[AKS] az aks create/update: Add support for Advanced Network Policies for ACNS#32265
[AKS] az aks create/update: Add support for Advanced Network Policies for ACNS#32265
az aks create/update: Add support for Advanced Network Policies for ACNS#32265Conversation
️✔️AzureCLI-FullTest
|
|
| rule | cmd_name | rule_message | suggest_message |
|---|---|---|---|
| aks create | cmd aks create added parameter acns_advanced_networkpolicies |
||
| aks update | cmd aks update added parameter acns_advanced_networkpolicies |
|
Thank you for your contribution! We will review the pull request and get back to you soon. |
|
The git hooks are available for azure-cli and azure-cli-extensions repos. They could help you run required checks before creating the PR. Please sync the latest code with latest dev branch (for azure-cli) or main branch (for azure-cli-extensions). pip install azdev --upgrade
azdev setup -c <your azure-cli repo path> -r <your azure-cli-extensions repo path>
|
microsoft-github-policy-service
bot
requested review from
kairu-ms and
yonzhan
There was a problem hiding this comment.
Pull Request Overview
This PR adds support for Advanced Network Policies (ACNS) in Azure Kubernetes Service (AKS) clusters by introducing the --acns-advanced-networkpolicies parameter for both az aks create and az aks update commands. The parameter accepts three values: None, FQDN, and L7, allowing users to configure different levels of network policy enforcement when enabling the ACNS feature suite.
- Added parameter validation and mutual exclusivity checks with existing ACNS disable flags
- Implemented network profile configuration logic for advanced network policies in both create and update flows
- Added comprehensive test coverage for the new functionality
Reviewed Changes
Copilot reviewed 7 out of 7 changed files in this pull request and generated 3 comments.
Show a summary per file
| File | Description |
|---|---|
_consts.py |
Added constants for advanced network policies values and fixed code formatting |
_params.py |
Added the new parameter definition with enum validation for both create and update commands |
_help.py |
Added documentation for the new parameter and standardized quote usage |
custom.py |
Added the parameter to function signatures for create and update commands |
linter_exclusions.yml |
Added exception for the long parameter name |
managed_cluster_decorator.py |
Implemented core logic for parameter validation and network profile configuration |
test_managed_cluster_decorator.py |
Added comprehensive test coverage for the new functionality |
Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.
nddq
force-pushed
the
nddq/acns-l7-cli
branch
from
3ce97da to
357cac2
Compare
|
/azp run |
|
Azure Pipelines successfully started running 3 pipeline(s). |
FumingZhang
left a comment
FumingZhang
left a comment
There was a problem hiding this comment.
Please fix failed CI checks
| name_prefix="clitest", | ||
| location="eastus2euap", | ||
| ) | ||
| def test_aks_create_with_advanced_networkpolicies( |
There was a problem hiding this comment.
Queued live test to validate the change, test passed!
nddq
force-pushed
the
nddq/acns-l7-cli
branch
from
357cac2 to
2b86898
Compare
|
/azp run |
|
Azure Pipelines successfully started running 3 pipeline(s). |
nddq
force-pushed
the
nddq/acns-l7-cli
branch
from
2b86898 to
aa5fd0f
Compare
|
/azp run |
|
Azure Pipelines successfully started running 3 pipeline(s). |
|
Please commit new recording files to pass CI
|
nddq
force-pushed
the
nddq/acns-l7-cli
branch
from
aa5fd0f to
3ed50e5
Compare
|
/azp run |
|
Azure Pipelines successfully started running 3 pipeline(s). |
|
/azp run |
|
Azure Pipelines successfully started running 3 pipeline(s). |
…date commands Signed-off-by: Quang Nguyen <nguyenquang@microsoft.com>
nddq
force-pushed
the
nddq/acns-l7-cli
branch
from
3ed50e5 to
8d622af
Compare
|
/azp run |
|
Azure Pipelines successfully started running 3 pipeline(s). |
|
@microsoft-github-policy-service rerun |
feat(acns) add advanced network policies options for az create and update commands
Related command
az aks create --enable-acns --acns-advanced-networkpolicies <None|L7|FQDN>az aks update --enable-acns --acns-advanced-networkpolicies <None|L7|FQDN>Description
Creates commands for specify advanced network policies (None, FQDN, L7) during AKS cluster creation and update.
Testing Guide
Note: These commands will only be applicable for Cilium clusters
--enable-acns --acns-advanced-networkpolicies None- Enable the entire ACNS feature suite without advanced network policies.--enable-acns --acns-advanced-networkpolicies FQDN- Enable the entire ACNS feature suite with FQDN policy only. This is the default option if only--enable-acnsis passed.--enable-acns --acns-advanced-networkpolicies L7- Enable the entire ACNS feature suite with L7 policies. L7 policies includes FQDN policy in addition to other policies for L7 protocols such as HTTP or Kafka.History Notes
[AKS]
az aks create/update: Add--acns-advanced-networkpoliciesparameter to support enabling advanced networking policies (None,L7orFQDN). This is part of the ACNS Security feature suiteThis checklist is used to make sure that common guidelines for a pull request are followed.
The PR title and description has followed the guideline in Submitting Pull Requests.
I adhere to the Command Guidelines.
I adhere to the Error Handling Guidelines.