Support ManagedSystem mode NodePool (#8891)

Author: hao1939

src/aks-preview/HISTORY.rst

@@ -11,11 +11,14 @@ To release a new version, please select a new version number (usually plus 1 to
 
 Pending
 +++++++
+* Add support for `ManagedSystem` Agent Pool Mode.
+
 18.0.0b18
 +++++++
 * Add validation error when neither --location or --cluster and --resource-group-name are specified for az extension type list or az extension type version list
 
 
+
 18.0.0b17
 +++++++
 * Remove `__import__('pkg_resources').declare_namespace(__name__)` from `vendored_sdks/__init__.py`` to fix the namespace package issue.

src/aks-preview/azext_aks_preview/_consts.py

@@ -24,6 +24,7 @@
 CONST_NODEPOOL_MODE_SYSTEM = "System"
 CONST_NODEPOOL_MODE_USER = "User"
 CONST_NODEPOOL_MODE_GATEWAY = "Gateway"
+CONST_NODEPOOL_MODE_MANAGEDSYSTEM = "ManagedSystem"
 
 # os type
 CONST_DEFAULT_NODE_OS_TYPE = "Linux"

src/aks-preview/azext_aks_preview/_help.py

@@ -650,6 +650,10 @@
         - name: --vm-sizes
           type: string
           short-summary: Comma-separated list of sizes. Must use VirtualMachines agent pool type.
+        - name: --enable-managed-system-pool
+          type: bool
+          short-summary: Create a default ManagedSystem mode that is fully managed by AKS.
+          long-summary: When set, the default system node pool is created with ManagedSystem mode, where all properties except name and mode are managed by AKS. Learn more at https://aka.ms/aks/nodepool/mode.
     examples:
         - name: Create a Kubernetes cluster with an existing SSH public key.
           text: az aks create -g MyResourceGroup -n MyManagedCluster --ssh-key-value /path/to/publickey
@@ -729,6 +733,8 @@
           text: az aks create -g MyResourceGroup -n MyManagedCluster --os-sku Ubuntu --max-pods MaxPodsPerNode --network-plugin azure --vnet-subnet-id /subscriptions/00000/resourceGroups/AnotherResourceGroup/providers/Microsoft.Network/virtualNetworks/MyVnet/subnets/NodeSubnet --pod-subnet-id /subscriptions/00000/resourceGroups/AnotherResourceGroup/providers/Microsoft.Network/virtualNetworks/MyVnet/subnets/PodSubnet --pod-ip-allocation-mode StaticBlock
         - name: Create a kubernetes cluster with a VirtualMachines nodepool
           text: az aks create -g MyResourceGroup -n MyManagedCluster --vm-set-type VirtualMachines --vm-sizes "VMSize1,VMSize2" --node-count 3
+        - name: Create a kubernetes cluster with a fully managed system node pool
+          text: az aks create -g MyResourceGroup -n MyManagedCluster --enable-managed-system-pool
 
 """
 
@@ -1933,7 +1939,7 @@
           short-summary: The node labels for the node pool. See https://aka.ms/node-labels for syntax of labels.
         - name: --mode
           type: string
-          short-summary: The mode for a node pool which defines a node pool's primary function. If set as "System", AKS prefers system pods scheduling to node pools with mode `System`. Learn more at https://aka.ms/aks/nodepool/mode.
+          short-summary: The mode for a node pool which defines a node pool's primary function. If set as "System", AKS prefers system pods scheduling to node pools with mode `System`. If set as "ManagedSystem", all other properties except name and mode will be reset and managed by AKS. Learn more at https://aka.ms/aks/nodepool/mode.
         - name: --vm-set-type
           type: string
           short-summary: Agent pool vm set type. VirtualMachineScaleSets, AvailabilitySet or VirtualMachines(Preview).
@@ -2061,6 +2067,8 @@
           text: az aks nodepool add -g MyResourceGroup -n nodepool1 --cluster-name MyManagedCluster  --os-sku Ubuntu --pod-subnet-id /subscriptions/00000/resourceGroups/AnotherResourceGroup/providers/Microsoft.Network/virtualNetworks/MyVnet/subnets/MySubnet --pod-ip-allocation-mode StaticBlock
         - name: Create a nodepool of type VirtualMachines
           text: az aks nodepool add -g MyResourceGroup -n nodepool1 --cluster-name MyManagedCluster --vm-set-type VirtualMachines --vm-sizes "Standard_D4s_v3,Standard_D8s_v3" --node-count 3
+        - name: Create a nodepool with ManagedSystem mode
+          text: az aks nodepool add -g MyResourceGroup -n managedsystem1 --cluster-name MyManagedCluster --mode ManagedSystem
 """
 
