[AKS] Be able to create AKS with virtual node enabled (Azure#2818)

AzureSDKAutomation · Jan 11, 2021 · f762169 · f762169
1 parent dc9abab
commit f762169
Show file tree

Hide file tree

Showing 5 changed files with 1,438 additions and 3 deletions.
diff --git a/src/aks-preview/azext_aks_preview/_help.py b/src/aks-preview/azext_aks_preview/_help.py
@@ -162,7 +162,8 @@
                 http_application_routing  - configure ingress with automatic public DNS name creation.
                 monitoring                - turn on Log Analytics monitoring. Uses the Log Analytics Default Workspace if it exists, else creates one. Specify "--workspace-resource-id" to use an existing workspace.
                                             If monitoring addon is enabled --no-wait argument will have no effect
-                virtual-node              - enable AKS Virtual Node. Requires --subnet-name to provide the name of an existing subnet for the Virtual Node to use.
+                virtual-node              - enable AKS Virtual Node. Requires --aci-subnet-name to provide the name of an existing subnet for the Virtual Node to use.
+                                            aci-subnet-name must be in the same vnet which is specified by --vnet-subnet-id (required as well).
                 azure-policy              - enable Azure policy. The Azure Policy add-on for AKS enables at-scale enforcements and safeguards on your clusters in a centralized, consistent manner.
                                             Learn more at aka.ms/aks/policy.
                 ingress-appgw             - enable Application Gateway Ingress Controller addon (PREVIEW).
@@ -297,6 +298,9 @@
         - name: --enable-pod-identity
           type: bool
           short-summary: (PREVIEW) Enable pod identity addon.
+        - name: --aci-subnet-name
+          type: string
+          short-summary: The name of a subnet in an existing VNet into which to deploy the virtual nodes.
         - name: --tags
           type: string
           short-summary: The tags of the managed cluster. The managed cluster instance and all resources managed by the cloud provider will be tagged.

diff --git a/src/aks-preview/azext_aks_preview/_params.py b/src/aks-preview/azext_aks_preview/_params.py
@@ -122,6 +122,7 @@ def load_arguments(self, _):
         c.argument('appgw_id', options_list=['--appgw-id'], arg_group='Application Gateway')
         c.argument('appgw_subnet_id', options_list=['--appgw-subnet-id'], arg_group='Application Gateway')
         c.argument('appgw_watch_namespace', options_list=['--appgw-watch-namespace'], arg_group='Application Gateway')
+        c.argument('aci_subnet_name', type=str)
         c.argument('yes', options_list=['--yes', '-y'], help='Do not prompt for confirmation.', action='store_true')
 
     with self.argument_context('aks update') as c:

diff --git a/src/aks-preview/azext_aks_preview/custom.py b/src/aks-preview/azext_aks_preview/custom.py
@@ -893,6 +893,7 @@ def aks_create(cmd,     # pylint: disable=too-many-locals,too-many-statements,to
                enable_aad=False,
                enable_azure_rbac=False,
                aad_admin_group_object_ids=None,
+               aci_subnet_name=None,
                disable_sgxquotehelper=False,
                kubelet_config=None,
                linux_os_config=None,
@@ -1104,7 +1105,9 @@ def aks_create(cmd,     # pylint: disable=too-many-locals,too-many-statements,to
         appgw_id,
         appgw_subnet_id,
         appgw_watch_namespace,
-        disable_sgxquotehelper
+        disable_sgxquotehelper,
+        aci_subnet_name,
+        vnet_subnet_id
     )
     monitoring = False
     if CONST_MONITORING_ADDON_NAME in addon_profiles:
@@ -1952,7 +1955,9 @@ def _handle_addons_args(cmd,  # pylint: disable=too-many-statements
                         appgw_id=None,
                         appgw_subnet_id=None,
                         appgw_watch_namespace=None,
-                        disable_sgxquotehelper=False):
+                        disable_sgxquotehelper=False,
+                        aci_subnet_name=None,
+                        vnet_subnet_id=None):
     if not addon_profiles:
         addon_profiles = {}
     addons = addons_str.split(',') if addons_str else []
@@ -2012,6 +2017,16 @@ def _handle_addons_args(cmd,  # pylint: disable=too-many-statements
             addon_profile.config[CONST_ACC_SGX_QUOTE_HELPER_ENABLED] = "false"
         addon_profiles[CONST_CONFCOM_ADDON_NAME] = addon_profile
         addons.remove('confcom')
+    if 'virtual-node' in addons:
+        if not aci_subnet_name or not vnet_subnet_id:
+            raise CLIError('"--enable-addons virtual-node" requires "--aci-subnet-name" and "--vnet-subnet-id".')
+        # TODO: how about aciConnectorwindows, what is its addon name?
+        os_type = 'Linux'
+        addon_profiles[CONST_VIRTUAL_NODE_ADDON_NAME + os_type] = ManagedClusterAddonProfile(
+            enabled=True,
+            config={CONST_VIRTUAL_NODE_SUBNET_NAME: aci_subnet_name}
+        )
+        addons.remove('virtual-node')
 
     # error out if any (unrecognized) addons remain
     if addons: