Azure · yanzhudd · Oct 12, 2023 · Sep 1, 2023 · Sep 1, 2023 · Sep 1, 2023
@@ -17,6 +17,11 @@ Pending
     * `az aks trustedaccess rolebinding update`
     * `az aks trustedaccess rolebinding delete`
 
+0.5.163
++++++++
+* Add `get-upgrades` and `get-revisions` to the `az aks mesh` command.
+* Add `az aks mesh upgrade` commands to manage upgrades for Azure Service Mesh.
+
 0.5.162
 +++++++
 * Replace Image Cleaner related functions with stable version.
@@ -65,7 +70,7 @@ Pending
 
 0.5.152
 ++++++
-* move loadbalancer/natgateway util functions to azure-cli and update reference in aks-preview project. 
+* move loadbalancer/natgateway util functions to azure-cli and update reference in aks-preview project.
 * Update the minimum required cli core version to `2.49.0`.
 * Add plugin CA support for `az aks mesh enable` commands for Azure Service Mesh.
 
@@ -1362,4 +1367,4 @@ Pending
 +++++
 
 * new feature `enable-cluster-autoscaler`
-* default agentType is VMSS
+* default agentType is VMSS
@@ -253,3 +253,6 @@
 CONST_AZURE_SERVICE_MESH_MODE_ISTIO = "Istio"
 CONST_AZURE_SERVICE_MESH_INGRESS_MODE_EXTERNAL = "External"
 CONST_AZURE_SERVICE_MESH_INGRESS_MODE_INTERNAL = "Internal"
+CONST_AZURE_SERVICE_MESH_UPGRADE_COMMAND_START = "Start"
+CONST_AZURE_SERVICE_MESH_UPGRADE_COMMAND_COMPLETE = "Complete"
+CONST_AZURE_SERVICE_MESH_UPGRADE_COMMAND_ROLLBACK = "Rollback"
@@ -314,3 +314,59 @@ def _aks_snapshot_table_format(result):
     }""")
     # use ordered dicts so headers are predictable
     return parsed.search(result, Options(dict_cls=OrderedDict))
+
+
+def aks_mesh_revisions_table_format(result):
+    """Format a list of mesh revisions as summary results for display with "-o table". """
+    revision_table = flatten_mesh_revision_table(result[0]['properties']['meshRevisions'])
+    parsed = compile_jmes("""[].{
+        revision: revision,
+        upgrades: upgrades || [`None available`] | sort_versions(@) | join(`, `, @),
+        compatibleWith: compatibleWith_name,
+        compatibleVersions: compatibleVersions || [`None available`] | sort_versions(@) | join(`, `, @)
+    }""")
+    # Use ordered dicts so headers are predictable
+    results = parsed.search(revision_table, Options(
+        dict_cls=OrderedDict, custom_functions=_custom_functions({})))
+
+    return results
+
+
+# Helper function used by aks_mesh_revisions_table_format
+def flatten_mesh_revision_table(revision_info):
+    """Flattens revision information"""
+    flattened = []
+    for revision_data in revision_info:
+        flattened.extend(_format_mesh_revision_entry(revision_data))
+    return flattened
+
+
+def aks_mesh_upgrades_table_format(result):
+    """Format a list of mesh upgrades as summary results for display with "-o table". """
+    upgrades_table = _format_mesh_revision_entry(result[0]['properties'])
+    parsed = compile_jmes("""[].{
+        revision: revision,
+        upgrades: upgrades || [`None available`] | sort_versions(@) | join(`, `, @),
+        compatibleWith: compatibleWith_name,
+        compatibleVersions: compatibleVersions || [`None available`] | sort_versions(@) | join(`, `, @)
+    }""")
+    # Use ordered dicts so headers are predictable
+    results = parsed.search(upgrades_table, Options(
+        dict_cls=OrderedDict, custom_functions=_custom_functions({})))
+    return results
+
+
+def _format_mesh_revision_entry(revision):
+    flattened = []
+    revision_entry = revision['revision']
+    upgrades = revision['upgrades']
+    compatible_with_list = revision['compatibleWith']
+    for compatible_with in compatible_with_list:
+        item = {
+            'revision': revision_entry,
+            'upgrades': upgrades,
+            'compatibleWith_name': compatible_with['name'],
+            'compatibleVersions': compatible_with['versions']
+        }
+        flattened.append(item)
+    return flattened
@@ -2632,6 +2632,9 @@
     short-summary: Enable Azure Service Mesh.
     long-summary: This command enables Azure Service Mesh in given cluster.
     parameters:
+      - name: --revision
+        type: string
+        short-summary: Azure Service Mesh revision to install.
       - name: --key-vault-id
         type: string
         short-summary: The Azure Keyvault id with plugin CA info.
@@ -2689,6 +2692,62 @@
         text: az aks mesh disable-ingress-gateway --resource-group MyResourceGroup --name MyManagedCluster --ingress-gateway-type Internal
 """
 
