Azure · zhoxing-ms · Oct 17, 2022 · Sep 26, 2022 · Oct 17, 2022 · Oct 17, 2022
@@ -12,6 +12,11 @@ To release a new version, please select a new version number (usually plus 1 to
 Pending
 +++++++
 
+0.5.107
++++++++
+
+* Add `--disable-windows-outbound-nat` for `az aks nodepool add` to add a Windows agent pool which the Windows OutboundNAT is disabled.
+
 0.5.106
 +++++++
 

@@ -1269,6 +1269,9 @@
         - name: --enable-custom-ca-trust
           type: bool
           short-summary: Enable Custom CA Trust on agent node pool.
+        - name: --disable-windows-outbound-nat
+          type: bool
+          short-summary: Disable Windows OutboundNAT on Windows agent node pool.
     examples:
         - name: Create a nodepool in an existing AKS cluster with ephemeral os enabled.
           text: az aks nodepool add -g MyResourceGroup -n nodepool1 --cluster-name MyManagedCluster --node-osdisk-type Ephemeral --node-osdisk-size 48

@@ -126,7 +126,8 @@
     validate_azuremonitorworkspaceresourceid,
     validate_grafanaresourceid,
     validate_ksm_labels,
-    validate_ksm_annotations
+    validate_ksm_annotations,
+    validate_disable_windows_outbound_nat,
 )
 
 # candidates for enumeration
@@ -504,6 +505,7 @@ def load_arguments(self, _):
         c.argument('workload_runtime', arg_type=get_enum_type(workload_runtimes), default=CONST_WORKLOAD_RUNTIME_OCI_CONTAINER)
         c.argument('gpu_instance_profile', arg_type=get_enum_type(gpu_instance_profiles))
         c.argument('enable_custom_ca_trust', action='store_true', validator=validate_enable_custom_ca_trust)
+        c.argument('disable_windows_outbound_nat', action='store_true', validator=validate_disable_windows_outbound_nat)
 
     with self.argument_context('aks nodepool update') as c:
         c.argument('enable_cluster_autoscaler', options_list=[

@@ -639,6 +639,14 @@ def validate_enable_custom_ca_trust(namespace):
                 '--enable_custom_ca_trust can only be set for Linux nodepools')
 
 
+def validate_disable_windows_outbound_nat(namespace):
+    """Validates disable_windows_outbound_nat can only be used on Windows."""
+    if namespace.disable_windows_outbound_nat:
+        if hasattr(namespace, 'os_type') and str(namespace.os_type).lower() != "windows":
+            raise ArgumentUsageError(
+                '--disable-windows-outbound-nat can only be set for Windows nodepools')
+
+
 def validate_defender_config_parameter(namespace):
     if namespace.defender_config and not namespace.enable_defender:
         raise RequiredArgumentMissingError("Please specify --enable-defnder")

@@ -233,6 +233,33 @@ def get_disable_custom_ca_trust(self) -> bool:
         """
         return self._get_disable_custom_ca_trust(enable_validation=True)
 
+    def _get_disable_windows_outbound_nat(self) -> bool:
+        """Internal function to obtain the value of disable_windows_outbound_nat.
+
+        :return: bool
+        """
+        # read the original value passed by the command
+        disable_windows_outbound_nat = self.raw_param.get("disable_windows_outbound_nat")
+        # In create mode, try to read the property value corresponding to the parameter from the `agentpool` object
+        if self.decorator_mode == DecoratorMode.CREATE:
+            if (
+                self.agentpool and
+                self.agentpool.windows_profile and
+                self.agentpool.windows_profile.disable_windows_outbound_nat is not None
+            ):
+                disable_windows_outbound_nat = self.agentpool.windows_profile.disable_windows_outbound_nat
+
+        # this parameter does not need dynamic completion
+        # this parameter does not need validation
+        return disable_windows_outbound_nat
+
+    def get_disable_windows_outbound_nat(self) -> bool:
+        """Obtain the value of disable_windows_outbound_nat.
+
+        :return: bool
+        """
+        return self._get_disable_windows_outbound_nat()
+
 
 class AKSPreviewAgentPoolAddDecorator(AKSAgentPoolAddDecorator):
     def __init__(
@@ -309,6 +336,23 @@ def set_up_custom_ca_trust(self, agentpool: AgentPool) -> AgentPool:
         agentpool.enable_custom_ca_trust = self.context.get_enable_custom_ca_trust()
         return agentpool
 
+    def set_up_agentpool_windows_profile(self, agentpool: AgentPool) -> AgentPool:
+        """Set up windows profile for the AgentPool object.
+
+        :return: the AgentPool object
+        """
+        self._ensure_agentpool(agentpool)
+
+        disable_windows_outbound_nat = self.context.get_disable_windows_outbound_nat()
+
+        # Construct AgentPoolWindowsProfile if one of the fields has been set
+        if disable_windows_outbound_nat:
+            agentpool.windows_profile = self.models.AgentPoolWindowsProfile(
+                disable_outbound_nat=disable_windows_outbound_nat
+            )
+
+        return agentpool
+
     def construct_agentpool_profile_preview(self) -> AgentPool:
         """The overall controller used to construct the preview AgentPool profile.
 
@@ -328,6 +372,8 @@ def construct_agentpool_profile_preview(self) -> AgentPool:
         agentpool = self.set_up_gpu_properties(agentpool)
         # set up custom ca trust
         agentpool = self.set_up_custom_ca_trust(agentpool)
+        # set up agentpool windows profile
+        agentpool = self.set_up_agentpool_windows_profile(agentpool)
 
         # DO NOT MOVE: keep this at the bottom, restore defaults
         agentpool = self._restore_defaults_in_agentpool(agentpool)

@@ -1170,6 +1170,7 @@ def aks_agentpool_add(
     workload_runtime=None,
     gpu_instance_profile=None,
     enable_custom_ca_trust=False,
+    disable_windows_outbound_nat=False,
 ):
     # DO NOT MOVE: get all the original parameters and save them as a dictionary
     raw_parameters = locals()
-Original file line number
+Diff line change
@@ Expand Up @@
     Pending
     +++++++
+.5.107
+    +++++++
+    * Add `--disable-windows-outbound-nat` for `az aks nodepool add` to add a Windows agent pool which the Windows OutboundNAT is disabled.
 .5.106
     +++++++
@@ Expand Down @@