From 6d82b409a3493ab9703e97147c8b292d1c561971 Mon Sep 17 00:00:00 2001
From: Lia Kazakova <liakaz@microsoft.com>
Date: Thu, 3 Jun 2021 11:06:32 -0700
Subject: [PATCH 1/5] fixed scoring fe related extension params

---
 .../partner_extensions/AzureMLKubernetes.py       | 15 +++++++++++++--
 1 file changed, 13 insertions(+), 2 deletions(-)

diff --git a/src/k8s-extension/azext_k8s_extension/partner_extensions/AzureMLKubernetes.py b/src/k8s-extension/azext_k8s_extension/partner_extensions/AzureMLKubernetes.py
index b9f039e9293..a258993fb9b 100644
--- a/src/k8s-extension/azext_k8s_extension/partner_extensions/AzureMLKubernetes.py
+++ b/src/k8s-extension/azext_k8s_extension/partner_extensions/AzureMLKubernetes.py
@@ -79,6 +79,7 @@ def __init__(self):
         self.sslCertPemFile = 'sslCertPemFile'
         self.allowInsecureConnections = 'allowInsecureConnections'
         self.privateEndpointILB = 'privateEndpointILB'
+        self.privateEndpointNodeport  = 'privateEndpointNodeport'
 
         # reference mapping
         self.reference_mapping = {
@@ -214,13 +215,23 @@ def __validate_scoring_fe_settings(self, configuration_settings, configuration_p
                 "Otherwise explicitly allow insecure connection by specifying "
                 "'--configuration-settings allowInsecureConnections=true'")
 
+        feIsNodePort = _get_value_from_config_protected_config(
+            self.privateEndpointNodeport, configuration_settings, configuration_protected_settings)
+        feIsNodePort = str(feIsNodePort).lower() == 'true'
         feIsInternalLoadBalancer = _get_value_from_config_protected_config(
             self.privateEndpointILB, configuration_settings, configuration_protected_settings)
         feIsInternalLoadBalancer = str(feIsInternalLoadBalancer).lower() == 'true'
-        if feIsInternalLoadBalancer:
+
+        if feIsNodePort and feIsInternalLoadBalancer:
+            raise InvalidArgumentValueError(
+                "Specify either privateEndpointNodeport=true or privateEndpointILB=true, but not both.")
+        elif feIsNodePort:
+            configuration_settings['scoringFe.serviceType.nodePort'] = feIsNodePort
+        elif feIsInternalLoadBalancer:
+            configuration_settings['scoringFe.serviceType.internalLoadBalancer'] = feIsInternalLoadBalancer
             logger.warning(
                 'Internal load balancer only supported on AKS and AKS Engine Clusters.')
-            configuration_protected_settings['scoringFe.%s' % self.privateEndpointILB] = feIsInternalLoadBalancer
+            
 
     def __set_up_inference_ssl(self, configuration_settings, configuration_protected_settings):
         allowInsecureConnections = _get_value_from_config_protected_config(

From 2f86b3ef8be3992b344c8804263ac77a7f27840b Mon Sep 17 00:00:00 2001
From: Lia Kazakova <liakaz@microsoft.com>
Date: Thu, 3 Jun 2021 14:12:03 -0700
Subject: [PATCH 2/5] bug fix and style fixes

---
 .../partner_extensions/AzureMLKubernetes.py        | 14 +++++++-------
 .../extensions/public/AzureMLKubernetes.Tests.ps1  |  4 ++--
 2 files changed, 9 insertions(+), 9 deletions(-)