+helps['aks mesh get-revisions'] = """
+    type: command
+    short-summary: Discover available Azure Service Mesh revisions and their compatibility.
+    long-summary: This command discovers available Azure Service Mesh revisions and their compatibility information for the given location.
+    examples:
+      - name: Discover Azure Service Mesh revisions.
+        text: az aks mesh get-revisions --location westus2
+        crafted: true
+"""
+
+helps['aks mesh get-upgrades'] = """
+    type: command
+    short-summary: Discover available Azure Service Mesh upgrades.
+    long-summary: This command discovers available Azure Service Mesh upgrades for the mesh revision installed on the cluster.
+    examples:
+      - name: Discover Azure Service Mesh upgrades.
+        text: az aks mesh get-upgrades --resource-group MyResourceGroup --name MyManagedCluster
+"""
+
+helps['aks mesh upgrade start'] = """
+    type: command
+    short-summary: Initiate Azure Service Mesh upgrade.
+    long-summary: This command initiates upgrade of Azure Service Mesh to the specified revision.
+    parameters:
+      - name: --revision
+        type: string
+        short-summary: Azure Service Mesh revision to upgrade to.
+    examples:
+      - name: Initiate Azure Service Mesh upgrade.
+        text: az aks mesh upgrade start --resource-group MyResourceGroup --name MyManagedCluster --revision asm-1-18
+"""
+
+helps['aks mesh upgrade'] = """
+    type: group
+    short-summary: Commands to manage the upgrades for Azure Service Mesh.
+    long-summary: A group of commands to manage the upgrades for Azure Service Mesh in given cluster.
+"""
+
+helps['aks mesh upgrade complete'] = """
+    type: command
+    short-summary: Complete Azure Service Mesh upgrade.
+    long-summary: This command completes Azure Service Mesh canary upgrade by removing the previous revision.
+    examples:
+      - name: Complete Azure Service Mesh upgrade.
+        text: az aks mesh upgrade complete --resource-group MyResourceGroup --name MyManagedCluster
+"""
+
+helps['aks mesh upgrade rollback'] = """
+    type: command
+    short-summary: Rollback Azure Service Mesh upgrade.
+    long-summary: This command rolls back Azure Service Mesh upgrade to the previous stable revision.
+    examples:
+      - name: Rollback Azure Service Mesh upgrade.
+        text: az aks mesh upgrade rollback --resource-group MyResourceGroup --name MyManagedCluster
+"""
+
 helps['aks mesh enable-egress-gateway'] = """
     type: command
     short-summary: Enable an Azure Service Mesh egress gateway.

