merge main

linter_exclusions.yml

@@ -188,6 +188,9 @@ aks update:
     enable_pod_identity_with_kubenet:
       rule_exclusions:
       - option_length_too_long
+    assign_kubelet_identity:
+      rule_exclusions:
+      - option_length_too_long
 arcdata dc create:
   parameters:
     logs_ui_private_key_file:

src/account/HISTORY.rst

@@ -3,6 +3,10 @@
 Release History
 ===============
 
+0.2.3
++++++
+* GA of `az account alias`: Manage subscription alias.
+
 0.2.2
 +++++
 * Update SDK `azure-mgmt-subscription` version to 3.0.0 and api-version to 2021-10-01.

src/account/azext_account/azext_metadata.json

@@ -1,4 +1,3 @@
 {
-    "azext.isExperimental": true,
     "azext.minCliCoreVersion": "2.3.1"
 }

src/account/azext_account/generated/commands.py

@@ -35,7 +35,7 @@ def load_command_table(self, _):
     account_alias = CliCommandType(
         operations_tmpl='azext_account.vendored_sdks.subscription.operations._alias_operations#AliasOperations.{}',
         client_factory=cf_alias)
-    with self.command_group('account alias', account_alias, client_factory=cf_alias, is_experimental=True) as g:
+    with self.command_group('account alias', account_alias, client_factory=cf_alias) as g:
         g.custom_command('list', 'account_alias_list')
         g.custom_show_command('show', 'account_alias_show')
         g.custom_command('create', 'account_alias_create', supports_no_wait=True)

src/account/setup.py

@@ -16,7 +16,7 @@
 
 # TODO: Confirm this is the right version number you want and it matches your
 # HISTORY.rst entry.
-VERSION = '0.2.2'
+VERSION = '0.2.3'
 
 # The full list of classifiers is available at
 # https://pypi.python.org/pypi?%3Aaction=list_classifiers

src/aks-preview/HISTORY.md

@@ -3,6 +3,16 @@
 Release History
 ===============
 
+0.5.65
+++++++
+* Add `--ignore-pod-disruption-budget` flag for `az aks nodepool delete` for ignoring PodDisruptionBudget.
+
+0.5.64
+++++++
+
+* Add support for updating kubelet identity. Command is
+  * `az aks update --assign-kubelet-identity <kubelelt-identity-resource-id>`
+
 0.5.63
 ++++++
 

src/aks-preview/azcli_aks_live_test/configs/cli_coverage_config.json

@@ -11,6 +11,18 @@
             "warning_percent": 100,
             "fail_missing_lines": 0,
             "warning_missing_lines": 0
+        },
+        "agentpool_decorator.py": {
+            "fail_percent": 100,
+            "warning_percent": 100,
+            "fail_missing_lines": 0,
+            "warning_missing_lines": 0
+        },
+        "managed_cluster_decorator.py": {
+            "fail_percent": 100,
+            "warning_percent": 100,
+            "fail_missing_lines": 0,
+            "warning_missing_lines": 0
         }
     }
 }

src/aks-preview/azcli_aks_live_test/configs/ext_matrix_default.json

@@ -20,14 +20,11 @@
             "test_aks_create_with_monitoring_aad_auth_uai",
             "test_aks_enable_monitoring_with_aad_auth_msi",
             "test_aks_enable_monitoring_with_aad_auth_uai",
-            "test_aks_create_and_update_with_managed_nat_gateway_outbound",
             "test_aks_nodepool_add_with_workload_runtime",
             "test_aks_nodepool_add_with_gpu_instance_profile",
-            "test_aks_create_with_oidc_issuer_enabled",
-            "test_aks_update_with_oidc_issuer_enabled",
             "test_aks_create_with_crg_id",
-            "test_aks_create_with_network_plugin_none",
-            "test_aks_create_and_update_with_http_proxy_config"
+            "test_aks_create_and_update_with_http_proxy_config",
+            "test_aks_snapshot"
         ]
     }
 }

src/aks-preview/azext_aks_preview/_consts.py

@@ -3,16 +3,71 @@
 # Licensed under the MIT License. See License.txt in the project root for license information.
 # --------------------------------------------------------------------------------------------
 
