Merge pull request Azure#5 from Azure/master

Synced with the official repo
ninpan-ms · Jun 16, 2021 · 1807967 · 1807967
2 parents eda6713 + ff20eff
commit 1807967
Show file tree

Hide file tree

Showing 498 changed files with 70,681 additions and 53,167 deletions.
diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS
@@ -2,7 +2,7 @@
 
 /linter_exclusions.yml @kairu-ms @fengzhou-msft
 
-/src/index.json @fengzhou-msft @qwordy @houk-ms @kairu-ms @jsntcy @Juliehzl @jiasli @zhoxing-ms @evelyn-ys @msyyc @xfz11 @08nholloway
+/src/index.json @fengzhou-msft @qwordy @houk-ms @kairu-ms @jsntcy @Juliehzl @jiasli @zhoxing-ms @evelyn-ys @xfz11 @08nholloway
 
 /src/footprint/ @jonunezd @Diego-Perez-Botero
 
@@ -28,7 +28,9 @@
 
 /src/dms-preview/ @temandr
 
-/src/express-route-cross-connection/ @kairu-ms @msyyc
+/src/dnc/ @alegal
+
+/src/express-route-cross-connection/ @kairu-ms @jsntcy
 
 /src/application-insights/ @alexeldeib
 
@@ -40,11 +42,11 @@
 
 /src/resource-graph/ @demyanenko @amirhbk @chiragg4u
 
-/src/azure-firewall/ @kairu-ms @msyyc
+/src/azure-firewall/ @kairu-ms @jsntcy
 
-/src/virtual-network-tap/ @kairu-ms @msyyc
+/src/virtual-network-tap/ @kairu-ms @jsntcy
 
-/src/virtual-wan/ @kairu-ms @msyyc
+/src/virtual-wan/ @kairu-ms @jsntcy
 
 /src/front-door/ @pichandwork
 
@@ -70,7 +72,7 @@
 
 /src/connectedmachine/ @farehar
 
-/src/ip-group/ @msyyc
+/src/ip-group/ @kairu-ms @jsntcy
 
 /src/connectedk8s/ @akashkeshari @alphaWizard
 
@@ -82,7 +84,7 @@
 
 /src/notification-hub/ @fengzhou-msft
 
-/src/connection-monitor-preview/ @msyyc
+/src/connection-monitor-preview/ @kairu-ms @jsntcy
 
 /src/support/ @mit2nil @shahbj79 @RudraSharma93Microsoft
 
@@ -98,7 +100,7 @@
 
 /src/storage-blob-preview/ @Juliehzl
 
-/src/logic/ @jsntcy @msyyc @kairu
+/src/logic/ @jsntcy @kairu
 
 /src/hardware-security-modules/ @bquantump
 
@@ -134,7 +136,7 @@
 
 /src/custom-providers/ @jsntcy
 
-/src/costmanagement/ @msyyc
+/src/costmanagement/ @kairu-ms @jsntcy
 
 /src/datafactory/ @qiaozha @fengzhou-msft @qwordy
 
@@ -164,11 +166,11 @@
 
 /src/securityinsight/ @houk-ms
 
-/src/communication/ @msyyc
+/src/communication/ @kairu-ms @jsntcy
 
 /src/automation/ @qwordy
 
-/src/monitor-control-service/ @jsntcy @msyyc @kairu-ms
+/src/monitor-control-service/ @jsntcy @kairu-ms
 
 /src/rdbms-connect/ @mjain2 @Juliehzl
 
@@ -195,3 +197,5 @@
 /src/connectedvmware/ @sanmishra18
 
 /src/diskpool/ @Juliehzl
+
+/src/dataprotection/ @sambitratha
diff --git a/src/aks-preview/HISTORY.md b/src/aks-preview/HISTORY.md
@@ -2,6 +2,22 @@
 
 Release History
 ===============
+0.5.19
++++++
+* Remove azure-defender from list of available addons to install via `az aks enable-addons` command
+
+0.5.18
++++++
+* Fix issue with node config not consuming logging settings
+
+0.5.17
++++++
+* Add parameter '--enable-ultra-ssd' to enable UltraSSD on agent node pool
+
+0.5.16
++++++
+* Vendor SDK using latest swagger with optional query parameter added
+* Support private cluster public fqdn feature
 
