feat: AKS - Update to the newest API + parameters consolidation #6449
Conversation
- Updated resource definitions to use Microsoft.ContainerService/managedClusters@2025-09-01 API version. - Adjusted parameters for pod identity, security settings, and monitoring configurations to align with the new API. - Deprecated parameters that are no longer available in the updated API version. - Added new parameters for enhanced cluster configurations, including AI toolchain operator settings and bootstrap profile.
- Updated the resource group API version in the WAF-aligned test module. - Ensures compatibility with the latest Azure Resource Manager features. - Module path: avm/res/container-service/managed-cluster/tests/e2e/waf-aligned
microsoft-github-policy-service
bot
added
Needs: Triage 🔍
krbar
had a problem deploying
to
avm-validation
GitHub Actions
Failure
krbar
had a problem deploying
to
avm-validation
GitHub Actions
Failure
krbar
had a problem deploying
to
avm-validation
GitHub Actions
Failure
krbar
had a problem deploying
to
avm-validation
GitHub Actions
Failure
krbar
had a problem deploying
to
avm-validation
GitHub Actions
Failure
krbar
had a problem deploying
to
avm-validation
GitHub Actions
Failure
krbar
had a problem deploying
to
avm-validation
GitHub Actions
Failure
…into users/krbar/aksApiUpdate
- Removed individual security parameters (enableSecureBoot, enableVTPM, sshAccess) from agent pool and managed cluster definitions. - Introduced a consolidated securityProfile parameter for better management of security settings. - Updated references in the resource definitions to utilize the new securityProfile structure.
…into users/krbar/aksApiUpdate
- Refactored parameters in the managed cluster Bicep file to use resourceInput types for better compatibility with the 2025-09-01 API version. - Removed deprecated parameters and replaced them with updated structures, including changes to the aadProfile, autoScalerProfile, and securityProfile. - Updated test files to reflect changes in parameter names and structures, ensuring alignment with the new Bicep definitions. - Enhanced test cases for various configurations, including private clusters and workload auto-scaling features.
avm-organizer
bot
added
the
Needs: Module Owner 📣
|
Open point: link the issues before merging. |
| param gpuProfile resourceInput<'Microsoft.ContainerService/managedClusters/agentPools@2025-09-01'>.properties.gpuProfile? | ||
|
|
||
| @description('Optional. This is of the form /subscriptions/{subscriptionId}/resourcegroups/{resourcegroupname}/providers/microsoft.compute/hostgroups/{hostgroupname}. For more information see [Azure Dedicated Hosts](https://learn.microsoft.com/azure/virtual-machines/dedicated-hosts).') | ||
| param hostGroupId string? |
There was a problem hiding this comment.
| param hostGroupId string? | |
| param hostGroupResourceId string? |
| } | ||
| } | ||
| ] | ||
| networkPlugin: 'azure' |
There was a problem hiding this comment.
I think the 'kubenet' test was kinda the max test (which tests the networkPlugin 'kubenet'), while the 'waf-aligned' test valides the 'azure' mode (and naturally being a lot smaller).
There was a problem hiding this comment.
Not saying we can't have another test - but there may have been a reason for moving away from the original 2 tests in CARML ref. Costs may come to mind, but if there's a good reason for having both modes validated in depth I won't object :)
There was a problem hiding this comment.
Because there are a lot of new properties, I didn’t want to use the test case for (legacy) ‘kubenet’, which contains only a fraction of the properties in ‘max’. I hope this is fine.
| 'stable' | ||
| ]) | ||
| @description('Optional. Auto-upgrade channel on the AKS cluster.') | ||
| param autoUpgradeProfileUpgradeChannel string = 'stable' |
There was a problem hiding this comment.
Hey @krbar,
I noteiced you removed a large set of parameters - presumably for maintainability.
One uestion though - these parameters had, for the most part, default values that may or may not match the resource provider's defaults. If they don't match them, we may be removing carefully chosen defaults. Did you vet all these values?
There was a problem hiding this comment.
@AlexanderSehr Thank you for your review and for raising this point. I went through all the parameters that were removed and compared their default values with those provided by the resource provider. I didn’t find any evidence of intentional differences or custom defaults that would be lost as a result of this update. While I can’t guarantee I didn’t overlook something, in general, the defaults should now align with the provider’s settings.
The initial large number of parameters likely originated from before resourceInput was available.
| gatewayProfile: agentPool.?gatewayProfile | ||
| gpuInstanceProfile: agentPool.?gpuInstanceProfile | ||
| gpuProfile: agentPool.?gpuProfile | ||
| hostGroupId: agentPool.?hostGroupId |
There was a problem hiding this comment.
Must be updated as per the comment in the child module
- Renamed 'hostGroupId' to 'hostGroupResourceId' in agent pool and managed cluster modules for consistency. - Updated references in both main and agent pool Bicep files to reflect the new parameter name.
…into users/krbar/aksApiUpdate
Co-authored-by: Alexander Sehr <ASehr@hotmail.de>
…icep-registry-modules into users/krbar/aksApiUpdate
…into users/krbar/aksApiUpdate
Description
Resolves #1923
Resolves #2412
Resolves #5815
Resolves #6010
Resolves #6179
Resolves #6331
Resolves #6334
Resolves #4470
Pipeline Reference
Type of Change
version.json:version.json.version.json.Checklist
Set-AVMModulelocally to generate the supporting module files.