+# consts for AgentPool
+# priority
+CONST_SCALE_SET_PRIORITY_REGULAR = "Regular"
+CONST_SCALE_SET_PRIORITY_SPOT = "Spot"
+
+# eviction policy
+CONST_SPOT_EVICTION_POLICY_DELETE = "Delete"
+CONST_SPOT_EVICTION_POLICY_DEALLOCATE = "Deallocate"
+
+# Scale Down Mode
+CONST_SCALE_DOWN_MODE_DELETE = "Delete"
+CONST_SCALE_DOWN_MODE_DEALLOCATE = "Deallocate"
+
+# os disk type
+CONST_OS_DISK_TYPE_MANAGED = "Managed"
+CONST_OS_DISK_TYPE_EPHEMERAL = "Ephemeral"
+
+# mode
+CONST_NODEPOOL_MODE_SYSTEM = "System"
+CONST_NODEPOOL_MODE_USER = "User"
+
+# os type
+CONST_DEFAULT_NODE_OS_TYPE = "Linux"
+
+# os sku
+CONST_OS_SKU_UBUNTU = "Ubuntu"
+CONST_OS_SKU_CBLMARINER = "CBLMariner"
+
+# vm set type
+CONST_VIRTUAL_MACHINE_SCALE_SETS = "VirtualMachineScaleSets"
+CONST_AVAILABILITY_SET = "AvailabilitySet"
+
+# vm size
+CONST_DEFAULT_NODE_VM_SIZE = "Standard_DS2_v2"
+CONST_DEFAULT_WINDOWS_NODE_VM_SIZE = "Standard_D2s_v3"
+
+# workload runtime
+CONST_WORKLOAD_RUNTIME_OCI_CONTAINER = "OCIContainer"
+CONST_WORKLOAD_RUNTIME_WASM_WASI = "WasmWasi"
+
+# gpu instance
+CONST_GPU_INSTANCE_PROFILE_MIG1_G = "MIG1g"
+CONST_GPU_INSTANCE_PROFILE_MIG2_G = "MIG2g"
+CONST_GPU_INSTANCE_PROFILE_MIG3_G = "MIG3g"
+CONST_GPU_INSTANCE_PROFILE_MIG4_G = "MIG4g"
+CONST_GPU_INSTANCE_PROFILE_MIG7_G = "MIG7g"
+
+# consts for ManagedCluster
+# load balancer sku
+CONST_LOAD_BALANCER_SKU_BASIC = "basic"
+CONST_LOAD_BALANCER_SKU_STANDARD = "standard"
+
+# outbound type
 CONST_OUTBOUND_TYPE_LOAD_BALANCER = "loadBalancer"
 CONST_OUTBOUND_TYPE_USER_DEFINED_ROUTING = "userDefinedRouting"
 CONST_OUTBOUND_TYPE_MANAGED_NAT_GATEWAY = "managedNATGateway"
 CONST_OUTBOUND_TYPE_USER_ASSIGNED_NAT_GATEWAY = "userAssignedNATGateway"
 
-CONST_SCALE_SET_PRIORITY_REGULAR = "Regular"
-CONST_SCALE_SET_PRIORITY_SPOT = "Spot"
+# private dns zone mode
+CONST_PRIVATE_DNS_ZONE_SYSTEM = "system"
+CONST_PRIVATE_DNS_ZONE_NONE = "none"
 
-CONST_SPOT_EVICTION_POLICY_DELETE = "Delete"
-CONST_SPOT_EVICTION_POLICY_DEALLOCATE = "Deallocate"
+# used to set identity profile (for kubelet)
+CONST_MANAGED_IDENTITY_OPERATOR_ROLE = 'Managed Identity Operator'
+CONST_MANAGED_IDENTITY_OPERATOR_ROLE_ID = 'f1a07417-d97a-45cb-824c-7a7467783830'
 