 0.5.15
 +++++

diff --git a/src/aks-preview/azcli_aks_live_test/ext_matrix_default.json b/src/aks-preview/azcli_aks_live_test/ext_matrix_default.json
@@ -6,38 +6,34 @@
     },
     "exclude": {
         "need additional feature": [
-            "test_aks_create_addon_with_azurekeyvaultsecretsprovider_with_secret_rotation",
-            "test_aks_create_with_auto_upgrade_channel",
-            "test_aks_create_with_pod_identity_enabled",
-            "test_aks_create_with_azurekeyvaultsecretsprovider_addon",
-            "test_aks_create_using_azurecni_with_pod_identity_enabled",
-            "test_aks_create_with_gitops_addon",
+            "test_aks_create_with_ossku",
+            "test_aks_nodepool_add_with_ossku",
             "test_aks_create_with_node_config",
-            "test_aks_custom_kubelet_identity",
-            "test_aks_disable_addon_gitops",
-            "test_aks_disable_addon_openservicemesh",
-            "test_aks_pod_identity_usage",
-            "test_aks_create_with_openservicemesh_addon",
+            "test_aks_create_private_cluster_public_fqdn",
+            "test_aks_create_addon_with_azurekeyvaultsecretsprovider_with_secret_rotation",
             "test_aks_update_azurekeyvaultsecretsprovider_with_secret_rotation",
             "test_aks_enable_addon_with_azurekeyvaultsecretsprovider",
+            "test_aks_create_with_gitops_addon",
             "test_aks_enable_addon_with_gitops",
-            "test_aks_create_with_fips",
+            "test_aks_disable_addon_gitops",
+            "test_aks_create_with_openservicemesh_addon",
+            "test_aks_enable_addon_with_openservicemesh",
+            "test_aks_disable_addon_openservicemesh",
+            "test_aks_create_with_auto_upgrade_channel",
+            "test_aks_create_with_azurekeyvaultsecretsprovider_addon",
+            "test_aks_custom_kubelet_identity",
             "test_aks_disable_local_accounts",
-            "test_aks_nodepool_add_with_ossku",
-            "test_aks_create_with_ossku"
+            "test_aks_create_with_pod_identity_enabled",
+            "test_aks_create_using_azurecni_with_pod_identity_enabled",
+            "test_aks_pod_identity_usage",
+            "test_aks_create_with_fips"
         ],
         "unknown": [
             "test_aks_create_and_update_with_managed_aad_enable_azure_rbac",
-            "test_aks_create_with_virtual_node_addon",
             "test_aks_update_to_msi_cluster_with_addons"
         ],
         "code bug": [
-            "test_aks_create_with_ingress_appgw_addon_with_deprecated_subet_prefix",
-            "test_aks_byo_subnet_with_ingress_appgw_addon",
-            "test_aks_nodepool_get_upgrades",
-            "test_aks_byo_appgw_with_ingress_appgw_addon",
-            "test_aks_enable_addon_with_openservicemesh",
-            "test_aks_create_with_ingress_appgw_addon"
+            "test_aks_nodepool_get_upgrades"
         ]
     }
 }
diff --git a/src/aks-preview/azext_aks_preview/_consts.py b/src/aks-preview/azext_aks_preview/_consts.py
@@ -64,12 +64,7 @@
 CONST_AZURE_KEYVAULT_SECRETS_PROVIDER_ADDON_NAME = "azureKeyvaultSecretsProvider"
 CONST_SECRET_ROTATION_ENABLED = "enableSecretRotation"
 
-# Azure Defender addon configuration keys
-CONST_AZURE_DEFENDER_ADDON_NAME = "azureDefender"
-CONST_AZURE_DEFENDER_LOG_ANALYTICS_WORKSPACE_RESOURCE_ID = CONST_MONITORING_LOG_ANALYTICS_WORKSPACE_RESOURCE_ID
-
 ADDONS = {
-    'azure-defender': CONST_AZURE_DEFENDER_ADDON_NAME,
     'http_application_routing': CONST_HTTP_APPLICATION_ROUTING_ADDON_NAME,
     'monitoring': CONST_MONITORING_ADDON_NAME,
     'virtual-node': CONST_VIRTUAL_NODE_ADDON_NAME,

