{AKS} az aks bastion: Add command to enable connections to managed Kubernetes clusters via Azure Bastion.#8912
Conversation
|
| rule | cmd_name | rule_message | suggest_message |
|---|---|---|---|
| aks bastion | cmd aks bastion added |
|
Thank you for your contribution! We will review the pull request and get back to you soon. |
|
The git hooks are available for azure-cli and azure-cli-extensions repos. They could help you run required checks before creating the PR. Please sync the latest code with latest dev branch (for azure-cli) or main branch (for azure-cli-extensions). pip install azdev --upgrade
azdev setup -c <your azure-cli repo path> -r <your azure-cli-extensions repo path>
|
microsoft-github-policy-service
bot
requested review from
jsntcy,
kairu-ms,
necusjz,
yanzhudd,
yonzhan and
zhoxing-ms
|
github-actions
bot
added
the
release-version-block
FumingZhang
force-pushed
the
fuming/aks-bastion-0630
branch
from
8ff205c to
e906c85
Compare
github-actions
bot
removed
the
release-version-block
FumingZhang
force-pushed
the
fuming/aks-bastion-0630
branch
from
f967f5b to
b0ca393
Compare
FumingZhang
left a comment
FumingZhang
left a comment
There was a problem hiding this comment.
Queued live test to validate the change. Test passed!
- test_aks_bastion
There was a problem hiding this comment.
Pull Request Overview
This PR introduces the new az aks bastion command to enable connections to managed Kubernetes clusters via Azure Bastion.
- Bumps extension version to 18.0.0b18 and updates history.
- Implements and registers the
aks bastioncommand (parameters, help, custom handler, and core logic). - Adds tests for bastion connectivity and verifies kubectl installation.
Reviewed Changes
Copilot reviewed 8 out of 9 changed files in this pull request and generated 1 comment.
Show a summary per file
| File | Description |
|---|---|
| src/aks-preview/setup.py | Version bumped to 18.0.0b18 |
| src/aks-preview/HISTORY.rst | Added entry for aks bastion in changelog |
| src/aks-preview/azext_aks_preview/tests/latest/test_aks_commands.py | Added _verify_kubectl_installation and new test for bastion |
| src/aks-preview/azext_aks_preview/_params.py | Defined arguments for aks bastion |
| src/aks-preview/azext_aks_preview/_help.py | Added CLI help for aks bastion |
| src/aks-preview/azext_aks_preview/commands.py | Registered the aks bastion custom command |
| src/aks-preview/azext_aks_preview/custom.py | Imported and wired up the aks_bastion handler |
| src/aks-preview/azext_aks_preview/bastion/bastion.py | Core bastion tunnel implementation and cleanup |
Comments suppressed due to low confidence (4)
src/aks-preview/azext_aks_preview/custom.py:102
- [nitpick] The function name
aks_batsion_clean_upappears to be a typo (batsionvs.bastion). Rename it toaks_bastion_clean_upfor consistency.
aks_batsion_clean_up
src/aks-preview/azext_aks_preview/_help.py:3860
- [nitpick] The phrase "name of resource ID" is confusing. It should read "name or resource ID of a Bastion resource" to clarify.
short-summary: The name of resource ID of a Bastion resource deployed to the node resource group of the current AKS cluster.
src/aks-preview/azext_aks_preview/bastion/bastion.py:267
- [nitpick] The variable
tunnel_proceslooks like a typo. Consider renaming it totunnel_processfor clarity.
tunnel_proces = None
src/aks-preview/azext_aks_preview/tests/latest/test_aks_commands.py:181
- The test uses both
subprocessandtempfilebut neither module is imported in this file. Please addimport subprocessandimport tempfileat the top.
def _verify_kubectl_installation(self) -> bool:
| raise CLIInternalError(f"Failed to install bastion extension: {result.stderr}") | ||
|
|
||
|
|
||
| def aks_bastion_set_kubeconfig(kubeconfig_path, port): |
There was a problem hiding this comment.
Before writing to kubeconfig_path, ensure its parent directory exists (e.g., os.makedirs(os.path.dirname(kubeconfig_path), exist_ok=True)) to avoid file-not-found errors.
FumingZhang
force-pushed
the
fuming/aks-bastion-0630
branch
from
7f8c408 to
7771827
Compare
FumingZhang
force-pushed
the
fuming/aks-bastion-0630
branch
from
acf94cc to
b562917
Compare
|
The failures in the CI checks would be fixed in a separate PR #8997. |
FumingZhang
force-pushed
the
fuming/aks-bastion-0630
branch
from
7043bca to
21b13f8
Compare
github-actions
bot
added
the
release-version-block
FumingZhang
removed
Network
release-version-block
|
/azp run |
|
Azure Pipelines successfully started running 2 pipeline(s). |
FumingZhang
force-pushed
the
fuming/aks-bastion-0630
branch
from
21b13f8 to
e2f4479
Compare
|
[Release] Update index.json for extension [ aks-preview-18.0.0b21 ] : https://dev.azure.com/msazure/One/_build/results?buildId=131951941&view=results |
|
👍 |
This checklist is used to make sure that common guidelines for a pull request are followed.
Related command
Introduce a new command:
az aks bastion. This command utilizes the Bastion CLI extension to streamline secure access to AKS clusters. It performs the following actions:Limitations:
Bastion Resource Resolution Order:
--bastionoption is specified:--bastionoption is not specified:As shown in the screenshot below, users cannot directly access a private AKS cluster. However, with this command, they can securely connect to the cluster via a Bastion tunnel.
The screenshot below displays the most recent command prompt for the user experience.
General Guidelines
azdev style <YOUR_EXT>locally? (pip install azdevrequired)python scripts/ci/test_index.py -qlocally? (pip install wheel==0.30.0required)For new extensions:
About Extension Publish
There is a pipeline to automatically build, upload and publish extension wheels.
Once your pull request is merged into main branch, a new pull request will be created to update
src/index.jsonautomatically.You only need to update the version information in file setup.py and historical information in file HISTORY.rst in your PR but do not modify
src/index.json.