 # consts for upgrade channel
 CONST_RAPID_UPGRADE_CHANNEL = "rapid"
@@ -21,97 +76,85 @@
 CONST_NODE_IMAGE_UPGRADE_CHANNEL = "node-image"
 CONST_NONE_UPGRADE_CHANNEL = "none"
 
+# network plugin
+CONST_NETWORK_PLUGIN_KUBENET = "kubenet"
+CONST_NETWORK_PLUGIN_AZURE = "azure"
+CONST_NETWORK_PLUGIN_NONE = "none"
+
+# consts for addons
+# http application routing
 CONST_HTTP_APPLICATION_ROUTING_ADDON_NAME = "httpApplicationRouting"
 
+# monitoring
 CONST_MONITORING_ADDON_NAME = "omsagent"
 CONST_MONITORING_LOG_ANALYTICS_WORKSPACE_RESOURCE_ID = "logAnalyticsWorkspaceResourceID"
 CONST_MONITORING_USING_AAD_MSI_AUTH = "useAADAuth"
 
+# virtual node
 CONST_VIRTUAL_NODE_ADDON_NAME = "aciConnector"
 CONST_VIRTUAL_NODE_SUBNET_NAME = "SubnetName"
 
-CONST_AZURE_POLICY_ADDON_NAME = "azurepolicy"
-
+# dashboard
 CONST_KUBE_DASHBOARD_ADDON_NAME = "kubeDashboard"
 
-CONST_OS_DISK_TYPE_MANAGED = "Managed"
-CONST_OS_DISK_TYPE_EPHEMERAL = "Ephemeral"
+# azure policy
+CONST_AZURE_POLICY_ADDON_NAME = "azurepolicy"
 
-# IngressApplicaitonGateway configuration keys
+# ingressApplicaitonGateway configuration keys
 CONST_INGRESS_APPGW_ADDON_NAME = "ingressApplicationGateway"
 CONST_INGRESS_APPGW_APPLICATION_GATEWAY_NAME = "applicationGatewayName"
 CONST_INGRESS_APPGW_APPLICATION_GATEWAY_ID = "applicationGatewayId"
 CONST_INGRESS_APPGW_SUBNET_ID = "subnetId"
 CONST_INGRESS_APPGW_SUBNET_CIDR = "subnetCIDR"
 CONST_INGRESS_APPGW_WATCH_NAMESPACE = "watchNamespace"
 
-# Open Service Mesh configuration keys
-CONST_OPEN_SERVICE_MESH_ADDON_NAME = "openServiceMesh"
-
-# Gitops configuration keys
-CONST_GITOPS_ADDON_NAME = "gitops"
-
-CONST_NODEPOOL_MODE_SYSTEM = "System"
-CONST_NODEPOOL_MODE_USER = "User"
-
-# refer https://docs.microsoft.com/en-us/rest/api/storageservices/
-# naming-and-referencing-containers--blobs--and-metadata#container-names
-CONST_CONTAINER_NAME_MAX_LENGTH = 63
-
-# confcom addon keys
+# confcom
 CONST_CONFCOM_ADDON_NAME = "ACCSGXDevicePlugin"
 CONST_ACC_SGX_QUOTE_HELPER_ENABLED = "ACCSGXQuoteHelperEnabled"
 
-# private dns zone mode
-CONST_PRIVATE_DNS_ZONE_SYSTEM = "system"
-CONST_PRIVATE_DNS_ZONE_NONE = "none"
+# open service mesh
+CONST_OPEN_SERVICE_MESH_ADDON_NAME = "openServiceMesh"
 
-# Azure Keyvault Secrets Provider configuration keys
+# azure keyvault secrets provider
 CONST_AZURE_KEYVAULT_SECRETS_PROVIDER_ADDON_NAME = "azureKeyvaultSecretsProvider"
 CONST_SECRET_ROTATION_ENABLED = "enableSecretRotation"
 CONST_ROTATION_POLL_INTERVAL = "rotationPollInterval"
 