diff --git a/src/aks-preview/azext_aks_preview/_help.py b/src/aks-preview/azext_aks_preview/_help.py
@@ -171,7 +171,6 @@
                 open-service-mesh               - enable Open Service Mesh addon (PREVIEW).
                 gitops                          - enable GitOps (PREVIEW).
                 azure-keyvault-secrets-provider - enable Azure Keyvault Secrets Provider addon (PREVIEW).
-                azure-defender                  - enable Azure Defender addon (PREVIEW).
         - name: --disable-rbac
           type: bool
           short-summary: Disable Kubernetes Role-Based Access Control.
@@ -261,6 +260,9 @@
         - name: --fqdn-subdomain
           type: string
           short-summary: Prefix for FQDN that is created for private cluster with custom private dns zone scenario.
+        - name: --enable-public-fqdn
+          type: bool
+          short-summary: (Preview) Enable public fqdn feature for private cluster.
         - name: --enable-node-public-ip
           type: bool
           short-summary: Enable VMSS node public IP.
@@ -327,6 +329,9 @@
         - name: --enable-encryption-at-host
           type: bool
           short-summary: Enable EncryptionAtHost on agent node pool.
+        - name: --enable-ultra-ssd
+          type: bool
+          short-summary: Enable UltraSSD on agent node pool.
         - name: --enable-secret-rotation
           type: bool
           short-summary: Enable secret rotation. Use with azure-keyvault-secrets-provider addon.
@@ -372,13 +377,14 @@
           text: az aks create -g MyResourceGroup -n MyManagedCluster --tags "foo=bar" "baz=qux"
         - name: Create a kubernetes cluster with EncryptionAtHost enabled.
           text: az aks create -g MyResourceGroup -n MyManagedCluster --enable-encryption-at-host
+        - name: Create a kubernetes cluster with UltraSSD enabled.
+          text: az aks create -g MyResourceGroup -n MyManagedCluster --enable-ultra-ssd
         - name: Create a kubernetes cluster with custom control plane identity and kubelet identity.
           text: az aks create -g MyResourceGroup -n MyManagedCluster --assign-identity <control-plane-identity-resource-id> --assign-kubelet-identity <kubelet-identity-resource-id>
         - name: Create a kubernetes cluster with Azure RBAC enabled.
           text: az aks create -g MyResourceGroup -n MyManagedCluster --enable-aad --enable-azure-rbac
         - name: Create a kubernetes cluster with a specific os-sku
           text: az aks create -g MyResourceGroup -n MyManagedCluster --os-sku Ubuntu
-
 """.format(sp_cache=AKS_SERVICE_PRINCIPAL_CACHE)
 
 helps['aks scale'] = """
@@ -545,6 +551,12 @@
         - name: --enable-local-accounts
           type: bool
           short-summary: (Preview) If set to true, will enable getting static credential for this cluster.
+        - name: --enable-public-fqdn
+          type: bool
+          short-summary: (Preview) Enable public fqdn feature for private cluster.
+        - name: --disable-public-fqdn
+          type: bool
+          short-summary: (Preview) Disable public fqdn feature for private cluster.
     examples:
       - name: Enable cluster-autoscaler within node count range [1,5]
         text: az aks update --enable-cluster-autoscaler --min-count 1 --max-count 5 -g MyResourceGroup -n MyManagedCluster
@@ -918,6 +930,9 @@
         - name: --enable-encryption-at-host
           type: bool
           short-summary: Enable EncryptionAtHost on agent node pool.
+        - name: --enable-ultra-ssd
+          type: bool
+          short-summary: Enable UltraSSD on agent node pool.
     examples:
         - name: Create a nodepool in an existing AKS cluster with ephemeral os enabled.
           text: az aks nodepool add -g MyResourceGroup -n nodepool1 --cluster-name MyManagedCluster --node-osdisk-type Ephemeral --node-osdisk-size 48
@@ -1020,8 +1035,6 @@
         open-service-mesh               - enable Open Service Mesh addon (PREVIEW).
         gitops                          - enable GitOps (PREVIEW).
         azure-keyvault-secrets-provider - enable Azure Keyvault Secrets Provider addon (PREVIEW).
-        azure-defender                  - enable Azure Defender addon (PREVIEW).
-
 parameters:
   - name: --addons -a
     type: string
@@ -1066,9 +1079,6 @@
   - name: Enable open-service-mesh addon.
     text: az aks enable-addons --name MyManagedCluster --resource-group MyResourceGroup --addons open-service-mesh
     crafted: true
-  - name: Enable azure-defender addon with workspace resourceId.
-    text: az aks enable-addons --name MyManagedCluster --resource-group MyResourceGroup --addons azure-defender --workspace-resource-id WorkspaceResourceId
-    crafted: true
 """
 
