # pylint: disable=super-init-not-called @@ -2346,6 +2456,20 @@ def set_up_azure_keyvault_kms(self, mc: ManagedCluster) -> ManagedCluster: return mc + def set_up_apiserver_vnet_integration(self, mc: ManagedCluster) -> ManagedCluster: + """Set up apiserverAccessProfile enableVnetIntegration and subnetId for the ManagedCluster object. + + :return: the ManagedCluster object + """ + if self.context.get_enable_apiserver_vnet_integration(): + if mc.api_server_access_profile is None: + mc.api_server_access_profile = self.models.ManagedClusterAPIServerAccessProfile() + mc.api_server_access_profile.enable_vnet_integration = True + if self.context.get_apiserver_subnet_id(): + mc.api_server_access_profile.subnet_id = self.context.get_apiserver_subnet_id() + + return mc + def construct_mc_preview_profile(self) -> ManagedCluster: """The overall controller used to construct the preview ManagedCluster profile. @@ -2378,6 +2502,7 @@ def construct_mc_preview_profile(self) -> ManagedCluster: mc = self.set_up_storage_profile(mc) + mc = self.set_up_apiserver_vnet_integration(mc) return mc def create_mc_preview(self, mc: ManagedCluster) -> ManagedCluster: @@ -2752,6 +2877,22 @@ def update_identity_profile(self, mc: ManagedCluster) -> ManagedCluster: mc.identity_profile = identity_profile return mc + def update_apiserver_vnet_integration(self, mc: ManagedCluster) -> ManagedCluster: + """Update apiServerAccessProfile vnet integration related property for the ManagedCluster object. + + :return: the ManagedCluster object + """ + self._ensure_mc(mc) + + if self.context.get_enable_apiserver_vnet_integration(): + if mc.api_server_access_profile is None: + mc.api_server_access_profile = self.models.ManagedClusterAPIServerAccessProfile() + mc.api_server_access_profile.enable_vnet_integration = True + if self.context.get_apiserver_subnet_id(): + mc.api_server_access_profile.subnet_id = self.context.get_apiserver_subnet_id() + + return mc + def patch_mc(self, mc: ManagedCluster) -> ManagedCluster: """Helper function to patch the ManagedCluster object. @@ -2796,6 +2937,7 @@ def update_mc_preview_profile(self) -> ManagedCluster: mc = self.update_azure_keyvault_kms(mc) # update identity profile mc = self.update_identity_profile(mc) + mc = self.update_apiserver_vnet_integration(mc) mc = self.update_storage_profile(mc) diff --git a/src/aks-preview/azext_aks_preview/tests/latest/recordings/test_aks_create_with_apiserver_vnet_integration.yaml b/src/aks-preview/azext_aks_preview/tests/latest/recordings/test_aks_create_with_apiserver_vnet_integration.yaml new file mode 100644 index 00000000000..0c6001a3b1f --- /dev/null +++ b/src/aks-preview/azext_aks_preview/tests/latest/recordings/test_aks_create_with_apiserver_vnet_integration.yaml @@ -0,0 +1,930 @@ +interactions: +- request: + body: '{"location": "centraluseuap", "identity": {"type": "SystemAssigned"}, "properties": + {"kubernetesVersion": "", "dnsPrefix": "cliakstest-clitestbhl3jboyy-8ecadf", + "agentPoolProfiles": [{"count": 3, "vmSize": "Standard_DS2_v2", "workloadRuntime": + "OCIContainer", "osType": "Linux", "enableAutoScaling": false, "type": "VirtualMachineScaleSets", + "mode": "System", "enableNodePublicIP": false, "scaleSetPriority": "Regular", + "scaleSetEvictionPolicy": "Delete", "spotMaxPrice": -1.0, "enableEncryptionAtHost": + false, "enableUltraSSD": false, "enableFIPS": false, "name": "nodepool1"}], + "linuxProfile": {"adminUsername": "azureuser", "ssh": {"publicKeys": [{"keyData": + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCbIg1guRHbI0lV11wWDt1r2cUdcNd27CJsg+SfgC7miZeubtwUhbsPdhMQsfDyhOWHq1+ZL0M+nJZV63d/1dhmhtgyOqejUwrPlzKhydsbrsdUor+JmNJDdW01v7BXHyuymT8G4s09jCasNOwiufbP/qp72ruu0bIA1nySsvlf9pCQAuFkAnVnf/rFhUlOkhtRpwcq8SUNY2zRHR/EKb/4NWY1JzR4sa3q2fWIJdrrX0DvLoa5g9bIEd4Df79ba7v+yiUBOS0zT2ll+z4g9izHK3EO5d8hL4jYxcjKs+wcslSYRWrascfscLgMlMGh0CdKeNTDjHpGPncaf3Z+FwwwjWeuiNBxv7bJo13/8B/098KlVDl4GZqsoBCEjPyJfV6hO0y/LkRGkk7oHWKgeWAfKtfLItRp00eZ4fcJNK9kCaSMmEugoZWcI7NGbZXzqFWqbpRI7NcDP9+WIQ+i9U5vqWsqd/zng4kbuAJ6UuKqIzB0upYrLShfQE3SAck8oaLhJqqq56VfDuASNpJKidV+zq27HfSBmbXnkR/5AK337dc3MXKJypoK/QPMLKUAP5XLPbs+NddJQV7EZXd29DLgp+fRIg3edpKdO7ZErWhv7d+3Kws+e1Y+ypmR2WIVSwVyBEUfgv2C8Ts9gnTF4pNcEY/S2aBicz5Ew2+jdyGNQQ== + test@example.com\n"}]}}, "addonProfiles": {}, "enableRBAC": true, "enablePodSecurityPolicy": + false, "networkProfile": {"networkPlugin": "kubenet", "podCidr": "10.244.0.0/16", + "serviceCidr": "10.0.0.0/16", "dnsServiceIP": "10.0.0.10", "dockerBridgeCidr": + "172.17.0.1/16", "outboundType": "loadBalancer", "loadBalancerSku": "standard"}, + "apiServerAccessProfile": {"authorizedIPRanges": [], "enablePrivateCluster": + true, "enableVnetIntegration": true}, "disableLocalAccounts": false, "storageProfile": + {"diskCSIDriver": {"enabled": true}, "fileCSIDriver": {"enabled": true}, "snapshotController": + {"enabled": true}}}}' + headers: + AKSHTTPCustomFeatures: + - Microsoft.ContainerService/EnableAPIServerVnetIntegrationPreview + Accept: + - application/json + Accept-Encoding: + - gzip, deflate + CommandName: + - aks create + Connection: + - keep-alive + Content-Length: + - '2002' + Content-Type: + - application/json + ParameterSetName: + - --resource-group --name --enable-apiserver-vnet-integration --aks-custom-headers + --enable-private-cluster --location --ssh-key-value -o + User-Agent: + - AZURECLI/2.36.0 azsdk-python-azure-mgmt-containerservice/18.0.0b Python/3.8.9 + (macOS-10.16-x86_64-i386-64bit) + method: PUT + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/clitest000001/providers/Microsoft.ContainerService/managedClusters/cliakstest000002?api-version=2022-04-02-preview + response: + body: + string: "{\n \"id\": \"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/clitest000001/providers/Microsoft.ContainerService/managedClusters/cliakstest000002\"\ + ,\n \"location\": \"centraluseuap\",\n \"name\": \"cliakstest000002\",\n\ + \ \"type\": \"Microsoft.ContainerService/ManagedClusters\",\n \"properties\"\ + : {\n \"provisioningState\": \"Creating\",\n \"powerState\": {\n \"\ + code\": \"Running\"\n },\n \"kubernetesVersion\": \"1.22.6\",\n \"currentKubernetesVersion\"\ + : \"1.22.6\",\n \"dnsPrefix\": \"cliakstest-clitestbhl3jboyy-8ecadf\",\n\ + \ \"fqdn\": \"cliakstest-clitestbhl3jboyy-8ecadf-8d25cca6.hcp.centraluseuap.azmk8s.io\"\ + ,\n \"azurePortalFQDN\": \"9fbe765d3e0a6a28c80371ed3290a221-priv.portal.hcp.centraluseuap.azmk8s.io\"\ + ,\n \"privateFQDN\": \"cliakstest-clitestbhl3jboyy-8ecadf-358be4d3.f3691701-2365-4d64-b149-a2ef336b9ef9.private.centraluseuap.azmk8s.io\"\ + ,\n \"agentPoolProfiles\": [\n {\n \"name\": \"nodepool1\",\n \ + \ \"count\": 3,\n \"vmSize\": \"Standard_DS2_v2\",\n \"osDiskSizeGB\"\ + : 128,\n \"osDiskType\": \"Managed\",\n \"kubeletDiskType\": \"OS\"\ + ,\n \"workloadRuntime\": \"OCIContainer\",\n \"maxPods\": 110,\n \ + \ \"type\": \"VirtualMachineScaleSets\",\n \"enableAutoScaling\": false,\n\ + \ \"provisioningState\": \"Creating\",\n \"powerState\": {\n \ + \ \"code\": \"Running\"\n },\n \"orchestratorVersion\": \"1.22.6\"\ + ,\n \"enableNodePublicIP\": false,\n \"mode\": \"System\",\n \"\ + enableEncryptionAtHost\": false,\n \"enableUltraSSD\": false,\n \"\ + osType\": \"Linux\",\n \"osSKU\": \"Ubuntu\",\n \"nodeImageVersion\"\ + : \"AKSUbuntu-1804gen2containerd-2022.04.27\",\n \"enableFIPS\": false\n\ + \ }\n ],\n \"linuxProfile\": {\n \"adminUsername\": \"azureuser\"\ + ,\n \"ssh\": {\n \"publicKeys\": [\n {\n \"keyData\": \"\ + ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCbIg1guRHbI0lV11wWDt1r2cUdcNd27CJsg+SfgC7miZeubtwUhbsPdhMQsfDyhOWHq1+ZL0M+nJZV63d/1dhmhtgyOqejUwrPlzKhydsbrsdUor+JmNJDdW01v7BXHyuymT8G4s09jCasNOwiufbP/qp72ruu0bIA1nySsvlf9pCQAuFkAnVnf/rFhUlOkhtRpwcq8SUNY2zRHR/EKb/4NWY1JzR4sa3q2fWIJdrrX0DvLoa5g9bIEd4Df79ba7v+yiUBOS0zT2ll+z4g9izHK3EO5d8hL4jYxcjKs+wcslSYRWrascfscLgMlMGh0CdKeNTDjHpGPncaf3Z+FwwwjWeuiNBxv7bJo13/8B/098KlVDl4GZqsoBCEjPyJfV6hO0y/LkRGkk7oHWKgeWAfKtfLItRp00eZ4fcJNK9kCaSMmEugoZWcI7NGbZXzqFWqbpRI7NcDP9+WIQ+i9U5vqWsqd/zng4kbuAJ6UuKqIzB0upYrLShfQE3SAck8oaLhJqqq56VfDuASNpJKidV+zq27HfSBmbXnkR/5AK337dc3MXKJypoK/QPMLKUAP5XLPbs+NddJQV7EZXd29DLgp+fRIg3edpKdO7ZErWhv7d+3Kws+e1Y+ypmR2WIVSwVyBEUfgv2C8Ts9gnTF4pNcEY/S2aBicz5Ew2+jdyGNQQ==\ + \ test@example.com\\n\"\n }\n ]\n }\n },\n \"servicePrincipalProfile\"\ + : {\n \"clientId\":\"00000000-0000-0000-0000-000000000001\"\n },\n \ + \ \"nodeResourceGroup\": \"MC_clitest000001_cliakstest000002_centraluseuap\"\ + ,\n \"enableRBAC\": true,\n \"enablePodSecurityPolicy\": false,\n \"\ + networkProfile\": {\n \"networkPlugin\": \"kubenet\",\n \"loadBalancerSku\"\ + : \"standard\",\n \"loadBalancerProfile\": {\n \"managedOutboundIPs\"\ + : {\n \"count\": 1\n }\n },\n \"podCidr\": \"10.244.0.0/16\"\ + ,\n \"serviceCidr\": \"10.0.0.0/16\",\n \"dnsServiceIP\": \"10.0.0.10\"\ + ,\n \"dockerBridgeCidr\": \"172.17.0.1/16\",\n \"outboundType\": \"\ + loadBalancer\",\n \"podCidrs\": [\n \"10.244.0.0/16\"\n ],\n \ + \ \"serviceCidrs\": [\n \"10.0.0.0/16\"\n ],\n \"ipFamilies\": [\n\ + \ \"IPv4\"\n ]\n },\n \"maxAgentPools\": 100,\n \"apiServerAccessProfile\"\ + : {\n \"enablePrivateCluster\": true,\n \"privateDNSZone\": \"system\"\ + ,\n \"enablePrivateClusterPublicFQDN\": true,\n \"enableVnetIntegration\"\ + : true,\n \"subnetId\": \"\"\n },\n \"disableLocalAccounts\": false,\n\ + \ \"securityProfile\": {},\n \"storageProfile\": {\n \"diskCSIDriver\"\ + : {\n \"enabled\": true\n },\n \"fileCSIDriver\": {\n \"enabled\"\ + : true\n },\n \"snapshotController\": {\n \"enabled\": true\n \ + \ }\n },\n \"oidcIssuerProfile\": {\n \"enabled\": false\n }\n \ + \ },\n \"identity\": {\n \"type\": \"SystemAssigned\",\n \"principalId\"\ + :\"00000000-0000-0000-0000-000000000001\",\n \"tenantId\": \"72f988bf-86f1-41af-91ab-2d7cd011db47\"\ + \n },\n \"sku\": {\n \"name\": \"Basic\",\n \"tier\": \"Free\"\n }\n\ + \ }" + headers: + azure-asyncoperation: + - https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.ContainerService/locations/centraluseuap/operations/dcbf5792-b828-4d16-80c8-16755579d64a?api-version=2016-03-30 + cache-control: + - no-cache + content-length: + - '3918' + content-type: + - application/json + date: + - Mon, 09 May 2022 03:19:08 GMT + expires: + - '-1' + pragma: + - no-cache + server: + - nginx + strict-transport-security: + - max-age=31536000; includeSubDomains + x-content-type-options: + - nosniff + x-ms-ratelimit-remaining-subscription-writes: + - '1199' + status: + code: 201 + message: Created +- request: + body: null + headers: + AKSHTTPCustomFeatures: + - Microsoft.ContainerService/EnableAPIServerVnetIntegrationPreview + Accept: + - '*/*' + Accept-Encoding: + - gzip, deflate + CommandName: + - aks create + Connection: + - keep-alive + ParameterSetName: + - --resource-group --name --enable-apiserver-vnet-integration --aks-custom-headers + --enable-private-cluster --location --ssh-key-value -o + User-Agent: + - AZURECLI/2.36.0 azsdk-python-azure-mgmt-containerservice/18.0.0b Python/3.8.9 + (macOS-10.16-x86_64-i386-64bit) + method: GET + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.ContainerService/locations/centraluseuap/operations/dcbf5792-b828-4d16-80c8-16755579d64a?api-version=2016-03-30 + response: + body: + string: "{\n \"name\": \"9257bfdc-28b8-164d-80c8-16755579d64a\",\n \"status\"\ + : \"InProgress\",\n \"startTime\": \"2022-05-09T03:19:05.8533333Z\"\n }" + headers: + cache-control: + - no-cache + content-length: + - '126' + content-type: + - application/json + date: + - Mon, 09 May 2022 03:19:38 GMT + expires: + - '-1' + pragma: + - no-cache + server: + - nginx + strict-transport-security: + - max-age=31536000; includeSubDomains + transfer-encoding: + - chunked + vary: + - Accept-Encoding + x-content-type-options: + - nosniff + status: + code: 200 + message: OK +- request: + body: null + headers: + AKSHTTPCustomFeatures: + - Microsoft.ContainerService/EnableAPIServerVnetIntegrationPreview + Accept: + - '*/*' + Accept-Encoding: + - gzip, deflate + CommandName: + - aks create + Connection: + - keep-alive + ParameterSetName: + - --resource-group --name --enable-apiserver-vnet-integration --aks-custom-headers + --enable-private-cluster --location --ssh-key-value -o + User-Agent: + - AZURECLI/2.36.0 azsdk-python-azure-mgmt-containerservice/18.0.0b Python/3.8.9 + (macOS-10.16-x86_64-i386-64bit) + method: GET + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.ContainerService/locations/centraluseuap/operations/dcbf5792-b828-4d16-80c8-16755579d64a?api-version=2016-03-30 + response: + body: + string: "{\n \"name\": \"9257bfdc-28b8-164d-80c8-16755579d64a\",\n \"status\"\ + : \"InProgress\",\n \"startTime\": \"2022-05-09T03:19:05.8533333Z\"\n }" + headers: + cache-control: + - no-cache + content-length: + - '126' + content-type: + - application/json + date: + - Mon, 09 May 2022 03:20:08 GMT + expires: + - '-1' + pragma: + - no-cache + server: + - nginx + strict-transport-security: + - max-age=31536000; includeSubDomains + transfer-encoding: + - chunked + vary: + - Accept-Encoding + x-content-type-options: + - nosniff + status: + code: 200 + message: OK +- request: + body: null + headers: + AKSHTTPCustomFeatures: + - Microsoft.ContainerService/EnableAPIServerVnetIntegrationPreview + Accept: + - '*/*' + Accept-Encoding: + - gzip, deflate + CommandName: + - aks create + Connection: + - keep-alive + ParameterSetName: + - --resource-group --name --enable-apiserver-vnet-integration --aks-custom-headers + --enable-private-cluster --location --ssh-key-value -o + User-Agent: + - AZURECLI/2.36.0 azsdk-python-azure-mgmt-containerservice/18.0.0b Python/3.8.9 + (macOS-10.16-x86_64-i386-64bit) + method: GET + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.ContainerService/locations/centraluseuap/operations/dcbf5792-b828-4d16-80c8-16755579d64a?api-version=2016-03-30 + response: + body: + string: "{\n \"name\": \"9257bfdc-28b8-164d-80c8-16755579d64a\",\n \"status\"\ + : \"InProgress\",\n \"startTime\": \"2022-05-09T03:19:05.8533333Z\"\n }" + headers: + cache-control: + - no-cache + content-length: + - '126' + content-type: + - application/json + date: + - Mon, 09 May 2022 03:20:39 GMT + expires: + - '-1' + pragma: + - no-cache + server: + - nginx + strict-transport-security: + - max-age=31536000; includeSubDomains + transfer-encoding: + - chunked + vary: + - Accept-Encoding + x-content-type-options: + - nosniff + status: + code: 200 + message: OK +- request: + body: null + headers: + AKSHTTPCustomFeatures: + - Microsoft.ContainerService/EnableAPIServerVnetIntegrationPreview + Accept: + - '*/*' + Accept-Encoding: + - gzip, deflate + CommandName: + - aks create + Connection: + - keep-alive + ParameterSetName: + - --resource-group --name --enable-apiserver-vnet-integration --aks-custom-headers + --enable-private-cluster --location --ssh-key-value -o + User-Agent: + - AZURECLI/2.36.0 azsdk-python-azure-mgmt-containerservice/18.0.0b Python/3.8.9 + (macOS-10.16-x86_64-i386-64bit) + method: GET + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.ContainerService/locations/centraluseuap/operations/dcbf5792-b828-4d16-80c8-16755579d64a?api-version=2016-03-30 + response: + body: + string: "{\n \"name\": \"9257bfdc-28b8-164d-80c8-16755579d64a\",\n \"status\"\ + : \"InProgress\",\n \"startTime\": \"2022-05-09T03:19:05.8533333Z\"\n }" + headers: + cache-control: + - no-cache + content-length: + - '126' + content-type: + - application/json + date: + - Mon, 09 May 2022 03:21:08 GMT + expires: + - '-1' + pragma: + - no-cache + server: + - nginx + strict-transport-security: + - max-age=31536000; includeSubDomains + transfer-encoding: + - chunked + vary: + - Accept-Encoding + x-content-type-options: + - nosniff + status: + code: 200 + message: OK +- request: + body: null + headers: + AKSHTTPCustomFeatures: + - Microsoft.ContainerService/EnableAPIServerVnetIntegrationPreview + Accept: + - '*/*' + Accept-Encoding: + - gzip, deflate + CommandName: + - aks create + Connection: + - keep-alive + ParameterSetName: + - --resource-group --name --enable-apiserver-vnet-integration --aks-custom-headers + --enable-private-cluster --location --ssh-key-value -o + User-Agent: + - AZURECLI/2.36.0 azsdk-python-azure-mgmt-containerservice/18.0.0b Python/3.8.9 + (macOS-10.16-x86_64-i386-64bit) + method: GET + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.ContainerService/locations/centraluseuap/operations/dcbf5792-b828-4d16-80c8-16755579d64a?api-version=2016-03-30 + response: + body: + string: "{\n \"name\": \"9257bfdc-28b8-164d-80c8-16755579d64a\",\n \"status\"\ + : \"InProgress\",\n \"startTime\": \"2022-05-09T03:19:05.8533333Z\"\n }" + headers: + cache-control: + - no-cache + content-length: + - '126' + content-type: + - application/json + date: + - Mon, 09 May 2022 03:21:39 GMT + expires: + - '-1' + pragma: + - no-cache + server: + - nginx + strict-transport-security: + - max-age=31536000; includeSubDomains + transfer-encoding: + - chunked + vary: + - Accept-Encoding + x-content-type-options: + - nosniff + status: + code: 200 + message: OK +- request: + body: null + headers: + AKSHTTPCustomFeatures: + - Microsoft.ContainerService/EnableAPIServerVnetIntegrationPreview + Accept: + - '*/*' + Accept-Encoding: + - gzip, deflate + CommandName: + - aks create + Connection: + - keep-alive + ParameterSetName: + - --resource-group --name --enable-apiserver-vnet-integration --aks-custom-headers + --enable-private-cluster --location --ssh-key-value -o + User-Agent: + - AZURECLI/2.36.0 azsdk-python-azure-mgmt-containerservice/18.0.0b Python/3.8.9 + (macOS-10.16-x86_64-i386-64bit) + method: GET + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.ContainerService/locations/centraluseuap/operations/dcbf5792-b828-4d16-80c8-16755579d64a?api-version=2016-03-30 + response: + body: + string: "{\n \"name\": \"9257bfdc-28b8-164d-80c8-16755579d64a\",\n \"status\"\ + : \"InProgress\",\n \"startTime\": \"2022-05-09T03:19:05.8533333Z\"\n }" + headers: + cache-control: + - no-cache + content-length: + - '126' + content-type: + - application/json + date: + - Mon, 09 May 2022 03:22:09 GMT + expires: + - '-1' + pragma: + - no-cache + server: + - nginx + strict-transport-security: + - max-age=31536000; includeSubDomains + transfer-encoding: + - chunked + vary: + - Accept-Encoding + x-content-type-options: + - nosniff + status: + code: 200 + message: OK +- request: + body: null + headers: + AKSHTTPCustomFeatures: + - Microsoft.ContainerService/EnableAPIServerVnetIntegrationPreview + Accept: + - '*/*' + Accept-Encoding: + - gzip, deflate + CommandName: + - aks create + Connection: + - keep-alive + ParameterSetName: + - --resource-group --name --enable-apiserver-vnet-integration --aks-custom-headers + --enable-private-cluster --location --ssh-key-value -o + User-Agent: + - AZURECLI/2.36.0 azsdk-python-azure-mgmt-containerservice/18.0.0b Python/3.8.9 + (macOS-10.16-x86_64-i386-64bit) + method: GET + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.ContainerService/locations/centraluseuap/operations/dcbf5792-b828-4d16-80c8-16755579d64a?api-version=2016-03-30 + response: + body: + string: "{\n \"name\": \"9257bfdc-28b8-164d-80c8-16755579d64a\",\n \"status\"\ + : \"InProgress\",\n \"startTime\": \"2022-05-09T03:19:05.8533333Z\"\n }" + headers: + cache-control: + - no-cache + content-length: + - '126' + content-type: + - application/json + date: + - Mon, 09 May 2022 03:22:40 GMT + expires: + - '-1' + pragma: + - no-cache + server: + - nginx + strict-transport-security: + - max-age=31536000; includeSubDomains + transfer-encoding: + - chunked + vary: + - Accept-Encoding + x-content-type-options: + - nosniff + status: + code: 200 + message: OK +- request: + body: null + headers: + AKSHTTPCustomFeatures: + - Microsoft.ContainerService/EnableAPIServerVnetIntegrationPreview + Accept: + - '*/*' + Accept-Encoding: + - gzip, deflate + CommandName: + - aks create + Connection: + - keep-alive + ParameterSetName: + - --resource-group --name --enable-apiserver-vnet-integration --aks-custom-headers + --enable-private-cluster --location --ssh-key-value -o + User-Agent: + - AZURECLI/2.36.0 azsdk-python-azure-mgmt-containerservice/18.0.0b Python/3.8.9 + (macOS-10.16-x86_64-i386-64bit) + method: GET + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.ContainerService/locations/centraluseuap/operations/dcbf5792-b828-4d16-80c8-16755579d64a?api-version=2016-03-30 + response: + body: + string: "{\n \"name\": \"9257bfdc-28b8-164d-80c8-16755579d64a\",\n \"status\"\ + : \"InProgress\",\n \"startTime\": \"2022-05-09T03:19:05.8533333Z\"\n }" + headers: + cache-control: + - no-cache + content-length: + - '126' + content-type: + - application/json + date: + - Mon, 09 May 2022 03:23:10 GMT + expires: + - '-1' + pragma: + - no-cache + server: + - nginx + strict-transport-security: + - max-age=31536000; includeSubDomains + transfer-encoding: + - chunked + vary: + - Accept-Encoding + x-content-type-options: + - nosniff + status: + code: 200 + message: OK +- request: + body: null + headers: + AKSHTTPCustomFeatures: + - Microsoft.ContainerService/EnableAPIServerVnetIntegrationPreview + Accept: + - '*/*' + Accept-Encoding: + - gzip, deflate + CommandName: + - aks create + Connection: + - keep-alive + ParameterSetName: + - --resource-group --name --enable-apiserver-vnet-integration --aks-custom-headers + --enable-private-cluster --location --ssh-key-value -o + User-Agent: + - AZURECLI/2.36.0 azsdk-python-azure-mgmt-containerservice/18.0.0b Python/3.8.9 + (macOS-10.16-x86_64-i386-64bit) + method: GET + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.ContainerService/locations/centraluseuap/operations/dcbf5792-b828-4d16-80c8-16755579d64a?api-version=2016-03-30 + response: + body: + string: "{\n \"name\": \"9257bfdc-28b8-164d-80c8-16755579d64a\",\n \"status\"\ + : \"InProgress\",\n \"startTime\": \"2022-05-09T03:19:05.8533333Z\"\n }" + headers: + cache-control: + - no-cache + content-length: + - '126' + content-type: + - application/json + date: + - Mon, 09 May 2022 03:23:41 GMT + expires: + - '-1' + pragma: + - no-cache + server: + - nginx + strict-transport-security: + - max-age=31536000; includeSubDomains + transfer-encoding: + - chunked + vary: + - Accept-Encoding + x-content-type-options: + - nosniff + status: + code: 200 + message: OK +- request: + body: null + headers: + AKSHTTPCustomFeatures: + - Microsoft.ContainerService/EnableAPIServerVnetIntegrationPreview + Accept: + - '*/*' + Accept-Encoding: + - gzip, deflate + CommandName: + - aks create + Connection: + - keep-alive + ParameterSetName: + - --resource-group --name --enable-apiserver-vnet-integration --aks-custom-headers + --enable-private-cluster --location --ssh-key-value -o + User-Agent: + - AZURECLI/2.36.0 azsdk-python-azure-mgmt-containerservice/18.0.0b Python/3.8.9 + (macOS-10.16-x86_64-i386-64bit) + method: GET + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.ContainerService/locations/centraluseuap/operations/dcbf5792-b828-4d16-80c8-16755579d64a?api-version=2016-03-30 + response: + body: + string: "{\n \"name\": \"9257bfdc-28b8-164d-80c8-16755579d64a\",\n \"status\"\ + : \"InProgress\",\n \"startTime\": \"2022-05-09T03:19:05.8533333Z\"\n }" + headers: + cache-control: + - no-cache + content-length: + - '126' + content-type: + - application/json + date: + - Mon, 09 May 2022 03:24:11 GMT + expires: + - '-1' + pragma: + - no-cache + server: + - nginx + strict-transport-security: + - max-age=31536000; includeSubDomains + transfer-encoding: + - chunked + vary: + - Accept-Encoding + x-content-type-options: + - nosniff + status: + code: 200 + message: OK +- request: + body: null + headers: + AKSHTTPCustomFeatures: + - Microsoft.ContainerService/EnableAPIServerVnetIntegrationPreview + Accept: + - '*/*' + Accept-Encoding: + - gzip, deflate + CommandName: + - aks create + Connection: + - keep-alive + ParameterSetName: + - --resource-group --name --enable-apiserver-vnet-integration --aks-custom-headers + --enable-private-cluster --location --ssh-key-value -o + User-Agent: + - AZURECLI/2.36.0 azsdk-python-azure-mgmt-containerservice/18.0.0b Python/3.8.9 + (macOS-10.16-x86_64-i386-64bit) + method: GET + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.ContainerService/locations/centraluseuap/operations/dcbf5792-b828-4d16-80c8-16755579d64a?api-version=2016-03-30 + response: + body: + string: "{\n \"name\": \"9257bfdc-28b8-164d-80c8-16755579d64a\",\n \"status\"\ + : \"InProgress\",\n \"startTime\": \"2022-05-09T03:19:05.8533333Z\"\n }" + headers: + cache-control: + - no-cache + content-length: + - '126' + content-type: + - application/json + date: + - Mon, 09 May 2022 03:24:42 GMT + expires: + - '-1' + pragma: + - no-cache + server: + - nginx + strict-transport-security: + - max-age=31536000; includeSubDomains + transfer-encoding: + - chunked + vary: + - Accept-Encoding + x-content-type-options: + - nosniff + status: + code: 200 + message: OK +- request: + body: null + headers: + AKSHTTPCustomFeatures: + - Microsoft.ContainerService/EnableAPIServerVnetIntegrationPreview + Accept: + - '*/*' + Accept-Encoding: + - gzip, deflate + CommandName: + - aks create + Connection: + - keep-alive + ParameterSetName: + - --resource-group --name --enable-apiserver-vnet-integration --aks-custom-headers + --enable-private-cluster --location --ssh-key-value -o + User-Agent: + - AZURECLI/2.36.0 azsdk-python-azure-mgmt-containerservice/18.0.0b Python/3.8.9 + (macOS-10.16-x86_64-i386-64bit) + method: GET + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.ContainerService/locations/centraluseuap/operations/dcbf5792-b828-4d16-80c8-16755579d64a?api-version=2016-03-30 + response: + body: + string: "{\n \"name\": \"9257bfdc-28b8-164d-80c8-16755579d64a\",\n \"status\"\ + : \"InProgress\",\n \"startTime\": \"2022-05-09T03:19:05.8533333Z\"\n }" + headers: + cache-control: + - no-cache + content-length: + - '126' + content-type: + - application/json + date: + - Mon, 09 May 2022 03:25:12 GMT + expires: + - '-1' + pragma: + - no-cache + server: + - nginx + strict-transport-security: + - max-age=31536000; includeSubDomains + transfer-encoding: + - chunked + vary: + - Accept-Encoding + x-content-type-options: + - nosniff + status: + code: 200 + message: OK +- request: + body: null + headers: + AKSHTTPCustomFeatures: + - Microsoft.ContainerService/EnableAPIServerVnetIntegrationPreview + Accept: + - '*/*' + Accept-Encoding: + - gzip, deflate + CommandName: + - aks create + Connection: + - keep-alive + ParameterSetName: + - --resource-group --name --enable-apiserver-vnet-integration --aks-custom-headers + --enable-private-cluster --location --ssh-key-value -o + User-Agent: + - AZURECLI/2.36.0 azsdk-python-azure-mgmt-containerservice/18.0.0b Python/3.8.9 + (macOS-10.16-x86_64-i386-64bit) + method: GET + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.ContainerService/locations/centraluseuap/operations/dcbf5792-b828-4d16-80c8-16755579d64a?api-version=2016-03-30 + response: + body: + string: "{\n \"name\": \"9257bfdc-28b8-164d-80c8-16755579d64a\",\n \"status\"\ + : \"Succeeded\",\n \"startTime\": \"2022-05-09T03:19:05.8533333Z\",\n \"\ + endTime\": \"2022-05-09T03:25:31.3854034Z\"\n }" + headers: + cache-control: + - no-cache + content-length: + - '170' + content-type: + - application/json + date: + - Mon, 09 May 2022 03:25:44 GMT + expires: + - '-1' + pragma: + - no-cache + server: + - nginx + strict-transport-security: + - max-age=31536000; includeSubDomains + transfer-encoding: + - chunked + vary: + - Accept-Encoding + x-content-type-options: + - nosniff + status: + code: 200 + message: OK +- request: + body: null + headers: + AKSHTTPCustomFeatures: + - Microsoft.ContainerService/EnableAPIServerVnetIntegrationPreview + Accept: + - '*/*' + Accept-Encoding: + - gzip, deflate + CommandName: + - aks create + Connection: + - keep-alive + ParameterSetName: + - --resource-group --name --enable-apiserver-vnet-integration --aks-custom-headers + --enable-private-cluster --location --ssh-key-value -o + User-Agent: + - AZURECLI/2.36.0 azsdk-python-azure-mgmt-containerservice/18.0.0b Python/3.8.9 + (macOS-10.16-x86_64-i386-64bit) + method: GET + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/clitest000001/providers/Microsoft.ContainerService/managedClusters/cliakstest000002?api-version=2022-04-02-preview + response: + body: + string: "{\n \"id\": \"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/clitest000001/providers/Microsoft.ContainerService/managedClusters/cliakstest000002\"\ + ,\n \"location\": \"centraluseuap\",\n \"name\": \"cliakstest000002\",\n\ + \ \"type\": \"Microsoft.ContainerService/ManagedClusters\",\n \"properties\"\ + : {\n \"provisioningState\": \"Succeeded\",\n \"powerState\": {\n \"\ + code\": \"Running\"\n },\n \"kubernetesVersion\": \"1.22.6\",\n \"currentKubernetesVersion\"\ + : \"1.22.6\",\n \"dnsPrefix\": \"cliakstest-clitestbhl3jboyy-8ecadf\",\n\ + \ \"fqdn\": \"cliakstest-clitestbhl3jboyy-8ecadf-8d25cca6.hcp.centraluseuap.azmk8s.io\"\ + ,\n \"azurePortalFQDN\": \"9fbe765d3e0a6a28c80371ed3290a221-priv.portal.hcp.centraluseuap.azmk8s.io\"\ + ,\n \"privateFQDN\": \"cliakstest-clitestbhl3jboyy-8ecadf-358be4d3.f3691701-2365-4d64-b149-a2ef336b9ef9.private.centraluseuap.azmk8s.io\"\ + ,\n \"agentPoolProfiles\": [\n {\n \"name\": \"nodepool1\",\n \ + \ \"count\": 3,\n \"vmSize\": \"Standard_DS2_v2\",\n \"osDiskSizeGB\"\ + : 128,\n \"osDiskType\": \"Managed\",\n \"kubeletDiskType\": \"OS\"\ + ,\n \"workloadRuntime\": \"OCIContainer\",\n \"maxPods\": 110,\n \ + \ \"type\": \"VirtualMachineScaleSets\",\n \"enableAutoScaling\": false,\n\ + \ \"provisioningState\": \"Succeeded\",\n \"powerState\": {\n \ + \ \"code\": \"Running\"\n },\n \"orchestratorVersion\": \"1.22.6\"\ + ,\n \"enableNodePublicIP\": false,\n \"mode\": \"System\",\n \"\ + enableEncryptionAtHost\": false,\n \"enableUltraSSD\": false,\n \"\ + osType\": \"Linux\",\n \"osSKU\": \"Ubuntu\",\n \"nodeImageVersion\"\ + : \"AKSUbuntu-1804gen2containerd-2022.04.27\",\n \"enableFIPS\": false\n\ + \ }\n ],\n \"linuxProfile\": {\n \"adminUsername\": \"azureuser\"\ + ,\n \"ssh\": {\n \"publicKeys\": [\n {\n \"keyData\": \"\ + ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCbIg1guRHbI0lV11wWDt1r2cUdcNd27CJsg+SfgC7miZeubtwUhbsPdhMQsfDyhOWHq1+ZL0M+nJZV63d/1dhmhtgyOqejUwrPlzKhydsbrsdUor+JmNJDdW01v7BXHyuymT8G4s09jCasNOwiufbP/qp72ruu0bIA1nySsvlf9pCQAuFkAnVnf/rFhUlOkhtRpwcq8SUNY2zRHR/EKb/4NWY1JzR4sa3q2fWIJdrrX0DvLoa5g9bIEd4Df79ba7v+yiUBOS0zT2ll+z4g9izHK3EO5d8hL4jYxcjKs+wcslSYRWrascfscLgMlMGh0CdKeNTDjHpGPncaf3Z+FwwwjWeuiNBxv7bJo13/8B/098KlVDl4GZqsoBCEjPyJfV6hO0y/LkRGkk7oHWKgeWAfKtfLItRp00eZ4fcJNK9kCaSMmEugoZWcI7NGbZXzqFWqbpRI7NcDP9+WIQ+i9U5vqWsqd/zng4kbuAJ6UuKqIzB0upYrLShfQE3SAck8oaLhJqqq56VfDuASNpJKidV+zq27HfSBmbXnkR/5AK337dc3MXKJypoK/QPMLKUAP5XLPbs+NddJQV7EZXd29DLgp+fRIg3edpKdO7ZErWhv7d+3Kws+e1Y+ypmR2WIVSwVyBEUfgv2C8Ts9gnTF4pNcEY/S2aBicz5Ew2+jdyGNQQ==\ + \ test@example.com\\n\"\n }\n ]\n }\n },\n \"servicePrincipalProfile\"\ + : {\n \"clientId\":\"00000000-0000-0000-0000-000000000001\"\n },\n \ + \ \"nodeResourceGroup\": \"MC_clitest000001_cliakstest000002_centraluseuap\"\ + ,\n \"enableRBAC\": true,\n \"enablePodSecurityPolicy\": false,\n \"\ + networkProfile\": {\n \"networkPlugin\": \"kubenet\",\n \"loadBalancerSku\"\ + : \"Standard\",\n \"loadBalancerProfile\": {\n \"managedOutboundIPs\"\ + : {\n \"count\": 1\n },\n \"effectiveOutboundIPs\": [\n \ + \ {\n \"id\": \"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/MC_clitest000001_cliakstest000002_centraluseuap/providers/Microsoft.Network/publicIPAddresses/5f798ff1-5c1c-4e82-a0e9-64f42c0a5f6c\"\ + \n }\n ]\n },\n \"podCidr\": \"10.244.0.0/16\",\n \"serviceCidr\"\ + : \"10.0.0.0/16\",\n \"dnsServiceIP\": \"10.0.0.10\",\n \"dockerBridgeCidr\"\ + : \"172.17.0.1/16\",\n \"outboundType\": \"loadBalancer\",\n \"podCidrs\"\ + : [\n \"10.244.0.0/16\"\n ],\n \"serviceCidrs\": [\n \"10.0.0.0/16\"\ + \n ],\n \"ipFamilies\": [\n \"IPv4\"\n ]\n },\n \"maxAgentPools\"\ + : 100,\n \"apiServerAccessProfile\": {\n \"enablePrivateCluster\": true,\n\ + \ \"privateDNSZone\": \"system\",\n \"enablePrivateClusterPublicFQDN\"\ + : true,\n \"enableVnetIntegration\": true,\n \"subnetId\": \"\"\n \ + \ },\n \"identityProfile\": {\n \"kubeletidentity\": {\n \"resourceId\"\ + : \"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_clitest000001_cliakstest000002_centraluseuap/providers/Microsoft.ManagedIdentity/userAssignedIdentities/cliakstest000002-agentpool\"\ + ,\n \"clientId\":\"00000000-0000-0000-0000-000000000001\",\n \"objectId\"\ + :\"00000000-0000-0000-0000-000000000001\"\n }\n },\n \"disableLocalAccounts\"\ + : false,\n \"securityProfile\": {},\n \"storageProfile\": {\n \"diskCSIDriver\"\ + : {\n \"enabled\": true\n },\n \"fileCSIDriver\": {\n \"enabled\"\ + : true\n },\n \"snapshotController\": {\n \"enabled\": true\n \ + \ }\n },\n \"oidcIssuerProfile\": {\n \"enabled\": false\n }\n \ + \ },\n \"identity\": {\n \"type\": \"SystemAssigned\",\n \"principalId\"\ + :\"00000000-0000-0000-0000-000000000001\",\n \"tenantId\": \"72f988bf-86f1-41af-91ab-2d7cd011db47\"\ + \n },\n \"sku\": {\n \"name\": \"Basic\",\n \"tier\": \"Free\"\n }\n\ + \ }" + headers: + cache-control: + - no-cache + content-length: + - '4583' + content-type: + - application/json + date: + - Mon, 09 May 2022 03:25:45 GMT + expires: + - '-1' + pragma: + - no-cache + server: + - nginx + strict-transport-security: + - max-age=31536000; includeSubDomains + transfer-encoding: + - chunked + vary: + - Accept-Encoding + x-content-type-options: + - nosniff + status: + code: 200 + message: OK +- request: + body: null + headers: + Accept: + - application/json + Accept-Encoding: + - gzip, deflate + CommandName: + - aks delete + Connection: + - keep-alive + Content-Length: + - '0' + ParameterSetName: + - --resource-group --name --yes --no-wait + User-Agent: + - AZURECLI/2.36.0 azsdk-python-azure-mgmt-containerservice/18.0.0b Python/3.8.9 + (macOS-10.16-x86_64-i386-64bit) + method: DELETE + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/clitest000001/providers/Microsoft.ContainerService/managedClusters/cliakstest000002?api-version=2022-04-02-preview + response: + body: + string: '' + headers: + azure-asyncoperation: + - https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.ContainerService/locations/centraluseuap/operations/938092a9-381d-4dc1-8662-7122154626ab?api-version=2016-03-30 + cache-control: + - no-cache + content-length: + - '0' + date: + - Mon, 09 May 2022 03:25:49 GMT + expires: + - '-1' + location: + - https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.ContainerService/locations/centraluseuap/operationresults/938092a9-381d-4dc1-8662-7122154626ab?api-version=2016-03-30 + pragma: + - no-cache + server: + - nginx + strict-transport-security: + - max-age=31536000; includeSubDomains + x-content-type-options: + - nosniff + x-ms-ratelimit-remaining-subscription-deletes: + - '14999' + status: + code: 202 + message: Accepted +version: 1 diff --git a/src/aks-preview/azext_aks_preview/tests/latest/test_aks_commands.py b/src/aks-preview/azext_aks_preview/tests/latest/test_aks_commands.py index b3a00e356f8..3108b4b5c55 100644 --- a/src/aks-preview/azext_aks_preview/tests/latest/test_aks_commands.py +++ b/src/aks-preview/azext_aks_preview/tests/latest/test_aks_commands.py @@ -4064,3 +4064,33 @@ def test_aks_create_with_standard_csi_drivers(self, resource_group, resource_gro self.cmd(cmd, checks=[ self.is_empty(), ]) + + @AllowLargeResponse() + @AKSCustomResourceGroupPreparer(random_name_length=17, name_prefix='clitest', location='centraluseuap') + def test_aks_create_with_apiserver_vnet_integration(self, resource_group, resource_group_location): + # kwargs for string formatting + aks_name = self.create_random_name('cliakstest', 16) + + self.kwargs.update({ + 'resource_group': resource_group, + 'name': aks_name, + 'location': resource_group_location, + 'resource_type': 'Microsoft.ContainerService/ManagedClusters', + 'ssh_key_value': self.generate_ssh_keys(), + }) + + create_cmd = 'aks create --resource-group={resource_group} --name={name} --enable-apiserver-vnet-integration ' \ + '--aks-custom-headers AKSHTTPCustomFeatures=Microsoft.ContainerService/EnableAPIServerVnetIntegrationPreview ' \ + '--enable-private-cluster --location={location} --ssh-key-value={ssh_key_value} -o json' + + self.cmd(create_cmd, checks=[ + self.check('provisioningState', 'Succeeded'), + self.check('apiServerAccessProfile.enablePrivateCluster', 'True'), + self.check('apiServerAccessProfile.enableVnetIntegration', 'True'), + ]) + + # delete + cmd = 'aks delete --resource-group={resource_group} --name={name} --yes --no-wait' + self.cmd(cmd, checks=[ + self.is_empty(), + ]) diff --git a/src/aks-preview/azext_aks_preview/tests/latest/test_decorator.py b/src/aks-preview/azext_aks_preview/tests/latest/test_decorator.py index 75c108b9d06..8ff9dcb1185 100644 --- a/src/aks-preview/azext_aks_preview/tests/latest/test_decorator.py +++ b/src/aks-preview/azext_aks_preview/tests/latest/test_decorator.py @@ -2138,6 +2138,168 @@ def test_get_updated_assign_kubelet_identity(self): ) self.assertEqual(ctx_1.get_updated_assign_kubelet_identity(), "fakeresourceid") + def test_get_enable_apiserver_vnet_integration(self): + ctx_0 = AKSPreviewContext( + self.cmd, + {}, + self.models, + decorator_mode=DecoratorMode.CREATE, + ) + self.assertIsNone(ctx_0.get_enable_apiserver_vnet_integration()) + + ctx_1 = AKSPreviewContext( + self.cmd, + { + "enable_apiserver_vnet_integration": False, + }, + self.models, + decorator_mode=DecoratorMode.CREATE, + ) + self.assertEqual(ctx_1.get_enable_apiserver_vnet_integration(), False) + + ctx_2 = AKSPreviewContext( + self.cmd, + { + "enable_apiserver_vnet_integration": False, + "enable_private_cluster": False, + }, + self.models, + decorator_mode=DecoratorMode.CREATE, + ) + api_server_access_profile = self.models.ManagedClusterAPIServerAccessProfile() + api_server_access_profile.enable_vnet_integration = True + api_server_access_profile.enable_private_cluster = True + mc = self.models.ManagedCluster( + location="test_location", + api_server_access_profile=api_server_access_profile, + ) + ctx_2.attach_mc(mc) + self.assertEqual(ctx_2.get_enable_apiserver_vnet_integration(), True) + + ctx_3 = AKSPreviewContext( + self.cmd, + { + "enable_apiserver_vnet_integration": True, + "enable_private_cluster": True, + }, + self.models, + decorator_mode=DecoratorMode.CREATE, + ) + self.assertEqual(ctx_3.get_enable_apiserver_vnet_integration(), True) + + ctx_4 = AKSPreviewContext( + self.cmd, + { + "enable_apiserver_vnet_integration": True, + }, + self.models, + decorator_mode=DecoratorMode.CREATE, + ) + with self.assertRaises(RequiredArgumentMissingError): + ctx_4.get_enable_apiserver_vnet_integration() + + ctx_5 = AKSPreviewContext( + self.cmd, + { + "enable_apiserver_vnet_integration": True, + }, + self.models, + decorator_mode=DecoratorMode.UPDATE, + ) + with self.assertRaises(RequiredArgumentMissingError): + ctx_5.get_enable_apiserver_vnet_integration() + + def test_get_apiserver_subnet_id(self): + ctx_0 = AKSPreviewContext( + self.cmd, + {}, + self.models, + decorator_mode=DecoratorMode.CREATE, + ) + self.assertIsNone(ctx_0.get_apiserver_subnet_id()) + + apiserver_subnet_id = "/subscriptions/fakesub/resourceGroups/fakerg/providers/Microsoft.Network/virtualNetworks/fakevnet/subnets/apiserver" + vnet_subnet_id = "/subscriptions/fakesub/resourceGroups/fakerg/providers/Microsoft.Network/virtualNetworks/fakevnet/subnets/node" + ctx_1 = AKSPreviewContext( + self.cmd, + { + "enable_apiserver_vnet_integration": True, + "enable_private_cluster": True, + "apiserver_subnet_id": apiserver_subnet_id, + "vnet_subnet_id": vnet_subnet_id, + }, + self.models, + decorator_mode=DecoratorMode.CREATE, + ) + self.assertEqual(ctx_1.get_apiserver_subnet_id(), apiserver_subnet_id) + + ctx_2 = AKSPreviewContext( + self.cmd, + { + "enable_apiserver_vnet_integration": True, + "enable_private_cluster": True, + "vnet_subnet_id": vnet_subnet_id + }, + self.models, + decorator_mode=DecoratorMode.CREATE, + ) + api_server_access_profile = self.models.ManagedClusterAPIServerAccessProfile() + api_server_access_profile.subnet_id = apiserver_subnet_id + mc = self.models.ManagedCluster( + location="test_location", + api_server_access_profile=api_server_access_profile, + ) + ctx_2.attach_mc(mc) + self.assertEqual(ctx_2.get_apiserver_subnet_id(), apiserver_subnet_id) + + ctx_3 = AKSPreviewContext( + self.cmd, + { + "enable_apiserver_vnet_integration": True, + "apiserver_subnet_id": apiserver_subnet_id, + }, + self.models, + decorator_mode=DecoratorMode.UPDATE, + ) + self.assertEqual(ctx_3.get_apiserver_subnet_id(), apiserver_subnet_id) + + ctx_4 = AKSPreviewContext( + self.cmd, + { + "enable_private_cluster": True, + "apiserver_subnet_id": apiserver_subnet_id, + "vnet_subnet_id": vnet_subnet_id, + }, + self.models, + decorator_mode=DecoratorMode.CREATE, + ) + with self.assertRaises(RequiredArgumentMissingError): + ctx_4.get_apiserver_subnet_id() + + ctx_5 = AKSPreviewContext( + self.cmd, + { + "enable_apiserver_vnet_integration": False, + "apiserver_subnet_id": apiserver_subnet_id, + "vnet_subnet_id": vnet_subnet_id, + }, + self.models, + decorator_mode=DecoratorMode.CREATE, + ) + with self.assertRaises(RequiredArgumentMissingError): + ctx_5.get_apiserver_subnet_id() + + ctx_6 = AKSPreviewContext( + self.cmd, + { + "apiserver_subnet_id": apiserver_subnet_id, + }, + self.models, + decorator_mode=DecoratorMode.CREATE, + ) + with self.assertRaises(RequiredArgumentMissingError): + ctx_6.get_apiserver_subnet_id() + class AKSPreviewCreateDecoratorTestCase(unittest.TestCase): def setUp(self): @@ -3121,6 +3283,47 @@ def test_set_up_azure_keyvault_kms(self): self.assertEqual(dec_mc_2, ground_truth_mc_2) + def test_set_up_apiserver_vnet_integration(self): + dec_1 = AKSPreviewCreateDecorator( + self.cmd, + self.client, + {}, + CUSTOM_MGMT_AKS_PREVIEW, + ) + mc_1 = self.models.ManagedCluster( + location="test_location" + ) + dec_mc_1 = dec_1.set_up_apiserver_vnet_integration(mc_1) + ground_truth_mc_1 = self.models.ManagedCluster( + location="test_location" + ) + self.assertEqual(dec_mc_1, ground_truth_mc_1) + + apiserver_subnet_id = "/subscriptions/fakesub/resourceGroups/fakerg/providers/Microsoft.Network/virtualNetworks/fakevnet/subnets/apiserver" + vnet_subnet_id = "/subscriptions/fakesub/resourceGroups/fakerg/providers/Microsoft.Network/virtualNetworks/fakevnet/subnets/node" + dec_2 = AKSPreviewCreateDecorator( + self.cmd, + self.client, + { + "enable_apiserver_vnet_integration": True, + "enable_private_cluster": True, + "apiserver_subnet_id": apiserver_subnet_id, + "vnet_subnet_id": vnet_subnet_id, + }, + CUSTOM_MGMT_AKS_PREVIEW, + ) + mc_2 = self.models.ManagedCluster(location="test_location") + dec_mc_2 = dec_2.set_up_apiserver_vnet_integration(mc_2) + ground_truth_api_server_access_profile_2 = self.models.ManagedClusterAPIServerAccessProfile( + enable_vnet_integration=True, + subnet_id=apiserver_subnet_id, + ) + ground_truth_mc_2 = self.models.ManagedCluster( + location="test_location", + api_server_access_profile=ground_truth_api_server_access_profile_2, + ) + self.assertEqual(dec_mc_2, ground_truth_mc_2) + def test_set_up_creationdata_of_cluster_snapshot(self): dec_1 = AKSPreviewCreateDecorator( self.cmd, @@ -4296,6 +4499,46 @@ def test_update_azure_keyvault_kms(self): self.assertEqual(dec_mc_2, ground_truth_mc_2) + def test_update_apiserver_vnet_integration(self): + dec_1 = AKSPreviewUpdateDecorator( + self.cmd, + self.client, + {}, + CUSTOM_MGMT_AKS_PREVIEW, + ) + mc_1 = self.models.ManagedCluster( + location="test_location", + ) + dec_1.context.attach_mc(mc_1) + dec_mc_1 = dec_1.update_apiserver_vnet_integration(mc_1) + ground_truth_mc_1 = self.models.ManagedCluster( + location="test_location", + ) + self.assertEqual(dec_mc_1, ground_truth_mc_1) + + apiserver_subnet_id = "/subscriptions/fakesub/resourceGroups/fakerg/providers/Microsoft.Network/virtualNetworks/fakevnet/subnets/apiserver" + dec_2 = AKSPreviewUpdateDecorator( + self.cmd, + self.client, + { + "enable_apiserver_vnet_integration": True, + "apiserver_subnet_id": apiserver_subnet_id, + }, + CUSTOM_MGMT_AKS_PREVIEW, + ) + mc_2 = self.models.ManagedCluster(location="test_location") + dec_2.context.attach_mc(mc_2) + dec_mc_2 = dec_2.update_apiserver_vnet_integration(mc_2) + ground_truth_api_server_access_profile_2 = self.models.ManagedClusterAPIServerAccessProfile( + enable_vnet_integration=True, + subnet_id=apiserver_subnet_id, + ) + ground_truth_mc_2 = self.models.ManagedCluster( + location="test_location", + api_server_access_profile=ground_truth_api_server_access_profile_2, + ) + self.assertEqual(dec_mc_2, ground_truth_mc_2) + def test_update_identity_profile(self): dec_1 = AKSPreviewUpdateDecorator( self.cmd, diff --git a/src/aks-preview/linter_exclusions.yml b/src/aks-preview/linter_exclusions.yml index 85cc652f0b3..acfdc70c07f 100644 --- a/src/aks-preview/linter_exclusions.yml +++ b/src/aks-preview/linter_exclusions.yml @@ -18,6 +18,9 @@ aks create: disable_snapshot_controller: rule_exclusions: - option_length_too_long + enable_apiserver_vnet_integration: + rule_exclusions: + - option_length_too_long aks delete: parameters: ignore_pod_disruption_budget: @@ -54,6 +57,9 @@ aks update: disable_snapshot_controller: rule_exclusions: - option_length_too_long + enable_apiserver_vnet_integration: + rule_exclusions: + - option_length_too_long aks nodepool delete: parameters: ignore_pod_disruption_budget: diff --git a/src/aks-preview/setup.py b/src/aks-preview/setup.py index 3513b530fee..91e7dfb9fbb 100644 --- a/src/aks-preview/setup.py +++ b/src/aks-preview/setup.py @@ -9,7 +9,7 @@ from setuptools import setup, find_packages -VERSION = "0.5.66" +VERSION = "0.5.67" CLASSIFIERS = [ "Development Status :: 4 - Beta", "Intended Audience :: Developers",