Azure · zhoxing-ms · Nov 7, 2023 · Oct 24, 2023 · Oct 24, 2023 · Nov 7, 2023
@@ -201,6 +201,9 @@ aks update:
     enable_network_observability:
       rule_exclusions:
       - option_length_too_long
+    disable_network_observability:
+      rule_exclusions:
+      - option_length_too_long
 arcdata dc create:
   parameters:
     logs_ui_private_key_file:

@@ -11,17 +11,18 @@ To release a new version, please select a new version number (usually plus 1 to
 
 Pending
 +++++++
-* Vendor new SDK and bump API version to 2023-09-02-preview.
-* Add the KataCcIsolation option to --workload-runtime.
 * Add `--network-plugin` to the `az aks update` command.
+* Add the KataCcIsolation option to --workload-runtime.
 * Update "VirtualMachines" agent pool type as Public Preview feature.
+* Add --disable-network-observability to `az aks update` cluster command.
 
 0.5.168
 +++++++
 * Add `--enable-image-integrity` to the `az aks update` command.
 
 0.5.167
 +++++++
+* Vendor new SDK and bump API version to 2023-09-02-preview.
 * Fix the default storagepool name value created for Azure Container Storage.
 * Ensure the correct nodepool name is picked and labelled by Azure Container Storage while installing with `az aks create`.
 

@@ -1091,6 +1091,9 @@
         - name: --enable-network-observability
           type: bool
           short-summary: Enable network observability on a cluster.
+        - name: --disable-network-observability
+          type: bool
+          short-summary: Disable network observability on a cluster
         - name: --enable-cost-analysis
           type: bool
           short-summary: Enable exporting Kubernetes Namespace and Deployment details to the Cost Analysis views in the Azure portal. For more information see aka.ms/aks/docs/cost-analysis.

@@ -633,6 +633,7 @@ def load_arguments(self, _):
         c.argument('guardrails_version', help='The guardrails version', is_preview=True)
         c.argument('guardrails_excluded_ns', is_preview=True)
         c.argument('enable_network_observability', action='store_true', is_preview=True, help="enable network observability for cluster")
+        c.argument('disable_network_observability', action='store_true', is_preview=True, help="disable network observability for cluster")
         c.argument('enable_cost_analysis', is_preview=True, action='store_true')
         c.argument('disable_cost_analysis', is_preview=True, action='store_true')
         # azure container storage

@@ -775,6 +775,7 @@ def aks_update(
     guardrails_version=None,
     guardrails_excluded_ns=None,
     enable_network_observability=None,
+    disable_network_observability=None,
     # metrics profile
     enable_cost_analysis=False,
     disable_cost_analysis=False,

@@ -609,7 +609,19 @@ def get_enable_network_observability(self) -> Optional[bool]:
 
         :return: bool or None
         """
-        return self.raw_param.get("enable_network_observability")
+        enable_network_observability = self.raw_param.get("enable_network_observability")
+        disable_network_observability = self.raw_param.get("disable_network_observability")
+        if enable_network_observability and disable_network_observability:
+            raise MutuallyExclusiveArgumentError(
+                "Cannot specify --enable-network-observability and "
+                "--disable-network-observability at the same time."
+            )
+        if enable_network_observability is False and disable_network_observability is False:
+            return None
+        if enable_network_observability is not None:
+            return enable_network_observability
+        if disable_network_observability is not None:
+            return not disable_network_observability
 
     def get_load_balancer_managed_outbound_ip_count(self) -> Union[int, None]:
         """Obtain the value of load_balancer_managed_outbound_ip_count.

@@ -7983,6 +7983,14 @@ def test_aks_update_enable_network_observability(self, resource_group, resource_
             self.check('networkProfile.monitoring.enabled', True),
         ])
 
+        # update to disable network observability
+        update_cmd_two = 'aks update --resource-group={resource_group} --name={name} --disable-network-observability ' \
+                     '--aks-custom-headers AKSHTTPCustomFeatures=Microsoft.ContainerService/NetworkObservabilityPreview '
+        self.cmd(update_cmd_two, checks=[
+            self.check('provisioningState', 'Succeeded'),
+            self.check('networkProfile.monitoring.enabled', False),
+        ])
+
         # delete
         self.cmd(
             'aks delete -g {resource_group} -n {name} --yes --no-wait', checks=[self.is_empty()])

@@ -884,6 +884,35 @@ def test_mc_get_enable_network_observability(self):
         )
         self.assertEqual(ctx_3.get_enable_network_observability(), True)
 
+        # Flag set to True and False.
+        ctx_4 = AKSPreviewManagedClusterContext(
+            self.cmd,
+            AKSManagedClusterParamDict(
+                {
+                    "enable_network_observability": True,
+                    "disable_network_observability": True,
+                }
+            ),
+            self.models,
+            decorator_mode=DecoratorMode.UPDATE,
+        )
+        # fail on get_enable_network_observability mutual exclusive error
+        with self.assertRaises(MutuallyExclusiveArgumentError):
+            ctx_4.get_enable_network_observability()
+
+        # Flag set to False.
+        ctx_5 = AKSPreviewManagedClusterContext(
+            self.cmd,
+            AKSManagedClusterParamDict(
+                {
+                    "disable_network_observability": True,
+                }
+            ),
+            self.models,
+            decorator_mode=DecoratorMode.UPDATE,
+        )
+        self.assertEqual(ctx_5.get_enable_network_observability(), False)
+
     def test_get_enable_managed_identity(self):
         # custom value
         ctx_1 = AKSPreviewManagedClusterContext(