Azure · yanzhudd · Oct 28, 2025 · Oct 21, 2025 · Oct 22, 2025 · Oct 22, 2025
@@ -11,6 +11,8 @@ To release a new version, please select a new version number (usually plus 1 to
 
 Pending
 +++++++
+* `az aks create`: Add new parameter `--enable-container-network-logs` to enable container network logs feature for the cluster and deprecate `--enable-retina-flow-logs`.
+* `az aks update`: Add new parameter `--enable-container-network-logs` and `--disable-container-network-logs` to enable/disable container network logs feature for the cluster and deprecate `--enable-retina-flow-logs` and `--disable-retina-flow-logs`.
 * Support `entraid` for parameter `--ssh-access` to support EntraID feature.
 
 19.0.0b6

@@ -239,7 +239,10 @@
           short-summary: Used to set the acceleration mode (None or BpfVeth) on a cluster when enabling advanced networking features with "--enable-acns".
         - name: --enable-retina-flow-logs
           type: bool
-          short-summary: Enable advanced network flow log collection functionalities on a cluster.
+          short-summary: Enable advanced network flow log collection functionalities on a cluster. This flag is deprecated in favor of --enable-container-network-logs.
+        - name: --enable-container-network-logs
+          type: bool
+          short-summary: Enable container network log collection functionalities on a cluster.
         - name: --no-ssh-key -x
           type: string
           short-summary: Do not use or create a local SSH key.
@@ -1337,10 +1340,16 @@
           short-summary: Used to set the acceleration mode (None or BpfVeth) on a cluster when enabling advanced networking features with "--enable-acns".
         - name: --enable-retina-flow-logs
           type: bool
-          short-summary: Enable advanced network flow log collection functionalities on a cluster.
+          short-summary: Enable advanced network flow log collection functionalities on a cluster. This flag is deprecated in favor of --enable-container-network-logs.
+        - name: --enable-container-network-logs
+          type: bool
+          short-summary: Enable container network log collection functionalities on a cluster.
         - name: --disable-retina-flow-logs
           type: bool
-          short-summary: Disable advanced network flow log collection functionalities on a cluster.
+          short-summary: Disable advanced network flow log collection functionalities on a cluster. This flag is deprecated in favor of --disable-container-network-logs.
+        - name: --disable-container-network-logs
+          type: bool
+          short-summary: Disable container network log collection functionalities on a cluster.
         - name: --enable-cost-analysis
           type: bool
           short-summary: Enable exporting Kubernetes Namespace and Deployment details to the Cost Analysis views in the Azure portal. For more information see aka.ms/aks/docs/cost-analysis.

@@ -971,6 +971,15 @@ def load_arguments(self, _):
         c.argument(
             "enable_retina_flow_logs",
             action="store_true",
+            deprecate_info=c.deprecate(
+                target="--enable-retina-flow-logs",
+                redirect="--enable-container-network-logs",
+                hide=True,
+            ),
+        )
+        c.argument(
+            "enable_container_network_logs",
+            action="store_true",
         )
         c.argument(
             "custom_ca_trust_certificates",
@@ -1627,10 +1636,28 @@ def load_arguments(self, _):
         c.argument(
             "enable_retina_flow_logs",
             action="store_true",
+            deprecate_info=c.deprecate(
+                target="--enable-retina-flow-logs",
+                redirect="--enable-container-network-logs",
+                hide=True,
+            ),
+        )
+        c.argument(
+            "enable_container_network_logs",
+            action="store_true",
         )
         c.argument(
             "disable_retina_flow_logs",
             action="store_true",
+            deprecate_info=c.deprecate(
+                target="--disable-retina-flow-logs",
+                redirect="--disable-container-network-logs",
+                hide=True,
+            ),
+        )
+        c.argument(
+            "disable_container_network_logs",
+            action="store_true",
         )
         c.argument("enable_cost_analysis", action="store_true")
         c.argument("disable_cost_analysis", action="store_true")

@@ -1091,6 +1091,7 @@ def aks_create(
     acns_advanced_networkpolicies=None,
     acns_transit_encryption_type=None,
     enable_retina_flow_logs=None,
+    enable_container_network_logs=None,
     acns_datapath_acceleration_mode=None,
     # nodepool
     crg_id=None,
@@ -1360,6 +1361,8 @@ def aks_update(
     acns_transit_encryption_type=None,
     enable_retina_flow_logs=None,
     disable_retina_flow_logs=None,
+    enable_container_network_logs=None,
+    disable_container_network_logs=None,
     acns_datapath_acceleration_mode=None,
     # metrics profile
     enable_cost_analysis=False,

@@ -921,34 +921,40 @@ def get_acns_transit_encryption_type(self) -> Union[str, None]:
                 )
         return self.raw_param.get("acns_transit_encryption_type")
 
-    def get_retina_flow_logs(self, mc: ManagedCluster) -> Union[bool, None]:
-        """Get the enablement of retina flow logs
+    # Container network logs is the new name for retina flow logs.
+    def get_container_network_logs(self, mc: ManagedCluster) -> Union[bool, None]:
+        """Get the enablement of container network logs
 
