[AKS] support EnableFIPS and AutoScalerProfile (#20521)

* [AKS] support EnableFIPS

* [AKS] support AutoScalerProfile

Author: YanaXu

src/Aks/Aks.Test/ScenarioTests/KubernetesTests.cs

@@ -142,5 +142,19 @@ public void TestSpot()
         {
             TestRunner.RunTestScript("Test-Spot");
         }
+
+        [Fact]
+        [Trait(Category.AcceptanceType, Category.CheckIn)]
+        public void TestEnableFIPS()
+        {
+            TestRunner.RunTestScript("Test-EnableFIPS");
+        }
+
+        [Fact]
+        [Trait(Category.AcceptanceType, Category.CheckIn)]
+        public void TestAutoScalerProfile()
+        {
+            TestRunner.RunTestScript("Test-AutoScalerProfile");
+        }
     }
 }

src/Aks/Aks.Test/ScenarioTests/KubernetesTests.ps1

@@ -804,4 +804,95 @@ function Test-Spot {
     finally {
         Remove-AzResourceGroup -Name $resourceGroupName -Force
     }
+}
+
+function Test-EnableFIPS {
+    # Setup
+    $resourceGroupName = Get-RandomResourceGroupName
+    $kubeClusterName = Get-RandomClusterName
+    $location = 'eastus'
+    $nodeVmSize = "Standard_D2_v2"
+
+    try {
+        New-AzResourceGroup -Name $resourceGroupName -Location $location
+
+        # create aks cluster with default nodepool
+        New-AzAksCluster -ResourceGroupName $resourceGroupName -Name $kubeClusterName -NodeVmSize $nodeVmSize -NodeCount 1 -EnableFIPS
+        $cluster = Get-AzAksCluster -ResourceGroupName $resourceGroupName -Name $kubeClusterName
+        Assert-AreEqual 1 $cluster.AgentPoolProfiles.Count
+        Assert-True {$cluster.AgentPoolProfiles[0].EnableFIPS}
+        $pools = Get-AzAksNodePool -ResourceGroupName $resourceGroupName -ClusterName $kubeClusterName
+        Assert-AreEqual 1 $pools.Count
+        Assert-True {$pools[0].EnableFIPS}
+
+        # create a 2nd nodepool
+        New-AzAksNodePool -ResourceGroupName $resourceGroupName -ClusterName $kubeClusterName -Name pool2 -VmSize $nodeVmSize -Count 1 -EnableFIPS
+        $cluster = Get-AzAksCluster -ResourceGroupName $resourceGroupName -Name $kubeClusterName
+        Assert-AreEqual 2 $cluster.AgentPoolProfiles.Count
+        Assert-True {$cluster.AgentPoolProfiles[0].EnableFIPS}
+        Assert-True {$cluster.AgentPoolProfiles[1].EnableFIPS}
+        $pools = Get-AzAksNodePool -ResourceGroupName $resourceGroupName -ClusterName $kubeClusterName
+        Assert-AreEqual 2 $pools.Count
+        Assert-True {$pools[0].EnableFIPS}
+        Assert-True {$pools[1].EnableFIPS}
+
+        $cluster | Remove-AzAksCluster -Force
+    }
+    finally {
+        Remove-AzResourceGroup -Name $resourceGroupName -Force
+    }
+}
+
+function Test-AutoScalerProfile {
+    # Setup
+    $resourceGroupName = Get-RandomResourceGroupName
+    $kubeClusterName = Get-RandomClusterName
+    $location = 'eastus'
+    $nodeVmSize = "Standard_D2_v2"
+
+    try {
+        New-AzResourceGroup -Name $resourceGroupName -Location $location
+
+        # create aks cluster with default nodepool
+        $aksParameters=@{
+	        ResourceGroupName = $resourceGroupName
+	        Name = $kubeClusterName
+	        NodeVmSize = $nodeVmSize
+	        NodeMinCount = 1
+	        NodeMaxCount = 3
+        }
+        $AutoScalerProfile=@{
+            ScanInterval="30s"
+            Expander="least-waste"
+            MaxTotalUnreadyPercentage="50"
+            NewPodScaleUpDelay="800s"
+        }
+        $AutoScalerProfile=[Microsoft.Azure.Management.ContainerService.Models.ManagedClusterPropertiesAutoScalerProfile]$AutoScalerProfile
+        New-AzAksCluster @aksParameters -EnableNodeAutoScaling -AutoScalerProfile $AutoScalerProfile
+        $cluster = Get-AzAksCluster -ResourceGroupName $resourceGroupName -Name $kubeClusterName
+        Assert-AreEqual "30s" $cluster.AutoScalerProfile.ScanInterval
+        Assert-AreEqual "least-waste" $cluster.AutoScalerProfile.Expander
+        Assert-AreEqual "50" $cluster.AutoScalerProfile.MaxTotalUnreadyPercentage
+        Assert-AreEqual "800s" $cluster.AutoScalerProfile.NewPodScaleUpDelay
+
+        # update aks cluster
+        $AutoScalerProfile2=@{
+            ScanInterval="40s"
+            Expander="most-pods"
+            MaxTotalUnreadyPercentage="45"
+            NewPodScaleUpDelay="600s"
+        }
+        $AutoScalerProfile2=[Microsoft.Azure.Management.ContainerService.Models.ManagedClusterPropertiesAutoScalerProfile]$AutoScalerProfile2
+        Set-AzAksCluster -ResourceGroupName $resourceGroupName -Name $kubeClusterName -AutoScalerProfile $AutoScalerProfile2
+        $cluster = Get-AzAksCluster -ResourceGroupName $resourceGroupName -Name $kubeClusterName
+        Assert-AreEqual "40s" $cluster.AutoScalerProfile.ScanInterval
+        Assert-AreEqual "most-pods" $cluster.AutoScalerProfile.Expander
+        Assert-AreEqual "45" $cluster.AutoScalerProfile.MaxTotalUnreadyPercentage
+        Assert-AreEqual "600s" $cluster.AutoScalerProfile.NewPodScaleUpDelay
+
+        $cluster | Remove-AzAksCluster -Force
+    }
+    finally {
+        Remove-AzResourceGroup -Name $resourceGroupName -Force
+    }
 }

