{AKS} az aks create/update: Add --enable-default-domain and --disable-default-domain parameters to manage the default domain feature for web app routing

src/aks-preview/HISTORY.rst

@@ -12,6 +12,7 @@ To release a new version, please select a new version number (usually plus 1 to
 Pending
 +++++++
 * `az aks create/update`: Add `--enable-azure-monitor-logs` support to container network logs validation.
+* `az aks create/update`: Add `--enable-default-domain` and `--disable-default-domain` parameters to manage the default domain feature for web app routing.
 
 19.0.0b22
 +++++++

src/aks-preview/azext_aks_preview/_help.py

@@ -645,6 +645,9 @@
         - name: --app-routing-default-nginx-controller --ardnc
           type: string
           short-summary: Configure default nginx ingress controller type. Valid values are annotationControlled (default behavior), external, internal, or none.
+        - name: --enable-default-domain
+          type: bool
+          short-summary: Enable default domain for Application Routing addon.
         - name: --enable-ai-toolchain-operator
           type: bool
           short-summary: Enable AI toolchain operator to the cluster.
@@ -3708,6 +3711,9 @@
         type: string
         short-summary: Configure default NginxIngressController resource
         long-summary: Configure default nginx ingress controller type. Valid values are annotationControlled (default behavior), external, internal, or none.
+      - name: --enable-default-domain
+        type: bool
+        short-summary: Enable default domain for Application Routing addon.
 """
 
 helps['aks approuting disable'] = """
@@ -3733,6 +3739,12 @@
         type: string
         short-summary: Configure default NginxIngressController resource
         long-summary: Configure default nginx ingress controller type. Valid values are annotationControlled (default behavior), external, internal, or none.
+      - name: --enable-default-domain
+        type: bool
+        short-summary: Enable default domain for Application Routing addon.
+      - name: --disable-default-domain
+        type: bool
+        short-summary: Disable default domain for Application Routing addon.
 """
 
 helps['aks approuting zone'] = """
@@ -3786,6 +3798,21 @@
     long-summary: This command lists the DNS zone resources used in App Routing.
 """
 
+helps['aks approuting defaultdomain'] = """
+    type: group
+    short-summary: Commands to manage App Routing Default Domain.
+    long-summary: A group of commands to manage App Routing Default Domain in given cluster.
+"""
+
+helps['aks approuting defaultdomain show'] = """
+    type: command
+    short-summary: Show the Default Domain configuration for App Routing.
+    long-summary: This command shows the Default Domain configuration including the domain name assigned to the cluster.
+    examples:
+      - name: Show the default domain for a cluster.
+        text: az aks approuting defaultdomain show --resource-group MyResourceGroup --name MyManagedCluster
+"""
+
 helps['aks check-network'] = """
     type: group
     short-summary: Commands to troubleshoot network connectivity in managed Kubernetes cluster.

src/aks-preview/azext_aks_preview/_params.py

@@ -789,6 +789,7 @@ def load_arguments(self, _):
             arg_type=get_enum_type(app_routing_nginx_configs),
             options_list=["--app-routing-default-nginx-controller", "--ardnc"]
         )
+        c.argument("enable_default_domain", action="store_true", is_preview=True)
         # nodepool paramerters
         c.argument(
             "nodepool_name",
@@ -2836,11 +2837,14 @@ def load_arguments(self, _):
         c.argument("enable_kv", action="store_true")
         c.argument("keyvault_id", options_list=["--attach-kv"])
         c.argument("nginx", arg_type=get_enum_type(app_routing_nginx_configs))
+        c.argument("enable_default_domain", action="store_true", is_preview=True)
 
     with self.argument_context("aks approuting update") as c:
         c.argument("keyvault_id", options_list=["--attach-kv"])
         c.argument("enable_kv", action="store_true")
         c.argument("nginx", arg_type=get_enum_type(app_routing_nginx_configs))
+        c.argument("enable_default_domain", action="store_true", is_preview=True)
+        c.argument("disable_default_domain", action="store_true", is_preview=True)
 
     with self.argument_context("aks approuting zone add") as c:
         c.argument("dns_zone_resource_ids", options_list=["--ids"], required=True)

src/aks-preview/azext_aks_preview/commands.py

@@ -492,6 +492,12 @@ def load_command_table(self, _):
         g.custom_command("update", "aks_approuting_zone_update")
         g.custom_command("list", "aks_approuting_zone_list")
 
+    # AKS approuting default-domain commands
+    with self.command_group(
+        "aks approuting defaultdomain", managed_clusters_sdk, client_factory=cf_managed_clusters
+    ) as g:
+        g.custom_show_command("show", "aks_approuting_default_domain_show")
+
     # AKS check-network command
     with self.command_group(
         "aks check-network", managed_clusters_sdk, client_factory=cf_managed_clusters

src/aks-preview/azext_aks_preview/custom.py

@@ -1028,6 +1028,7 @@ def aks_create(
     enable_application_load_balancer=False,
     enable_app_routing=False,
     app_routing_default_nginx_controller=None,
+    enable_default_domain=False,
     # nodepool paramerters
     nodepool_name="nodepool1",
     node_vm_size=None,
@@ -4314,6 +4315,7 @@ def aks_approuting_enable(
         enable_kv=False,
         keyvault_id=None,
         nginx=None,
+        enable_default_domain=False
 ):
     return _aks_approuting_update(
         cmd,
@@ -4323,7 +4325,8 @@ def aks_approuting_enable(
         enable_app_routing=True,
         keyvault_id=keyvault_id,
         enable_kv=enable_kv,
-        nginx=nginx)
+        nginx=nginx,
+        enable_default_domain=enable_default_domain)
 