         :return: bool or None"""
-        enable_retina_flow_logs = self.raw_param.get("enable_retina_flow_logs")
-        disable_retina_flow_logs = self.raw_param.get("disable_retina_flow_logs")
-        if enable_retina_flow_logs is None and disable_retina_flow_logs is None:
+        enable_cnl = (
+            self.raw_param.get("enable_container_network_logs") or
+            self.raw_param.get("enable_retina_flow_logs")
+        )
+        disable_cnl = (
+            self.raw_param.get("disable_container_network_logs") or
+            self.raw_param.get("disable_retina_flow_logs")
+        )
+        if enable_cnl is None and disable_cnl is None:
             return None
-        if enable_retina_flow_logs and disable_retina_flow_logs:
+        if enable_cnl and disable_cnl:
             raise MutuallyExclusiveArgumentError(
-                "Cannot specify --enable-retina-flow-logs and "
-                "--disable-retina-flow-logs at the same time."
+                "Cannot specify --enable-container-network-logs and "
+                "--disable-container-network-logs at the same time."
             )
         if (
-            enable_retina_flow_logs and
+            enable_cnl and
             (not self.raw_param.get("enable_acns", False) and
                 not (mc.network_profile and mc.network_profile.advanced_networking and
                      mc.network_profile.advanced_networking.enabled)) or
             not (mc.addon_profiles and mc.addon_profiles.get("omsagent") and mc.addon_profiles["omsagent"].enabled)
         ):
             raise InvalidArgumentValueError(
-                "Flow logs requires '--enable-acns', advanced networking "
+                "Container network logs requires '--enable-acns', advanced networking "
                 "to be enabled, and the monitoring addon to be enabled."
             )
-        enable_retina_flow_logs = bool(enable_retina_flow_logs) if enable_retina_flow_logs is not None else False
-        disable_retina_flow_logs = bool(disable_retina_flow_logs) if disable_retina_flow_logs is not None else False
-        retina_flow_logs = enable_retina_flow_logs or not disable_retina_flow_logs
-        return retina_flow_logs
+        enable_cnl = bool(enable_cnl) if enable_cnl is not None else False
+        disable_cnl = bool(disable_cnl) if disable_cnl is not None else False
+        return enable_cnl or not disable_cnl
 
     def get_load_balancer_managed_outbound_ip_count(self) -> Union[int, None]:
         """Obtain the value of load_balancer_managed_outbound_ip_count.
@@ -3879,12 +3885,12 @@ def set_up_addon_profiles(self, mc: ManagedCluster) -> ManagedCluster:
                 CONST_GITOPS_ADDON_NAME
             ] = self.build_gitops_addon_profile()
 
-        retina_flow_logs_enabled = self.context.get_retina_flow_logs(mc)
-        if retina_flow_logs_enabled is not None:
+        container_network_logs_enabled = self.context.get_container_network_logs(mc)
+        if container_network_logs_enabled is not None:
             monitoring_addon_profile = addon_profiles.get(addon_consts.get("CONST_MONITORING_ADDON_NAME"))
             if monitoring_addon_profile:
                 config = monitoring_addon_profile.config or {}
-                config["enableRetinaNetworkFlags"] = str(retina_flow_logs_enabled)
+                config["enableRetinaNetworkFlags"] = str(container_network_logs_enabled)
                 monitoring_addon_profile.config = config
 
         mc.addon_profiles = addon_profiles
@@ -5282,15 +5288,15 @@ def update_monitoring_profile_flow_logs(self, mc: ManagedCluster) -> ManagedClus
         """
         self._ensure_mc(mc)
 
-        retina_flow_logs_enabled = self.context.get_retina_flow_logs(mc)
-        if retina_flow_logs_enabled is not None:
+        container_network_logs_enabled = self.context.get_container_network_logs(mc)
+        if container_network_logs_enabled is not None:
             if mc.addon_profiles:
                 addon_consts = self.context.get_addon_consts()
                 CONST_MONITORING_ADDON_NAME = addon_consts.get("CONST_MONITORING_ADDON_NAME")
                 monitoring_addon_profile = mc.addon_profiles.get(CONST_MONITORING_ADDON_NAME)
                 if monitoring_addon_profile:
                     config = monitoring_addon_profile.config or {}
-                    config["enableRetinaNetworkFlags"] = str(retina_flow_logs_enabled)
+                    config["enableRetinaNetworkFlags"] = str(container_network_logs_enabled)
                     mc.addon_profiles[CONST_MONITORING_ADDON_NAME].config = config
         return mc
-Original file line number
+Diff line change
@@ Expand Up @@
     Pending
     +++++++
+    * `az aks create`: Add new parameter `--enable-container-network-logs` to enable container network logs feature for the cluster and deprecate `--enable-retina-flow-logs`.
+    * `az aks update`: Add new parameter `--enable-container-network-logs` and `--disable-container-network-logs` to enable/disable container network logs feature for the cluster and deprecate `--enable-retina-flow-logs` and `--disable-retina-flow-logs`.
     * Support `entraid` for parameter `--ssh-access` to support EntraID feature.
 .0.0b6
@@ Expand Down @@