diff --git a/src/k8s-extension/azext_k8s_extension/partner_extensions/AzureMLKubernetes.py b/src/k8s-extension/azext_k8s_extension/partner_extensions/AzureMLKubernetes.py
index a258993fb9b..58c9c6d9720 100644
--- a/src/k8s-extension/azext_k8s_extension/partner_extensions/AzureMLKubernetes.py
+++ b/src/k8s-extension/azext_k8s_extension/partner_extensions/AzureMLKubernetes.py
@@ -79,7 +79,8 @@ def __init__(self):
         self.sslCertPemFile = 'sslCertPemFile'
         self.allowInsecureConnections = 'allowInsecureConnections'
         self.privateEndpointILB = 'privateEndpointILB'
-        self.privateEndpointNodeport  = 'privateEndpointNodeport'
+        self.privateEndpointNodeport = 'privateEndpointNodeport'
+        self.inferenceLoadBalancerHA = 'inferenceLoadBalancerHA'
 
         # reference mapping
         self.reference_mapping = {
@@ -198,12 +199,12 @@ def __validate_config(self, configuration_settings, configuration_protected_sett
 
     def __validate_scoring_fe_settings(self, configuration_settings, configuration_protected_settings):
         experimentalCluster = _get_value_from_config_protected_config(
-            'inferenceLoadBalancerHA', configuration_settings, configuration_protected_settings)
-        experimentalCluster = str(experimentalCluster).lower() == 'true'
-        if experimentalCluster:
-            configuration_settings['clusterPurpose'] = 'DevTest'
-        else:
+            self.inferenceLoadBalancerHA, configuration_settings, configuration_protected_settings)
+        notExperimentalCluster = str(experimentalCluster).lower() == 'true'
+        if notExperimentalCluster:
             configuration_settings['clusterPurpose'] = 'FastProd'
+        else:
+            configuration_settings['clusterPurpose'] = 'DevTest'
         feSslCertFile = configuration_protected_settings.get(self.sslCertPemFile)
         feSslKeyFile = configuration_protected_settings.get(self.sslKeyPemFile)
         allowInsecureConnections = _get_value_from_config_protected_config(
@@ -231,7 +232,6 @@ def __validate_scoring_fe_settings(self, configuration_settings, configuration_p
             configuration_settings['scoringFe.serviceType.internalLoadBalancer'] = feIsInternalLoadBalancer
             logger.warning(
                 'Internal load balancer only supported on AKS and AKS Engine Clusters.')
-            
 
     def __set_up_inference_ssl(self, configuration_settings, configuration_protected_settings):
         allowInsecureConnections = _get_value_from_config_protected_config(
diff --git a/testing/test/extensions/public/AzureMLKubernetes.Tests.ps1 b/testing/test/extensions/public/AzureMLKubernetes.Tests.ps1
index ac5573ad955..20b6a802b73 100644
--- a/testing/test/extensions/public/AzureMLKubernetes.Tests.ps1
+++ b/testing/test/extensions/public/AzureMLKubernetes.Tests.ps1
@@ -107,7 +107,7 @@ Describe 'AzureML Kubernetes Testing' {
     }
 
     It 'Creates the extension and checks that it onboards correctly with inference enabled' {
-        Invoke-Expression "az $Env:K8sExtensionName create -c $($ENVCONFIG.arcClusterName) -g $($ENVCONFIG.resourceGroup) --cluster-type connectedClusters --extension-type $extensionType -n $extensionName --release-train staging --config enableInference=true identity.proxy.remoteEnabled=True identity.proxy.remoteHost=https://master.experiments.azureml-test.net allowInsecureConnections=True inferenceLoadBalancerHA=true" -ErrorVariable badOut
+        Invoke-Expression "az $Env:K8sExtensionName create -c $($ENVCONFIG.arcClusterName) -g $($ENVCONFIG.resourceGroup) --cluster-type connectedClusters --extension-type $extensionType -n $extensionName --release-train staging --config enableInference=true identity.proxy.remoteEnabled=True identity.proxy.remoteHost=https://master.experiments.azureml-test.net allowInsecureConnections=True inferenceLoadBalancerHA=false" -ErrorVariable badOut
         $badOut | Should -BeNullOrEmpty        
 