-# Scale Down Mode
-CONST_SCALE_DOWN_MODE_DELETE = "Delete"
-CONST_SCALE_DOWN_MODE_DEALLOCATE = "Deallocate"
+# gitops
+CONST_GITOPS_ADDON_NAME = "gitops"
 
+# all supported addons
 ADDONS = {
     'http_application_routing': CONST_HTTP_APPLICATION_ROUTING_ADDON_NAME,
     'monitoring': CONST_MONITORING_ADDON_NAME,
     'virtual-node': CONST_VIRTUAL_NODE_ADDON_NAME,
-    'azure-policy': CONST_AZURE_POLICY_ADDON_NAME,
     'kube-dashboard': CONST_KUBE_DASHBOARD_ADDON_NAME,
+    'azure-policy': CONST_AZURE_POLICY_ADDON_NAME,
     'ingress-appgw': CONST_INGRESS_APPGW_ADDON_NAME,
-    'open-service-mesh': CONST_OPEN_SERVICE_MESH_ADDON_NAME,
     "confcom": CONST_CONFCOM_ADDON_NAME,
-    'gitops': CONST_GITOPS_ADDON_NAME,
-    'azure-keyvault-secrets-provider': CONST_AZURE_KEYVAULT_SECRETS_PROVIDER_ADDON_NAME
+    'open-service-mesh': CONST_OPEN_SERVICE_MESH_ADDON_NAME,
+    'azure-keyvault-secrets-provider': CONST_AZURE_KEYVAULT_SECRETS_PROVIDER_ADDON_NAME,
+    'gitops': CONST_GITOPS_ADDON_NAME
 }
 
 ADDONS_DESCRIPTIONS = {
     CONST_HTTP_APPLICATION_ROUTING_ADDON_NAME: '- configure ingress with automatic public DNS name creation',
     CONST_MONITORING_ADDON_NAME: '- turn on Log Analytics monitoring. Uses the Log Analytics Default Workspace if it exists, else creates one. Specify "--workspace-resource-id" to use an existing workspace.\nIf monitoring addon is enabled --no-wait argument will have no effect.',
     CONST_VIRTUAL_NODE_ADDON_NAME: '- enable AKS Virtual Node. Requires --aci-subnet-name to provide the name of an existing subnet for the Virtual Node to use.\naci-subnet-name must be in the same vnet which is specified by --vnet-subnet-id (required as well).',
-    CONST_AZURE_POLICY_ADDON_NAME: '- enable Azure policy. The Azure Policy add-on for AKS enables at-scale enforcements and safeguards on your clusters in a centralized, consistent manner.\nLearn more at aka.ms/aks/policy.',
     CONST_KUBE_DASHBOARD_ADDON_NAME: '- n/a',
+    CONST_AZURE_POLICY_ADDON_NAME: '- enable Azure policy. The Azure Policy add-on for AKS enables at-scale enforcements and safeguards on your clusters in a centralized, consistent manner.\nLearn more at aka.ms/aks/policy.',
     CONST_INGRESS_APPGW_ADDON_NAME: '- enable Application Gateway Ingress Controller addon (PREVIEW).',
-    CONST_OPEN_SERVICE_MESH_ADDON_NAME: '- enable Open Service Mesh addon (PREVIEW).',
     CONST_CONFCOM_ADDON_NAME: '- enable confcom addon, this will enable SGX device plugin by default (PREVIEW).',
-    CONST_GITOPS_ADDON_NAME: '- enable GitOps (PREVIEW).',
-    CONST_AZURE_KEYVAULT_SECRETS_PROVIDER_ADDON_NAME: '- enable Azure Keyvault Secrets Provider addon (PREVIEW).'
+    CONST_OPEN_SERVICE_MESH_ADDON_NAME: '- enable Open Service Mesh addon (PREVIEW).',
+    CONST_AZURE_KEYVAULT_SECRETS_PROVIDER_ADDON_NAME: '- enable Azure Keyvault Secrets Provider addon (PREVIEW).',
+    CONST_GITOPS_ADDON_NAME: '- enable GitOps (PREVIEW).'
 }
 
