aks bastion: allow using public FQDN#9414
Conversation
When users have public FQDN on their private cluster and want to use normal DNS resolution for bastion, we should let them. Signed-off-by: Steve Kuznetsov <stekuznetsov@microsoft.com>
stevekuznetsov
requested review from
FumingZhang and
andyliuliming
as code owners
|
Validation for Breaking Change Starting...
Thanks for your contribution! |
|
Hi @stevekuznetsov, |
|
Thank you for your contribution! We will review the pull request and get back to you soon. |
|
The git hooks are available for azure-cli and azure-cli-extensions repos. They could help you run required checks before creating the PR. Please sync the latest code with latest dev branch (for azure-cli) or main branch (for azure-cli-extensions). pip install azdev --upgrade
azdev setup -c <your azure-cli repo path> -r <your azure-cli-extensions repo path>
|
microsoft-github-policy-service
bot
requested review from
jsntcy,
kairu-ms,
necusjz,
yanzhudd,
yonzhan and
zhoxing-ms
CodeGen Tools Feedback CollectionThank you for using our CodeGen tool. We value your feedback, and we would like to know how we can improve our product. Please take a few minutes to fill our codegen survey |
Release SuggestionsModule: aks-preview
Notes
|
There was a problem hiding this comment.
Pull Request Overview
This PR adds support for using public FQDN when connecting to private AKS clusters via Azure Bastion. The change allows users who have a public FQDN configured on their private cluster to use normal DNS resolution when establishing bastion connections.
Key changes:
- Added
public_fqdnparameter to theaks_bastionfunction signature - Added help documentation for the new
--public-fqdnflag
Reviewed Changes
Copilot reviewed 2 out of 2 changed files in this pull request and generated 2 comments.
| File | Description |
|---|---|
| src/aks-preview/azext_aks_preview/custom.py | Added public_fqdn parameter to aks_bastion function signature and passed it to aks_bastion_runner |
| src/aks-preview/azext_aks_preview/_help.py | Added documentation for the new --public-fqdn flag |
Comments suppressed due to low confidence (1)
src/aks-preview/azext_aks_preview/custom.py:4993
- The
public_fqdnparameter is not being passed toaks_get_credentials. This function accepts apublic_fqdnparameter (line 1491 in custom.py) that should be forwarded here to enable the intended functionality. Update the call to:aks_get_credentials(cmd, client, resource_group_name, name, admin=admin, path=kubeconfig_path, public_fqdn=public_fqdn)
aks_get_credentials(cmd, client, resource_group_name, name, admin=admin, path=kubeconfig_path)
| port, | ||
| mc_id, | ||
| kubeconfig_path, | ||
| public_fqdn=public_fqdn, |
There was a problem hiding this comment.
The aks_bastion_runner function does not accept a public_fqdn parameter. Its signature (line 202-204 in bastion/bastion.py) only includes: bastion_resource, port, mc_id, kubeconfig_path, test_hook. This line should be removed since the public_fqdn parameter should only be passed to aks_get_credentials (line 4993) to retrieve credentials with the correct server address.
| public_fqdn=public_fqdn, |
|
|
||
|
|
||
| def aks_bastion(cmd, client, resource_group_name, name, bastion=None, port=None, admin=False, yes=False): | ||
| def aks_bastion(cmd, client, resource_group_name, name, bastion=None, port=None, admin=False, yes=False, public_fqdn=False): |
There was a problem hiding this comment.
The public_fqdn parameter is missing its corresponding argument definition in _params.py (around line 3090-3099). Add an argument definition similar to the other boolean flags: c.argument(\"public_fqdn\", action=\"store_true\") to properly register the CLI argument.
When users have public FQDN on their private cluster and want to use normal DNS resolution for bastion, we should let them.