src/Aks/Aks.Test/SessionRecords/Commands.Aks.Test.ScenarioTests.KubernetesTests/TestAutoScalerProfile.json

@@ -25,6 +25,8 @@
 * Added parameter `-NodeMaxSurge` for `New-AzAksCluster`, `-MaxSurge` for `New-AzAksNodePool` and `Update-AzAksNodePool`
 * Added parameter `-PPG` for `New-AzAksCluster` and `New-AzAksNodePool`
 * Added parameter `-SpotMaxPrice` for `New-AzAksNodePool`
+* Added parameter `-EnableFIPS` for `New-AzAksCluster` and `New-AzAksNodePool`
+* Added parameter `-AutoScalerProfile` for `New-AzAksCluster` and `Set-AzAksCluster`
 
 ## Version 5.1.0
 * Bumped API version to 2022-09-01

src/Aks/Aks.Test/SessionRecords/Commands.Aks.Test.ScenarioTests.KubernetesTests/TestEnableFIPS.json

@@ -140,7 +140,7 @@ public class NewAzureRmAks : CreateOrUpdateKubeBase
         [Parameter(Mandatory = false, HelpMessage = "Whether to enable host based OS and data drive")]
         public SwitchParameter EnableEncryptionAtHost { get; set; }
 
-        [Parameter(Mandatory = false, HelpMessage = "whether to enable UltraSSD")]
+        [Parameter(Mandatory = false, HelpMessage = "Whether to enable UltraSSD")]
         public SwitchParameter EnableUltraSSD { get; set; }
 
         [Parameter(Mandatory = false, HelpMessage = "The OS configuration of Linux agent nodes.")]
@@ -155,6 +155,12 @@ public class NewAzureRmAks : CreateOrUpdateKubeBase
         [Parameter(Mandatory = false, HelpMessage = "The ID for Proximity Placement Group.")]
         public string PPG { get; set; }
 
+        [Parameter(Mandatory = false, HelpMessage = "Whether to use a FIPS-enabled OS.")]
+        public SwitchParameter EnableFIPS { get; set; }
+
+        [Parameter(Mandatory = false, HelpMessage = "The parameters to be applied to the cluster-autoscaler.")]
+        public ManagedClusterPropertiesAutoScalerProfile AutoScalerProfile { get; set; }
+
         private AcsServicePrincipal acsServicePrincipal;
 
         public override void ExecuteCmdlet()
@@ -387,6 +393,10 @@ private ManagedCluster BuildNewCluster()
             //{
             //    managedCluster.EnablePodSecurityPolicy = EnablePodSecurityPolicy;
             //}
+            if (this.IsParameterBound(c => c.AutoScalerProfile))
+            {
+                managedCluster.AutoScalerProfile = AutoScalerProfile;
+            }
 
             return managedCluster;
         }
@@ -526,6 +536,10 @@ private ManagedClusterAgentPoolProfile GetAgentPoolProfile()
             {
                 defaultAgentPoolProfile.ProximityPlacementGroupID = PPG;
             }
+            if (EnableFIPS.IsPresent)
+            {
+                defaultAgentPoolProfile.EnableFIPS = EnableFIPS.ToBool();
+            }
 
             defaultAgentPoolProfile.Mode = NodePoolMode;
 

src/Aks/Aks/ChangeLog.md

@@ -119,6 +119,9 @@ public class NewAzureRmAksNodePool : NewOrUpdateAgentPoolBase
         [Parameter(Mandatory = false, HelpMessage = "The max price (in US Dollars) you are willing to pay for spot instances. Possible values are any decimal value greater than zero or -1 which indicates default price to be up-to on-demand.")]
         public double? SpotMaxPrice { get; set; }
 