 helps['aks nodepool scale'] = """
@@ -2157,7 +2165,7 @@
           short-summary: The maximum number or percentage of extra nodes that are allowed to be blocked in the agent pool during an upgrade when undrainable node behavior is Cordon. When specified, it represents the number or percent used, eg. 1 or 5%.
         - name: --mode
           type: string
-          short-summary: The mode for a node pool which defines a node pool's primary function. If set as "System", AKS prefers system pods scheduling to node pools with mode `System`. Learn more at https://aka.ms/aks/nodepool/mode.
+          short-summary: The mode for a node pool which defines a node pool's primary function. If set as "System", AKS prefers system pods scheduling to node pools with mode `System`. If set as "ManagedSystem", all other properties except name and mode will be rejected and managed by AKS. Learn more at https://aka.ms/aks/nodepool/mode.
         - name: --labels
           type: string
           short-summary: The node labels for the node pool. See https://aka.ms/node-labels for syntax of labels.

src/aks-preview/azext_aks_preview/_params.py

@@ -84,6 +84,7 @@
     CONST_NODEPOOL_MODE_SYSTEM,
     CONST_NODEPOOL_MODE_USER,
     CONST_NODEPOOL_MODE_GATEWAY,
+    CONST_NODEPOOL_MODE_MANAGEDSYSTEM,
     CONST_NONE_UPGRADE_CHANNEL,
     CONST_NRG_LOCKDOWN_RESTRICTION_LEVEL_READONLY,
     CONST_NRG_LOCKDOWN_RESTRICTION_LEVEL_UNRESTRICTED,
@@ -259,7 +260,12 @@
     CONST_SPOT_EVICTION_POLICY_DEALLOCATE,
 ]
 node_os_disk_types = [CONST_OS_DISK_TYPE_MANAGED, CONST_OS_DISK_TYPE_EPHEMERAL]
-node_mode_types = [CONST_NODEPOOL_MODE_SYSTEM, CONST_NODEPOOL_MODE_USER, CONST_NODEPOOL_MODE_GATEWAY]
+node_mode_types = [
+    CONST_NODEPOOL_MODE_SYSTEM,
+    CONST_NODEPOOL_MODE_USER,
+    CONST_NODEPOOL_MODE_GATEWAY,
+    CONST_NODEPOOL_MODE_MANAGEDSYSTEM,
+]
 node_os_skus_create = [
     CONST_OS_SKU_AZURELINUX,
     CONST_OS_SKU_UBUNTU,
@@ -1066,6 +1072,7 @@ def load_arguments(self, _):
         # virtual machines
         c.argument("vm_sizes", is_preview=True)
         c.argument("enable_imds_restriction", action="store_true", is_preview=True)
+        c.argument("enable_managed_system_pool", action="store_true", is_preview=True)
 
     with self.argument_context("aks update") as c:
         # managed cluster paramerters

src/aks-preview/azext_aks_preview/agentpool_decorator.py

@@ -17,6 +17,7 @@
     AKSAgentPoolUpdateDecorator,
 )
 from azure.cli.core.azclierror import (
+    CLIInternalError,
     InvalidArgumentValueError,
     MutuallyExclusiveArgumentError,
 )
@@ -41,6 +42,7 @@
     CONST_DEFAULT_WINDOWS_VMS_VM_SIZE,
     CONST_SSH_ACCESS_LOCALUSER,
     CONST_GPU_DRIVER_NONE,
+    CONST_NODEPOOL_MODE_MANAGEDSYSTEM,
 )
 from azext_aks_preview._helpers import (
     get_nodepool_snapshot_by_snapshot_id,
@@ -1070,6 +1072,33 @@ def set_up_virtual_machines_profile(self, agentpool: AgentPool) -> AgentPool:
 
         return agentpool
 
+    def set_up_managed_system_mode(self, agentpool: AgentPool) -> AgentPool:
+        """Handle the special ManagedSystem mode by resetting all properties except name and mode.
+
+        :param agentpool: the AgentPool object
+        :return: the AgentPool object
+        """
+        if self.context.raw_param.get("enable_managed_system_pool") is True:
+            mode = CONST_NODEPOOL_MODE_MANAGEDSYSTEM
+        else:
+            mode = self.context.raw_param.get("mode")
+
+        if mode == CONST_NODEPOOL_MODE_MANAGEDSYSTEM:
+            # Raise error if agentpool is None
+            if agentpool is None:
+                raise CLIInternalError("agentpool cannot be None for ManagedSystem mode")
+
+            # Instead of creating a new instance, modify the existing one
+            # Keep name and set mode to ManagedSystem
+            agentpool.mode = CONST_NODEPOOL_MODE_MANAGEDSYSTEM
+            # Make sure all other attributes are None
+            for attr in vars(agentpool):
+                if attr != 'name' and attr != 'mode' and not attr.startswith('_'):
+                    if hasattr(agentpool, attr):
+                        setattr(agentpool, attr, None)
+
+        return agentpool
+
     def construct_agentpool_profile_preview(self) -> AgentPool:
         """The overall controller used to construct the preview AgentPool profile.
 