@@ -34,8 +34,6 @@
     CONST_ABSOLUTEMONTHLY_MAINTENANCE_SCHEDULE,
     CONST_AZURE_KEYVAULT_NETWORK_ACCESS_PRIVATE,
     CONST_AZURE_KEYVAULT_NETWORK_ACCESS_PUBLIC,
-    CONST_AZURE_SERVICE_MESH_INGRESS_MODE_EXTERNAL,
-    CONST_AZURE_SERVICE_MESH_INGRESS_MODE_INTERNAL,
     CONST_CREDENTIAL_FORMAT_AZURE,
     CONST_CREDENTIAL_FORMAT_EXEC,
     CONST_DAILY_MAINTENANCE_SCHEDULE,
@@ -158,7 +156,8 @@
     validate_utc_offset,
     validate_vm_set_type,
     validate_vnet_subnet_id,
-    validate_force_upgrade_disable_and_enable_parameters
+    validate_force_upgrade_disable_and_enable_parameters,
+    validate_azure_service_mesh_revision
 )
 from azure.cli.core.commands.parameters import (
     edge_zone_type,
@@ -936,12 +935,19 @@ def load_arguments(self, _):
                    options_list=["--egress-gateway-nodeselector", "--egx-gtw-ns"])
 
     with self.argument_context('aks mesh enable') as c:
+        c.argument('revision', validator=validate_azure_service_mesh_revision)
         c.argument('key_vault_id')
         c.argument('ca_cert_object_name')
         c.argument('ca_key_object_name')
         c.argument('root_cert_object_name')
         c.argument('cert_chain_object_name')
 
+    with self.argument_context('aks mesh get-revisions') as c:
+        c.argument('location', required=True, help='Location in which to discover available Azure Service Mesh revisions.')
+
+    with self.argument_context('aks mesh upgrade start') as c:
+        c.argument('revision', validator=validate_azure_service_mesh_revision, required=True)
+
 
 def _get_default_install_location(exe_name):
     system = platform.system()

@@ -782,3 +782,14 @@ def validate_os_sku(namespace):
             CONST_OS_SKU_CBLMARINER,
             CONST_OS_SKU_MARINER,
         )
+
+
+def validate_azure_service_mesh_revision(namespace):
+    """Validates the user provided revision parameter for azure service mesh commands."""
+    if namespace.revision is None:
+        return
+    revision = namespace.revision
+    asm_revision_regex = re.compile(r'^asm-\d+-\d+$')
+    found = asm_revision_regex.findall(revision)
+    if not found:
+        raise InvalidArgumentValueError(f"Revision {revision} is not supported by the service mesh add-on.")
@@ -33,6 +33,8 @@
     aks_show_table_format,
     aks_upgrades_table_format,
     aks_versions_table_format,
+    aks_mesh_revisions_table_format,
+    aks_mesh_upgrades_table_format,
 )
 from knack.log import get_logger
 
@@ -291,3 +293,26 @@ def load_command_table(self, _):
             'aks_mesh_disable_egress_gateway',
             supports_no_wait=True,
             confirmation=True)
+        g.custom_command(
+            'get-revisions',
+            'aks_mesh_get_revisions',
+            table_transformer=aks_mesh_revisions_table_format)
+        g.custom_command(
+            'get-upgrades',
+            'aks_mesh_get_upgrades',
+            table_transformer=aks_mesh_upgrades_table_format)
+
+    # AKS mesh upgrade commands
+    with self.command_group('aks mesh upgrade', managed_clusters_sdk, client_factory=cf_managed_clusters) as g:
+        g.custom_command(
+            'start',
+            'aks_mesh_upgrade_start',
+            supports_no_wait=True)
+        g.custom_command(
+            'complete',
+            'aks_mesh_upgrade_complete',
+            supports_no_wait=True)
+        g.custom_command(
+            'rollback',
+            'aks_mesh_upgrade_rollback',
+            supports_no_wait=True)
@@ -1,4 +1,5 @@
 # --------------------------------------------------------------------------------------------
+# --------------------------------------------------------------------------------------------
 # Copyright (c) Microsoft Corporation. All rights reserved.
 # Licensed under the MIT License. See License.txt in the project root for license information.
 # --------------------------------------------------------------------------------------------
@@ -48,7 +49,10 @@
     CONST_SPOT_EVICTION_POLICY_DELETE,
     CONST_VIRTUAL_NODE_ADDON_NAME,
     CONST_VIRTUAL_NODE_SUBNET_NAME,
-    CONST_AZURE_KEYVAULT_SECRETS_PROVIDER_ADDON_NAME
+    CONST_AZURE_KEYVAULT_SECRETS_PROVIDER_ADDON_NAME,
+    CONST_AZURE_SERVICE_MESH_UPGRADE_COMMAND_START,
+    CONST_AZURE_SERVICE_MESH_UPGRADE_COMMAND_COMPLETE,
+    CONST_AZURE_SERVICE_MESH_UPGRADE_COMMAND_ROLLBACK,
 )
 from azext_aks_preview._helpers import (
     get_cluster_snapshot_by_snapshot_id,
@@ -2436,6 +2440,7 @@ def aks_mesh_enable(
         client,
         resource_group_name,
         name,
+        revision=None,
         key_vault_id=None,
         ca_cert_object_name=None,
         ca_key_object_name=None,
@@ -2457,6 +2462,7 @@ def aks_mesh_enable(
                             ca_key_object_name,
                             root_cert_object_name,
                             cert_chain_object_name,
+                            revision=revision,
                             enable_azure_service_mesh=True)
 