 
 def aks_approuting_disable(
@@ -4347,16 +4350,24 @@ def aks_approuting_update(
         name,
         keyvault_id=None,
         enable_kv=False,
-        nginx=None
+        nginx=None,
+        enable_default_domain=False,
+        disable_default_domain=False
 ):
+
+    if enable_default_domain and disable_default_domain:
+        raise CLIError("Conflicting flags. Cannot --enable-default-domain and --disable-default-domain at the same time.")
+
     return _aks_approuting_update(
         cmd,
         client,
         resource_group_name,
         name,
         keyvault_id=keyvault_id,
         enable_kv=enable_kv,
-        nginx=nginx)
+        nginx=nginx,
+        enable_default_domain=enable_default_domain,
+        disable_default_domain=disable_default_domain)
 
 
 def aks_approuting_zone_add(
@@ -4438,6 +4449,21 @@ def aks_approuting_zone_list(
     raise CLIError('App routing addon is not enabled')
 
 
+def aks_approuting_default_domain_show(
+        cmd,
+        client,
+        resource_group_name,
+        name
+):
+    mc = client.get(resource_group_name, name)
+
+    if mc.ingress_profile and mc.ingress_profile.web_app_routing and mc.ingress_profile.web_app_routing.enabled:
+        if mc.ingress_profile.web_app_routing.default_domain:
+            return mc.ingress_profile.web_app_routing.default_domain
+        raise CLIError('Default domain is not configured for this cluster')
+    raise CLIError('App routing addon is not enabled')
+
+
 # pylint: disable=unused-argument
 def _aks_applicationloadbalancer_update(
         cmd,
@@ -4482,7 +4508,9 @@ def _aks_approuting_update(
         update_dns_zone=None,
         dns_zone_resource_ids=None,
         attach_zones=None,
-        nginx=None
+        nginx=None,
+        enable_default_domain=None,
+        disable_default_domain=None,
 ):
     from azure.cli.command_modules.acs._consts import DecoratorEarlyExitException
     from azext_aks_preview.managed_cluster_decorator import AKSPreviewManagedClusterUpdateDecorator

src/aks-preview/azext_aks_preview/managed_cluster_decorator.py

@@ -3565,6 +3565,20 @@ def get_app_routing_default_nginx_controller(self) -> str:
         """
         return self.raw_param.get("app_routing_default_nginx_controller")
 
+    def get_enable_default_domain(self) -> bool:
+        """Obtain the value of enable_default_domain.
+
+        :return: bool
+        """
+        return self.raw_param.get("enable_default_domain")
+
+    def get_disable_default_domain(self) -> bool:
+        """Obtain the value of disable_default_domain.
+
+        :return: bool
+        """
+        return self.raw_param.get("disable_default_domain")
+
     def get_nginx(self):
         """Obtain the value of nginx, written to the update decorator context by _aks_approuting_update
 
@@ -4164,6 +4178,23 @@ def set_up_ingress_web_app_routing(self, mc: ManagedCluster) -> ManagedCluster:
                 dns_zone_resource_ids = self.context.get_dns_zone_resource_ids()
                 mc.ingress_profile.web_app_routing.dns_zone_resource_ids = dns_zone_resource_ids
 
+        if self.context.get_enable_default_domain() or self.context.get_disable_default_domain():
+            if mc.ingress_profile is None:
+                mc.ingress_profile = self.models.ManagedClusterIngressProfile()  # pylint: disable=no-member
+            if mc.ingress_profile.web_app_routing is None:
+                mc.ingress_profile.web_app_routing = (
+                    self.models.ManagedClusterIngressProfileWebAppRouting(enabled=True)  # pylint: disable=no-member
+                )
+
+            enable = True
+            if self.context.get_disable_default_domain():
+                enable = False
+            mc.ingress_profile.web_app_routing.default_domain = (
+                self.models.ManagedClusterIngressDefaultDomainProfile(
+                    enabled=enable
+                )
+            )
+
         return mc
 
     def set_up_ingress_profile_gateway_api(self, mc: ManagedCluster) -> ManagedCluster:
@@ -6835,6 +6866,20 @@ def update_app_routing_profile(self, mc: ManagedCluster) -> ManagedCluster:
         if nginx:
             self._update_app_routing_nginx(mc, nginx)
 
+        # modify default domain
+        enable_default_domain = self.context.get_enable_default_domain()
+        disable_default_domain = self.context.get_disable_default_domain()
+        if enable_default_domain or disable_default_domain:
+            if mc.ingress_profile.web_app_routing.enabled:
+                enable = not disable_default_domain
+                mc.ingress_profile.web_app_routing.default_domain = (
+                    self.models.ManagedClusterIngressDefaultDomainProfile(
+                        enabled=enable
+                    )
+                )
+            else:
+                raise CLIError('App Routing must be enabled to modify the default domain.\n')
+
         return mc
 
     def _enable_keyvault_secret_provider_addon(self, mc: ManagedCluster) -> None: