[AKS] az aks create/update: Add --nrg-lockdown-restriction-level parameter to support specifying restriction level on the managed node resource group#30391
Merged
Conversation
️✔️AzureCLI-FullTest
|
|
| rule | cmd_name | rule_message | suggest_message |
|---|---|---|---|
| aks create | cmd aks create added parameter nrg_lockdown_restriction_level |
||
| aks update | cmd aks update added parameter nrg_lockdown_restriction_level |
Collaborator
|
Thank you for your contribution! We will review the pull request and get back to you soon. |
microsoft-github-policy-service
Bot
requested review from
FumingZhang,
yanzhudd,
yonzhan and
zhoxing-ms
microsoft-github-policy-service
Bot
added
Auto-Assign
y1hao
commented
Nov 21, 2024
| self.check('nodeResourceGroupProfile.restrictionLevel', 'Unrestricted') | ||
| ]) | ||
|
|
||
| # update: Unrestricted -> ReadOnly |
Contributor
Author
There was a problem hiding this comment.
Added one more test case compared with the tests in extension, to provide more coverage.
y1hao
commented
Nov 21, 2024
| '--enable-managed-identity ' \ | ||
| '--nrg-lockdown-restriction-level ReadOnly ' \ | ||
| '--ssh-key-value={ssh_key_value} ' \ | ||
| '--aks-custom-headers AKSHTTPCustomFeatures=Microsoft.ContainerService/NRGLockdownPreview' |
Contributor
Author
There was a problem hiding this comment.
We still need this until we clean up the implementation to remove the dependency on the custom feature.
FumingZhang
reviewed
Nov 21, 2024
Member
There was a problem hiding this comment.
lgtm
Queued live test to validate the change, test passed!
- test_aks_create_and_update_with_nrg_restriction_level
Contributor
|
/azp run |
|
Azure Pipelines successfully started running 3 pipeline(s). |
Contributor
Author
|
Hi, @yanzhudd, @FumingZhang The previous test run discovered there were failed test cases in the 2020-09-01-hybrid profile. I believe I've fixed them and verified it locally. Could you help rerun a full test please? (Not sure if I could just trigger it myself) Thanks~ |
yanzhudd
changed the title
az aks create/update: Add --nrg-lockdown-restriction-level parameter to support specifying restriction level on the managed node resource group
Contributor
|
/azp run |
|
Azure Pipelines successfully started running 3 pipeline(s). |
Member
|
/azp run |
|
Azure Pipelines successfully started running 3 pipeline(s). |
Member
|
Hi @y1hao |
Contributor
Author
|
@wangzelin007 Thanks. Merged latest dev. |
Contributor
|
/azp run |
|
Azure Pipelines successfully started running 3 pipeline(s). |
Member
|
/azp run |
|
Azure Pipelines successfully started running 3 pipeline(s). |
FumingZhang
approved these changes
Nov 29, 2024
zhoxing-ms
approved these changes
Nov 29, 2024
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
6 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Related command
az aks create,az aks updateDescription
This PR introduces the
--nrg-lockdown-restriction-levelargument to allow configuring this value. Allowed values areReadOnlyandUnrestricted. Public doc: https://learn.microsoft.com/en-us/azure/aks/node-resource-group-lockdownThis argument is currently available as extension. This PR ports it to CLI, without any behaviour changes. See: Azure/azure-cli-extensions#5751
Testing Guide
Creating a cluster with NRG lockdown enabled:
$az aks create -n mycluster -g mygroup --nrg-lockdown-restriction-level ReadOnly --aks-custom-headers AKSHTTPCustomFeatures=Microsoft.ContainerService/NRGLockdownPreviewDisable NRG lockdown for a cluster:
$az aks update -n mycluster -g mygroup --nrg-lockdown-restriction-level Unrestricted --aks-custom-headers AKSHTTPCustomFeatures=Microsoft.ContainerService/NRGLockdownPreviewHistory Notes
[AKS]
az aks create/update: Add--nrg-lockdown-restriction-levelparameter to support specifying restriction level on the managed node resource groupThis checklist is used to make sure that common guidelines for a pull request are followed.
The PR title and description has followed the guideline in Submitting Pull Requests.
I adhere to the Command Guidelines.
I adhere to the Error Handling Guidelines.