Skip to content

Commit fd48d3f

Browse files
authored
feat(acns): add retinaNetworkFlowLogs to azure cli (#8645)
* feat(acns): add retinaNetworkFlowLogs to azure cli * update import addonconfiguration and update cistreams * update history * add test aks command and history bump aks version * update tests * linter and slight updates * more linter * more linter and removing unused import * update code to match create * update test for enablement update command * live only tag * update commands * Update setup.py
1 parent 8e391e4 commit fd48d3f

File tree

11 files changed

+2362
-1
lines changed

11 files changed

+2362
-1
lines changed

src/aks-preview/HISTORY.rst

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -13,6 +13,10 @@ Pending
1313
+++++++
1414
* Remove TrustedAccess commands from aks-preview extension as it is GA and exists in azure-cli for long time.
1515

16+
14.0.0b7
17+
++++++++
18+
* Add `az aks create/update --enable-retina-flow-logs` and `az aks update --disable-retina-flow-logs` commands.
19+
1620
14.0.0b6
1721
+++++++
1822
* Add option `--acns-advanced-networkpolicies <None|FQDN|L7>` to `az aks create/update`

src/aks-preview/azext_aks_preview/_help.py

Lines changed: 9 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -231,6 +231,9 @@
231231
- name: --acns-advanced-networkpolicies
232232
type: string
233233
short-summary: Used to enable advanced network policies (None, FQDN or L7) on a cluster when enabling advanced networking features with "--enable-acns".
234+
- name: --enable-retina-flow-logs
235+
type: bool
236+
short-summary: Enable advanced network flow log collection functionalities on a cluster.
234237
- name: --no-ssh-key -x
235238
type: string
236239
short-summary: Do not use or create a local SSH key.
@@ -1220,6 +1223,12 @@
12201223
- name: --acns-advanced-networkpolicies
12211224
type: string
12221225
short-summary: Used to enable advanced network policies (None, FQDN or L7) on a cluster when enabling advanced networking features with "--enable-acns".
1226+
- name: --enable-retina-flow-logs
1227+
type: bool
1228+
short-summary: Enable advanced network flow log collection functionalities on a cluster.
1229+
- name: --disable-retina-flow-logs
1230+
type: bool
1231+
short-summary: Disable advanced network flow log collection functionalities on a cluster.
12231232
- name: --enable-cost-analysis
12241233
type: bool
12251234
short-summary: Enable exporting Kubernetes Namespace and Deployment details to the Cost Analysis views in the Azure portal. For more information see aka.ms/aks/docs/cost-analysis.

src/aks-preview/azext_aks_preview/_params.py

Lines changed: 12 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -838,6 +838,10 @@ def load_arguments(self, _):
838838
is_preview=True,
839839
arg_type=get_enum_type(advanced_networkpolicies),
840840
)
841+
c.argument(
842+
"enable_retina_flow_logs",
843+
action="store_true",
844+
)
841845
c.argument(
842846
"custom_ca_trust_certificates",
843847
options_list=["--custom-ca-trust-certificates", "--ca-certs"],
@@ -1321,6 +1325,14 @@ def load_arguments(self, _):
13211325
is_preview=True,
13221326
arg_type=get_enum_type(advanced_networkpolicies),
13231327
)
1328+
c.argument(
1329+
"enable_retina_flow_logs",
1330+
action="store_true",
1331+
)
1332+
c.argument(
1333+
"disable_retina_flow_logs",
1334+
action="store_true",
1335+
)
13241336
c.argument("enable_cost_analysis", action="store_true")
13251337
c.argument("disable_cost_analysis", action="store_true")
13261338
c.argument('enable_ai_toolchain_operator', is_preview=True, action='store_true')

src/aks-preview/azext_aks_preview/addonconfiguration.py

Lines changed: 17 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -14,6 +14,7 @@
1414
sanitize_loganalytics_ws_resource_id,
1515
ensure_default_log_analytics_workspace_for_monitoring
1616
)
17+
import azure.cli.command_modules.acs.addonconfiguration
1718
from azext_aks_preview._helpers import (
1819
check_is_monitoring_addon_enabled,
1920
)
@@ -44,6 +45,22 @@
4445

4546
logger = get_logger(__name__)
4647

48+
azure.cli.command_modules.acs.addonconfiguration.ContainerInsightsStreams = [
49+
"Microsoft-ContainerLog",
50+
"Microsoft-ContainerLogV2-HighScale",
51+
"Microsoft-KubeEvents",
52+
"Microsoft-KubePodInventory",
53+
"Microsoft-KubeNodeInventory",
54+
"Microsoft-KubePVInventory",
55+
"Microsoft-KubeServices",
56+
"Microsoft-KubeMonAgentEvents",
57+
"Microsoft-InsightsMetrics",
58+
"Microsoft-ContainerInventory",
59+
"Microsoft-ContainerNodeInventory",
60+
"Microsoft-Perf",
61+
"Microsoft-RetinaNetworkFlowLogs",
62+
]
63+
4764