 helps['aks get-versions'] = """
@@ -1108,6 +1118,9 @@
   - name: --output -o
     type: string
     long-summary: Credentials are always in YAML format, so this argument is effectively ignored.
+  - name: --public-fqdn
+    type: bool
+    short-summary: (Preview) Get private cluster credential with server address to be public fqdn.
 examples:
   - name: Get access credentials for a managed Kubernetes cluster. (autogenerated)
     text: az aks get-credentials --name MyManagedCluster --resource-group MyResourceGroup
@@ -1167,3 +1180,13 @@
     type: command
     short-summary: List pod identity exceptions in a managed Kubernetes cluster
 """
+
+helps['aks egress-endpoints'] = """
+    type: group
+    short-summary: Commands to manage egress endpoints in managed Kubernetes cluster.
+"""
+
+helps['aks egress-endpoints list'] = """
+    type: command
+    short-summary: List egress endpoints that are required or recommended to be whitelisted for a cluster.
+"""
diff --git a/src/aks-preview/azext_aks_preview/_params.py b/src/aks-preview/azext_aks_preview/_params.py
@@ -113,6 +113,7 @@ def load_arguments(self, _):
         c.argument('enable_private_cluster', action='store_true')
         c.argument('private_dns_zone')
         c.argument('fqdn_subdomain')
+        c.argument('enable_public_fqdn', action='store_true', is_preview=True)
         c.argument('enable_managed_identity', action='store_true')
         c.argument('assign_identity', type=str, validator=validate_assign_identity)
         c.argument('enable_sgxquotehelper', action='store_true')
@@ -128,6 +129,7 @@ def load_arguments(self, _):
         c.argument('appgw_watch_namespace', options_list=['--appgw-watch-namespace'], arg_group='Application Gateway')
         c.argument('aci_subnet_name', type=str)
         c.argument('enable_encryption_at_host', arg_type=get_three_state_flag(), help='Enable EncryptionAtHost.')
+        c.argument('enable_ultra_ssd', action='store_true')
         c.argument('enable_secret_rotation', action='store_true')
         c.argument('assign_kubelet_identity', type=str, validator=validate_assign_kubelet_identity)
         c.argument('disable_local_accounts', action='store_true')
@@ -150,6 +152,8 @@ def load_arguments(self, _):
         c.argument('api_server_authorized_ip_ranges', type=str, validator=validate_ip_ranges)
         c.argument('enable_pod_security_policy', action='store_true')
         c.argument('disable_pod_security_policy', action='store_true')
+        c.argument('enable_public_fqdn', action='store_true', is_preview=True)
+        c.argument('disable_public_fqdn', action='store_true', is_preview=True)
         c.argument('attach_acr', acr_arg_type, validator=validate_acr)
         c.argument('detach_acr', acr_arg_type, validator=validate_acr)
         c.argument('aks_custom_headers')
@@ -225,6 +229,7 @@ def load_arguments(self, _):
             c.argument('kubelet_config', type=str)
             c.argument('linux_os_config', type=str)
             c.argument('enable_encryption_at_host', options_list=['--enable-encryption-at-host'], action='store_true')
+            c.argument('enable_ultra_ssd', action='store_true')
 
     for scope in ['aks nodepool show', 'aks nodepool delete', 'aks nodepool scale', 'aks nodepool upgrade', 'aks nodepool update']:
         with self.argument_context(scope) as c:
@@ -264,6 +269,7 @@ def load_arguments(self, _):
         c.argument('user', options_list=['--user', '-u'], default='clusterUser', validator=validate_user)
         c.argument('path', options_list=['--file', '-f'], type=file_type, completer=FilesCompleter(),
                    default=os.path.join(os.path.expanduser('~'), '.kube', 'config'))
+        c.argument('public_fqdn', default=False, action='store_true', is_preview=True)
 
     with self.argument_context('aks pod-identity') as c:
         c.argument('cluster_name', type=str, help='The cluster name.')

diff --git a/src/aks-preview/azext_aks_preview/commands.py b/src/aks-preview/azext_aks_preview/commands.py
@@ -120,3 +120,7 @@ def load_command_table(self, _):
         g.custom_command('update', 'aks_pod_identity_exception_update')
         g.custom_command('list', 'aks_pod_identity_exception_list',
                          table_transformer=aks_pod_identity_exceptions_table_format)
+
+    # AKS egress commands
+    with self.command_group('aks egress-endpoints', managed_clusters_sdk, client_factory=cf_managed_clusters) as g:
+        g.custom_command('list', 'aks_egress_endpoints_list')