@@ -1081,6 +1110,13 @@ def construct_agentpool_profile_preview(self) -> AgentPool:
         # DO NOT MOVE: keep this on top, construct the default AgentPool profile
         agentpool = self.construct_agentpool_profile_default(bypass_restore_defaults=True)
 
+        # Check if mode is ManagedSystem, if yes, reset all properties
+        agentpool = self.set_up_managed_system_mode(agentpool)
+
+        # If mode is ManagedSystem, skip all other property setups
+        if agentpool.mode == CONST_NODEPOOL_MODE_MANAGEDSYSTEM:
+            return agentpool
+
         # set up preview vm properties
         agentpool = self.set_up_preview_vm_properties(agentpool)
         # set up message of the day
@@ -1318,6 +1354,15 @@ def update_agentpool_profile_preview(self, agentpools: List[AgentPool] = None) -
         # DO NOT MOVE: keep this on top, fetch and update the default AgentPool profile
         agentpool = self.update_agentpool_profile_default(agentpools)
 
+        # Check if agentpool is in ManagedSystem mode and handle special case
+        if agentpool.mode == CONST_NODEPOOL_MODE_MANAGEDSYSTEM:
+            # Make sure all other attributes are None
+            for attr in vars(agentpool):
+                if attr != 'name' and attr != 'mode' and not attr.startswith('_'):
+                    if hasattr(agentpool, attr):
+                        setattr(agentpool, attr, None)
+            return agentpool
+
         # update custom ca trust
         agentpool = self.update_custom_ca_trust(agentpool)
 

src/aks-preview/azext_aks_preview/custom.py

@@ -732,6 +732,8 @@ def aks_create(
     vm_sizes=None,
     # IMDS restriction
     enable_imds_restriction=False,
+    # managed system pool
+    enable_managed_system_pool=False,
 ):
     # DO NOT MOVE: get all the original parameters and save them as a dictionary
     raw_parameters = locals()

src/aks-preview/azext_aks_preview/managed_cluster_decorator.py

@@ -29,6 +29,7 @@
     CONST_NETWORK_PLUGIN_AZURE,
     CONST_NETWORK_PLUGIN_MODE_OVERLAY,
     CONST_NETWORK_POLICY_CILIUM,
+    CONST_NODEPOOL_MODE_MANAGEDSYSTEM,
     CONST_PRIVATE_DNS_ZONE_NONE,
     CONST_PRIVATE_DNS_ZONE_SYSTEM,
     CONST_ROTATION_POLL_INTERVAL,
@@ -3972,6 +3973,25 @@ def __init__(
         self.__raw_parameters = raw_parameters
         super().__init__(cmd, client, raw_parameters, resource_type)
 
+    def update_managed_system_pools(self, mc: ManagedCluster) -> ManagedCluster:
+        """Update ManagedSystem agent pools to only include name, mode, and type fields.
+
+        :return: the ManagedCluster object
+        """
+        self._ensure_mc(mc)
+
+        if mc.agent_pool_profiles is None:
+            return mc
+        for agentpool in mc.agent_pool_profiles:
+            # Check if agentpool is in ManagedSystem mode and handle special case
+            if agentpool.mode == CONST_NODEPOOL_MODE_MANAGEDSYSTEM:
+                # Make sure all other attributes are None
+                for attr in vars(agentpool):
+                    if attr != 'name' and attr != 'mode' and not attr.startswith('_'):
+                        if hasattr(agentpool, attr):
+                            setattr(agentpool, attr, None)
+        return mc
+
     def init_models(self) -> None:
         """Initialize an AKSManagedClusterModels object to store the models.
 
@@ -5475,6 +5495,8 @@ def update_mc_profile_preview(self) -> ManagedCluster:
         mc = self.update_vmas_to_vms(mc)
         # update http proxy config
         mc = self.update_http_proxy_enabled(mc)
+        # update ManagedSystem pools, must at end
+        mc = self.update_managed_system_pools(mc)
 
         return mc