 
@@ -2481,7 +2487,6 @@ def aks_mesh_enable_ingress_gateway(
         client,
         resource_group_name,
         name,
-        enable_azure_service_mesh=True,
         enable_ingress_gateway=True,
         ingress_gateway_type=ingress_gateway_type)
 
@@ -2514,7 +2519,6 @@ def aks_mesh_enable_egress_gateway(
         client,
         resource_group_name,
         name,
-        enable_azure_service_mesh=True,
         enable_egress_gateway=True,
         egx_gtw_nodeselector=egx_gtw_nodeselector)
 
@@ -2530,11 +2534,70 @@ def aks_mesh_disable_egress_gateway(
         client,
         resource_group_name,
         name,
-        enable_azure_service_mesh=True,
         disable_egress_gateway=True,
         egx_gtw_nodeselector=None)
 
 
+def aks_mesh_get_revisions(
+        cmd,
+        client,
+        location
+):
+    return client.list_mesh_revision_profiles(location)
+
+
+def aks_mesh_get_upgrades(
+        cmd,
+        client,
+        resource_group_name,
+        name
+):
+    return client.list_mesh_upgrade_profiles(resource_group_name, name)
+
+
+def aks_mesh_upgrade_start(
+        cmd,
+        client,
+        resource_group_name,
+        name,
+        revision
+):
+    return _aks_mesh_update(
+        cmd,
+        client,
+        resource_group_name,
+        name,
+        revision=revision,
+        mesh_upgrade_command=CONST_AZURE_SERVICE_MESH_UPGRADE_COMMAND_START)
+
+
+def aks_mesh_upgrade_complete(
+        cmd,
+        client,
+        resource_group_name,
+        name):
+    return _aks_mesh_update(
+        cmd,
+        client,
+        resource_group_name,
+        name,
+        mesh_upgrade_command=CONST_AZURE_SERVICE_MESH_UPGRADE_COMMAND_COMPLETE)
+
+
+def aks_mesh_upgrade_rollback(
+        cmd,
+        client,
+        resource_group_name,
+        name
+):
+    return _aks_mesh_update(
+        cmd,
+        client,
+        resource_group_name,
+        name,
+        mesh_upgrade_command=CONST_AZURE_SERVICE_MESH_UPGRADE_COMMAND_ROLLBACK)
+
+
 def _aks_mesh_update(
         cmd,
         client,
@@ -2553,6 +2616,8 @@ def _aks_mesh_update(
         enable_egress_gateway=None,
         egx_gtw_nodeselector=None,
         disable_egress_gateway=None,
+        revision=None,
+        mesh_upgrade_command=None,
 ):
     raw_parameters = locals()