4865
# pylint: disable=too-many-locals
4966
def enable_addons(

src/aks-preview/azext_aks_preview/custom.py

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -494,6 +494,7 @@ def aks_create(
494494
disable_acns_observability=None,
495495
disable_acns_security=None,
496496
acns_advanced_networkpolicies=None,
497+
enable_retina_flow_logs=None,
497498
# nodepool
498499
crg_id=None,
499500
message_of_the_day=None,
@@ -726,6 +727,8 @@ def aks_update(
726727
disable_acns_observability=None,
727728
disable_acns_security=None,
728729
acns_advanced_networkpolicies=None,
730+
enable_retina_flow_logs=None,
731+
disable_retina_flow_logs=None,
729732
# metrics profile
730733
enable_cost_analysis=False,
731734
disable_cost_analysis=False,

src/aks-preview/azext_aks_preview/managed_cluster_decorator.py

Lines changed: 59 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -778,6 +778,35 @@ def get_acns_advanced_networkpolicies(self) -> Union[str, None]:
778778
)
779779
return self.raw_param.get("acns_advanced_networkpolicies")
780780

781+
def get_retina_flow_logs(self, mc: ManagedCluster) -> Union[bool, None]:
782+
"""Get the enablement of retina flow logs
783+
784+
:return: bool or None"""
785+
enable_retina_flow_logs = self.raw_param.get("enable_retina_flow_logs")
786+
disable_retina_flow_logs = self.raw_param.get("disable_retina_flow_logs")
787+
if enable_retina_flow_logs is None and disable_retina_flow_logs is None:
788+
return None
789+
if enable_retina_flow_logs and disable_retina_flow_logs:
790+
raise MutuallyExclusiveArgumentError(
791+
"Cannot specify --enable-retina-flow-logs and "
792+
"--disable-retina-flow-logs at the same time."
793+
)
794+
if (
795+
enable_retina_flow_logs and
796+
(not self.raw_param.get("enable_acns", False) and
797+
not (mc.network_profile and mc.network_profile.advanced_networking and
798+
mc.network_profile.advanced_networking.enabled)) or
799+
not (mc.addon_profiles and mc.addon_profiles.get("omsagent") and mc.addon_profiles["omsagent"].enabled)
800+
):
801+
raise InvalidArgumentValueError(
802+
"Flow logs requires '--enable-acns', advanced networking "
803+
"to be enabled, and the monitoring addon to be enabled."
804+
)
805+
enable_retina_flow_logs = bool(enable_retina_flow_logs) if enable_retina_flow_logs is not None else False
806+
disable_retina_flow_logs = bool(disable_retina_flow_logs) if disable_retina_flow_logs is not None else False
807+
retina_flow_logs = enable_retina_flow_logs or not disable_retina_flow_logs
808+
return retina_flow_logs
809+
781810
def get_load_balancer_managed_outbound_ip_count(self) -> Union[int, None]:
782811
"""Obtain the value of load_balancer_managed_outbound_ip_count.
783812
@@ -3025,6 +3054,15 @@ def set_up_addon_profiles(self, mc: ManagedCluster) -> ManagedCluster:
30253054
addon_profiles[
30263055
CONST_GITOPS_ADDON_NAME
30273056
] = self.build_gitops_addon_profile()
3057+
3058+
retina_flow_logs_enabled = self.context.get_retina_flow_logs(mc)
3059+
if retina_flow_logs_enabled is not None:
3060+
monitoring_addon_profile = addon_profiles.get(addon_consts.get("CONST_MONITORING_ADDON_NAME"))
3061+
if monitoring_addon_profile:
3062+
config = monitoring_addon_profile.config or {}
3063+
config["enableRetinaNetworkFlags"] = str(retina_flow_logs_enabled)
3064+
monitoring_addon_profile.config = config
3065+
30283066
mc.addon_profiles = addon_profiles
30293067
return mc
30303068

@@ -4070,6 +4108,25 @@ def update_acns_in_network_profile(self, mc: ManagedCluster) -> ManagedCluster:
40704108
mc.network_profile.advanced_networking = acns
40714109
return mc
40724110

4111+
def update_monitoring_profile_flow_logs(self, mc: ManagedCluster) -> ManagedCluster:
4112+
"""Update monitor profile for the ManagedCluster object for flow logs.
4113+
4114+
:return: the ManagedCluster object
4115+
"""
4116+
self._ensure_mc(mc)
4117+
4118+
retina_flow_logs_enabled = self.context.get_retina_flow_logs(mc)
4119+
if retina_flow_logs_enabled is not None:
4120+
if mc.addon_profiles:
4121+
addon_consts = self.context.get_addon_consts()
4122+
CONST_MONITORING_ADDON_NAME = addon_consts.get("CONST_MONITORING_ADDON_NAME")
4123+
monitoring_addon_profile = mc.addon_profiles.get(CONST_MONITORING_ADDON_NAME)
4124+
if monitoring_addon_profile:
4125+
config = monitoring_addon_profile.config or {}
4126+
config["enableRetinaNetworkFlags"] = str(retina_flow_logs_enabled)
4127+
mc.addon_profiles[CONST_MONITORING_ADDON_NAME].config = config
4128+
return mc
4129+
40734130
# pylint: disable=too-many-statements,too-many-locals,too-many-branches
40744131
def update_azure_container_storage(self, mc: ManagedCluster) -> ManagedCluster:
40754132
"""Update azure container storage for the Managed Cluster object
@@ -5331,6 +5388,8 @@ def update_mc_profile_preview(self) -> ManagedCluster:
53315388
mc = self.update_nodepool_initialization_taints_mc(mc)
53325389
# update acns in network_profile
53335390
mc = self.update_acns_in_network_profile(mc)
5391+
# update update_monitoring_profile_flow_logs
5392+
mc = self.update_monitoring_profile_flow_logs(mc)
53345393
# update kubernetes support plan
53355394
mc = self.update_k8s_support_plan(mc)
53365395
# update AI toolchain operator

0 commit comments

Comments
 (0)