+        [Parameter(Mandatory = false, HelpMessage = "Whether to use a FIPS-enabled OS")]
+        public SwitchParameter EnableFIPS { get; set; }
+
         public override void ExecuteCmdlet()
         {
             base.ExecuteCmdlet();
@@ -264,6 +267,10 @@ private AgentPool GetAgentPool()
             {
                 agentPool.SpotMaxPrice = SpotMaxPrice;
             }
+            if (EnableFIPS.IsPresent)
+            {
+                agentPool.EnableFIPS = EnableFIPS.ToBool();
+            }
 
             return agentPool;
         }

src/Aks/Aks/Commands/NewAzureRmAks.cs

@@ -74,6 +74,9 @@ public class SetAzureRmAks : CreateOrUpdateKubeBase
         [Alias("ResourceId")]
         public string Id { get; set; }
 
+        [Parameter(Mandatory = false, HelpMessage = "The parameters to be applied to the cluster-autoscaler.")]
+        public ManagedClusterPropertiesAutoScalerProfile AutoScalerProfile { get; set; }
+
         private ManagedCluster BuildNewCluster()
         {
             BeforeBuildNewCluster();
@@ -395,6 +398,10 @@ public override void ExecuteCmdlet()
                     {
                         cluster.FqdnSubdomain = FqdnSubdomain;
                     }
+                    if (this.IsParameterBound(c => c.AutoScalerProfile))
+                    {
+                        cluster.AutoScalerProfile = AutoScalerProfile;
+                    }
                     SetIdentity(cluster);
 
                     var kubeCluster = this.CreateOrUpdate(ResourceGroupName, Name, cluster);

src/Aks/Aks/Commands/NewAzureRmAksNodePool.cs

@@ -26,7 +26,8 @@ New-AzAksCluster [-NodeVmSetType <String>] [-NodeVnetSubnetID <String>] [-NodeMa
  [-LoadBalancerSku <String>] [-Force] [-GenerateSshKey] [-EnableNodePublicIp] [-NodePublicIPPrefixID <String>]
  [-AvailabilityZone <String[]>] [-NodeResourceGroup <String>] [-EnableEncryptionAtHost] [-EnableUltraSSD]
  [-NodeLinuxOSConfig <LinuxOSConfig>] [-NodeKubeletConfig <KubeletConfig>] [-NodeMaxSurge <String>]
- [-PPG <String>] [-ResourceGroupName] <String> [-Name] <String> [[-ServicePrincipalIdAndSecret] <PSCredential>]
+ [-PPG <String>] [-EnableFIPS] [-AutoScalerProfile <ManagedClusterPropertiesAutoScalerProfile>]
+ [-ResourceGroupName] <String> [-Name] <String> [[-ServicePrincipalIdAndSecret] <PSCredential>]
  [-Location <String>] [-LinuxProfileAdminUserName <String>] [-DnsNamePrefix <String>]
  [-KubernetesVersion <String>] [-NodeName <String>] [-NodeMinCount <Int32>] [-NodeMaxCount <Int32>]
  [-EnableNodeAutoScaling] [-NodeCount <Int32>] [-NodeOsDiskSize <Int32>] [-NodeVmSize <String>]
@@ -93,6 +94,19 @@ $kubeletConfig = [Microsoft.Azure.Management.ContainerService.Models.KubeletConf
 New-AzAksCluster -ResourceGroupName myResourceGroup -Name myAKSCluster -NodeLinuxOSConfig $linuxOsConfig -NodeKubeletConfig $kubeletConfig
 ```
 
+### Create an AKS cluster with AutoScalerProfile.
+When you create an AKS cluster, you can configure granular details of the cluster autoscaler by changing the default values in the cluster-wide autoscaler profile.
+
+```powershell
+$AutoScalerProfile=@{
+    ScanInterval="30s"
+    Expander="least-waste"
+}
+$AutoScalerProfile=[Microsoft.Azure.Management.ContainerService.Models.ManagedClusterPropertiesAutoScalerProfile]$AutoScalerProfile
+
+New-AzAksCluster -ResourceGroupName myResourceGroup -Name myAKSCluster -AutoScalerProfile $AutoScalerProfile
+```
+
 ## PARAMETERS
 
 ### -AcrNameToAttach
@@ -200,6 +214,21 @@ Accept pipeline input: False
 Accept wildcard characters: False
 ```
 
+### -AutoScalerProfile
+The parameters to be applied to the cluster-autoscaler.
+
+```yaml
+Type: Microsoft.Azure.Management.ContainerService.Models.ManagedClusterPropertiesAutoScalerProfile
+Parameter Sets: (All)
+Aliases:
+
+Required: False
+Position: Named
+Default value: None
+Accept pipeline input: False
+Accept wildcard characters: False
+```
+
 ### -AutoUpgradeChannel
 The upgrade channel for auto upgrade. For more information see https://docs.microsoft.com/azure/aks/upgrade-cluster#set-auto-upgrade-channel.
 
@@ -365,6 +394,21 @@ Accept pipeline input: False
 Accept wildcard characters: False
 ```
 
+### -EnableFIPS
+Whether to use a FIPS-enabled OS
+
+```yaml
+Type: System.Management.Automation.SwitchParameter
+Parameter Sets: (All)
+Aliases:
+
+Required: False
+Position: Named
+Default value: None
+Accept pipeline input: False
+Accept wildcard characters: False
+```
+
 ### -EnableManagedIdentity
 Using a managed identity to manage cluster resource group.
 

src/Aks/Aks/Commands/SetAzureRmAks.cs

@@ -19,7 +19,7 @@ New-AzAksNodePool -ResourceGroupName <String> -ClusterName <String> -Name <Strin
  [-OsSKU <String>] [-EnableNodePublicIp] [-NodePublicIPPrefixID <String>] [-ScaleSetPriority <String>]
  [-ScaleSetEvictionPolicy <String>] [-VmSetType <String>] [-AvailabilityZone <String[]>] [-Force]
  [-EnableEncryptionAtHost] [-EnableUltraSSD] [-LinuxOSConfig <LinuxOSConfig>] [-KubeletConfig <KubeletConfig>]
- [-MaxSurge <String>] [-PPG <String>] [-SpotMaxPrice <Double>] [-KubernetesVersion <String>]
+ [-MaxSurge <String>] [-PPG <String>] [-SpotMaxPrice <Double>] [-EnableFIPS] [-KubernetesVersion <String>]
  [-MinCount <Int32>] [-MaxCount <Int32>] [-EnableAutoScaling] [-Mode <String>] [-NodeLabel <Hashtable>]
  [-Tag <Hashtable>] [-NodeTaint <String[]>] [-AksCustomHeader <Hashtable>]
  [-DefaultProfile <IAzureContextContainer>] [-WhatIf] [-Confirm] [-SubscriptionId <String>]
@@ -33,7 +33,7 @@ New-AzAksNodePool -Name <String> -ClusterObject <PSKubernetesCluster> [-Count <I
  [-EnableNodePublicIp] [-NodePublicIPPrefixID <String>] [-ScaleSetPriority <String>]
  [-ScaleSetEvictionPolicy <String>] [-VmSetType <String>] [-AvailabilityZone <String[]>] [-Force]
  [-EnableEncryptionAtHost] [-EnableUltraSSD] [-LinuxOSConfig <LinuxOSConfig>] [-KubeletConfig <KubeletConfig>]
- [-MaxSurge <String>] [-PPG <String>] [-SpotMaxPrice <Double>] [-KubernetesVersion <String>]
+ [-MaxSurge <String>] [-PPG <String>] [-SpotMaxPrice <Double>] [-EnableFIPS] [-KubernetesVersion <String>]
  [-MinCount <Int32>] [-MaxCount <Int32>] [-EnableAutoScaling] [-Mode <String>] [-NodeLabel <Hashtable>]
  [-Tag <Hashtable>] [-NodeTaint <String[]>] [-AksCustomHeader <Hashtable>]
  [-DefaultProfile <IAzureContextContainer>] [-WhatIf] [-Confirm] [-SubscriptionId <String>]
@@ -207,6 +207,21 @@ Accept pipeline input: False
 Accept wildcard characters: False
 ```
 
+### -EnableFIPS
+Whether to use a FIPS-enabled OS
+
+```yaml
+Type: System.Management.Automation.SwitchParameter
+Parameter Sets: (All)
+Aliases:
+
+Required: False
+Position: Named
+Default value: None
+Accept pipeline input: False
+Accept wildcard characters: False
+```
+
 ### -EnableNodePublicIp
 Whether to enable public IP for nodes.