         $output = Invoke-Expression "az $Env:K8sExtensionName show -c $($ENVCONFIG.arcClusterName) -g $($ENVCONFIG.resourceGroup) --cluster-type connectedClusters -n $extensionName" -ErrorVariable badOut
@@ -154,7 +154,7 @@ Describe 'AzureML Kubernetes Testing' {
     It 'Creates the extension and checks that it onboards correctly with inference and SSL enabled' {
         $sslKeyPemFile = Join-Path (Join-Path (Join-Path (Split-Path $PSScriptRoot -Parent) "data") "azure_ml") "test_key.pem"
         $sslCertPemFile = Join-Path (Join-Path (Join-Path (Split-Path $PSScriptRoot -Parent) "data") "azure_ml") "test_cert.pem"
-        Invoke-Expression "az $Env:K8sExtensionName create -c $($ENVCONFIG.arcClusterName) -g $($ENVCONFIG.resourceGroup) --cluster-type connectedClusters --extension-type $extensionType -n $extensionName --release-train staging --config enableInference=true identity.proxy.remoteEnabled=True identity.proxy.remoteHost=https://master.experiments.azureml-test.net inferenceLoadBalancerHA=True --config-protected sslKeyPemFile=$sslKeyPemFile sslCertPemFile=$sslCertPemFile" -ErrorVariable badOut
+        Invoke-Expression "az $Env:K8sExtensionName create -c $($ENVCONFIG.arcClusterName) -g $($ENVCONFIG.resourceGroup) --cluster-type connectedClusters --extension-type $extensionType -n $extensionName --release-train staging --config enableInference=true identity.proxy.remoteEnabled=True identity.proxy.remoteHost=https://master.experiments.azureml-test.net inferenceLoadBalancerHA=False --config-protected sslKeyPemFile=$sslKeyPemFile sslCertPemFile=$sslCertPemFile" -ErrorVariable badOut
         $badOut | Should -BeNullOrEmpty        
 
         $output = Invoke-Expression "az $Env:K8sExtensionName show -c $($ENVCONFIG.arcClusterName) -g $($ENVCONFIG.resourceGroup) --cluster-type connectedClusters -n $extensionName" -ErrorVariable badOut

From 58bcaa9b53444f1bbc3c1bcf1b4e79272ea7f5c9 Mon Sep 17 00:00:00 2001
From: Lia Kazakova <liakaz@microsoft.com>
Date: Fri, 4 Jun 2021 09:51:55 -0700
Subject: [PATCH 3/5] variable rename

---
 .../partner_extensions/AzureMLKubernetes.py                 | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/src/k8s-extension/azext_k8s_extension/partner_extensions/AzureMLKubernetes.py b/src/k8s-extension/azext_k8s_extension/partner_extensions/AzureMLKubernetes.py
index 58c9c6d9720..cf4f6f3b481 100644
--- a/src/k8s-extension/azext_k8s_extension/partner_extensions/AzureMLKubernetes.py
+++ b/src/k8s-extension/azext_k8s_extension/partner_extensions/AzureMLKubernetes.py
@@ -198,10 +198,10 @@ def __validate_config(self, configuration_settings, configuration_protected_sett
         configuration_protected_settings.pop(self.ENABLE_INFERENCE, None)
 
     def __validate_scoring_fe_settings(self, configuration_settings, configuration_protected_settings):
-        experimentalCluster = _get_value_from_config_protected_config(
+        isProdCluster = _get_value_from_config_protected_config(
             self.inferenceLoadBalancerHA, configuration_settings, configuration_protected_settings)
-        notExperimentalCluster = str(experimentalCluster).lower() == 'true'
-        if notExperimentalCluster:
+        isProdCluster = str(isProdCluster).lower() == 'true'
+        if isProdCluster:
             configuration_settings['clusterPurpose'] = 'FastProd'
         else:
             configuration_settings['clusterPurpose'] = 'DevTest'