-CONST_WORKLOAD_RUNTIME_OCI_CONTAINER = "OCIContainer"
-CONST_WORKLOAD_RUNTIME_WASM_WASI = "WasmWasi"
-
-CONST_MANAGED_IDENTITY_OPERATOR_ROLE = 'Managed Identity Operator'
-CONST_MANAGED_IDENTITY_OPERATOR_ROLE_ID = 'f1a07417-d97a-45cb-824c-7a7467783830'
-
-CONST_GPU_INSTANCE_PROFILE_MIG1_G = "MIG1g"
-CONST_GPU_INSTANCE_PROFILE_MIG2_G = "MIG2g"
-CONST_GPU_INSTANCE_PROFILE_MIG3_G = "MIG3g"
-CONST_GPU_INSTANCE_PROFILE_MIG4_G = "MIG4g"
-CONST_GPU_INSTANCE_PROFILE_MIG7_G = "MIG7g"
-
+# consts for credential
+# credential format
 CONST_CREDENTIAL_FORMAT_AZURE = "azure"
 CONST_CREDENTIAL_FORMAT_EXEC = "exec"
+
+# refer https://docs.microsoft.com/en-us/rest/api/storageservices/
+# naming-and-referencing-containers--blobs--and-metadata#container-names
+CONST_CONTAINER_NAME_MAX_LENGTH = 63

src/aks-preview/azext_aks_preview/_help.py

@@ -51,9 +51,9 @@
         - name: --node-osdisk-type
           type: string
           short-summary: OS disk type to be used for machines in a given agent pool. Defaults to 'Managed'. May not be changed for this pool after creation.
-        - name: --node-osdisk-diskencryptionset-id
+        - name: --node-osdisk-diskencryptionset-id -d
           type: string
-          short-summary: ResourceId of the disk encryption set to use for enabling encryption at rest.
+          short-summary: ResourceId of the disk encryption set to use for enabling encryption at rest on agent node os disk.
         - name: --kubernetes-version -k
           type: string
           short-summary: Version of Kubernetes to use for creating the cluster, such as "1.7.12" or "1.8.7".
@@ -613,10 +613,13 @@
           short-summary: Specify the upgrade channel for autoupgrade. It could be rapid, stable, patch, node-image or none, none means disable autoupgrade.
         - name: --enable-managed-identity
           type: bool
-          short-summary: (PREVIEW) Update current cluster to managed identity to manage cluster resource group.
+          short-summary: Update current cluster to managed identity to manage cluster resource group.
         - name: --assign-identity
           type: string
-          short-summary: (PREVIEW) Specify an existing user assigned identity to manage cluster resource group.
+          short-summary: Specify an existing user assigned identity to manage cluster resource group.
+        - name: --assign-kubelet-identity
+          type: string
+          short-summary: Update cluster's kubelet identity to an existing user assigned identity. Note, this operation will recreate all agent node in the cluster.
         - name: --enable-pod-identity
           type: bool
           short-summary: (PREVIEW) Enable Pod Identity addon for cluster.
@@ -1218,6 +1221,13 @@
 helps['aks nodepool delete'] = """
     type: command
     short-summary: Delete the agent pool in the managed Kubernetes cluster.
+    parameters:
+        - name: --ignore-pod-disruption-budget -i
+          type: bool
+          short-summary: (PREVIEW) ignore-pod-disruption-budget deletes an existing nodepool without considering Pod Disruption Budget.
+    examples:
+        - name: Delete an agent pool with ignore-pod-disruption-budget
+          text: az aks nodepool delete --resource-group MyResourceGroup --cluster-name MyManagedCluster --name nodepool1 --ignore-pod-disruption-budget=true
 """
 
 helps['aks addon'] = """