From 5a241b25e6748aa38ec27f43ed88b298d150aa5e Mon Sep 17 00:00:00 2001
From: Lia Kazakova <liakaz@microsoft.com>
Date: Fri, 4 Jun 2021 10:02:12 -0700
Subject: [PATCH 4/5] fixed the error type

---
 .../partner_extensions/AzureMLKubernetes.py                   | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/k8s-extension/azext_k8s_extension/partner_extensions/AzureMLKubernetes.py b/src/k8s-extension/azext_k8s_extension/partner_extensions/AzureMLKubernetes.py
index cf4f6f3b481..39b84bbcb81 100644
--- a/src/k8s-extension/azext_k8s_extension/partner_extensions/AzureMLKubernetes.py
+++ b/src/k8s-extension/azext_k8s_extension/partner_extensions/AzureMLKubernetes.py
@@ -20,7 +20,7 @@
 import azure.mgmt.storage.models
 import azure.mgmt.loganalytics
 import azure.mgmt.loganalytics.models
-from azure.cli.core.azclierror import InvalidArgumentValueError
+from azure.cli.core.azclierror import InvalidArgumentValueError, MutuallyExclusiveArgumentError
 from azure.cli.core.commands.client_factory import get_mgmt_service_client, get_subscription_id
 from azure.mgmt.resource.locks.models import ManagementLockObject
 from knack.log import get_logger
@@ -224,7 +224,7 @@ def __validate_scoring_fe_settings(self, configuration_settings, configuration_p
         feIsInternalLoadBalancer = str(feIsInternalLoadBalancer).lower() == 'true'
 
         if feIsNodePort and feIsInternalLoadBalancer:
-            raise InvalidArgumentValueError(
+            raise MutuallyExclusiveArgumentError(
                 "Specify either privateEndpointNodeport=true or privateEndpointILB=true, but not both.")
         elif feIsNodePort:
             configuration_settings['scoringFe.serviceType.nodePort'] = feIsNodePort

From d0e26df5feeb0738fa942fc0702634807d6a29a2 Mon Sep 17 00:00:00 2001
From: Lia Kazakova <liakaz@microsoft.com>
Date: Mon, 7 Jun 2021 18:30:34 -0700
Subject: [PATCH 5/5] set cluster to prod by default

---
 .../partner_extensions/AzureMLKubernetes.py            | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/src/k8s-extension/azext_k8s_extension/partner_extensions/AzureMLKubernetes.py b/src/k8s-extension/azext_k8s_extension/partner_extensions/AzureMLKubernetes.py
index 39b84bbcb81..bd49a164a3b 100644
--- a/src/k8s-extension/azext_k8s_extension/partner_extensions/AzureMLKubernetes.py
+++ b/src/k8s-extension/azext_k8s_extension/partner_extensions/AzureMLKubernetes.py
@@ -198,13 +198,13 @@ def __validate_config(self, configuration_settings, configuration_protected_sett
         configuration_protected_settings.pop(self.ENABLE_INFERENCE, None)
 
     def __validate_scoring_fe_settings(self, configuration_settings, configuration_protected_settings):
-        isProdCluster = _get_value_from_config_protected_config(
+        isTestCluster = _get_value_from_config_protected_config(
             self.inferenceLoadBalancerHA, configuration_settings, configuration_protected_settings)
-        isProdCluster = str(isProdCluster).lower() == 'true'
-        if isProdCluster:
-            configuration_settings['clusterPurpose'] = 'FastProd'
-        else:
+        isTestCluster = str(isTestCluster).lower() == 'false'
+        if isTestCluster:
             configuration_settings['clusterPurpose'] = 'DevTest'
+        else:
+            configuration_settings['clusterPurpose'] = 'FastProd'
         feSslCertFile = configuration_protected_settings.get(self.sslCertPemFile)
         feSslKeyFile = configuration_protected_settings.get(self.sslKeyPemFile)
         allowInsecureConnections = _get_value_from_config_protected_config(